ITRC Article Database

Identity Theft Resource Center Report Date: 12/31/2007 Page 1 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details. Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071231-02 Minnesota Department of MN 12/6/2007Electronic Government/Military Yes - 219 Commerce (Password) **ITRC does not consider a password adequate protection for breached data. A laptop with the names, SSNs and state license numbers for 257 applicents/licensees in the licensing system was stolen. The laptop was used to support and test the real estate, abstractors, appraisers and debt collection licensing system and data base used by several states including Minnesota. At the time of the theft, Promissor believes a limited amount of applicant/licensee information was stored on the hard drive of the computer, which was password protected, but not encrypted.

Attribution 1 Publication: Pioneer PressAuthor: Bill Salisbury Date Published: 12/28/2007 Article Title: Stolen Laptop had Minnesotans' personal info, state agency says Article URL: http://www.twincities.com/allheadlines/ci_7830298?nclick_check=1

Attribution 2 Publication: press releaseAuthor: Minnesota Departmen Date Published: 12/28/2007 Article Title: Laptop Stolen From Department of Commerce Vendor Contains Personal Information for 219 Minnesota Licensed Professi Article URL: http://www.state.mn.us/portal/mn/jsp/content.do?id=-536882793&subchannel=null&sc2=null&sc3=null&contentid=5

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071231-01 US Air Force US 11/19/2007Electronic Government/Military Yes - 10,501 Published #

On November 18, a laptop belonging to an Air Force band member at Bolling Air Force Base in DC turned up missing. The information included SSNs, birth dates, and telephone numbers of active and retired Air Force members. The Air Force tells WSFA 12 News it was intended to be used for an Air Force Band Historical Documentation.

Attribution 1 Publication: WSFA 12 TVAuthor: staff Date Published: 12/28/2007 Article Title: WSFA 12 News Update on Missing Air Force Computer Article URL: http://www.wsfa.com/Global/story.asp?S=7554385&nav=menu33_3

Attribution 2 Publication: WSFA TVAuthor: Sally Pitts Date Published: 12/28/2007 Article Title: Montgomery Man's Personal Information on Missing Military Computer Article URL: www.wsfa.com/Global/story.asp?S=7550098&nav=0RdE

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071228-01 Davidson County Election TN 12/24/2007Electronic Government/Military Yes - 337,000 Commission Published #

Computers weres stolen by thieves that broke into the Metro Election Commioner's office. While information on voters was taken there is no risk of harm since only the last 4 numbers of the SSN were on the file. UPDATE: 12/29: Further investigation has discovered that the FULL SSN was in the database.

Attribution 1 Publication: TenneseanAuthor: Jennifer Brooks Date Published: 12/29/2007 Article Title: Computer heist puts voter IDs in danger Article URL: http://tennessean.com/apps/pbcs.dll/article?AID=/20071229/NEWS0202/712290372/1009/NEWS

Attribution 2 Publication: WSMV NewsAuthor: Chris Tatum Date Published: 12/27/2007 Article Title: Laptops Containing Voter Information Stolen Article URL: http://www.wsmv.com/news/14934234/detail.html Identity Theft Resource Center Report Date: 12/31/2007 Page 2 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Per a press release, 80,000 MoneyGram customers have been notified that a hacker may have stolen their names, loan account#, bank routing numbers and bank account numbers. According to one expert, it involved customers who made payments to a single biller.

Attribution 1 Publication: Bloomberg NewsAuthor: Yalman Onaran and E Date Published: 1/13/2007 Article Title: Breach affects 79,000 MoneyGram accounts Article URL: http://seclists.org/isn/2007/Jan/0071.html

Attribution 2 Publication: breach listAuthor: WI Office of Privacy P Date Published: 1/12/2007 Article Title: MoneyGram breach Article URL: http://privacy.wi.gov/databreaches/2007/jan07.jsp

Attribution 3 Publication: ReutersAuthor: staff Date Published: 1/12/2007 Article Title: MoneyGram security breach affects 79,000 customers Article URL: http://www.reuters.com/article/companyNewsAndPR/idUSWEN214220070112

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071224-03 Bellin Health Family Medical WI 3/15/2007Paper Data Medical/Healthcare Yes - 650 Center Published #

According to a listing in the WI Office of Privacy Protection, the Bellin Health Family Medical Center in Green Bay WI had patient names, SSNs, dates of birth and limited medical information stolen after a federal law enforcement action at a local home found documents from the Center.

Attribution 1 Publication: breach listAuthor: WI Office of Privacy P Date Published: 5/3/2007 Article Title: Bellin Health Family Medical Center breach Article URL: http://privacy.wi.gov/databreaches/2007/may07.jsp

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071224-02 WI Assoc. of Lakes, Inc WI 6/1/2007Electronic Business Yes - 180 Published #

The names, dates of birth, and credit card numbers may be affected due to the hacking of the WI Assoc. of Lakes online store. The online store was deactivated on June 12 and all individuals contacted.

Attribution 1 Publication: breach listAuthor: WI Office of Privacy P Date Published: 6/15/2007 Article Title: Wisconsin Association of Lakes breach Article URL: http://privacy.wi.gov/databreaches/2007/june07.jsp Identity Theft Resource Center Report Date: 12/31/2007 Page 3 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Despite a policy to shred, documents containing 4 people's SSNs and bank account numbers were found in a trash bin outside of the Ventura County Superior Court in November.

Attribution 1 Publication: Ventura County StarAuthor: Tony Biasotti Date Published: 12/22/2007 Article Title: Social Security numbers, bank data vulnerable Article URL: http://www.venturacountystar.com/news/2007/dec/22/sensitive-papers-unguarded-near-superior-court/

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071221-12 UnitedHealthcare MO Electronic Business Yes - 17,000 Published #

A former UnitedHealthcare employee is amont the suspected particpants in stealing at least 127 member's information and as many as 17,000. The information includes names, dates of birth and SSNs. UnitedHealthcare is working with a Federal Task Force on this case. The suspect worked for the company for 2 1/2 years.

Attribution 1 Publication: UnitedHealthcare notice to NH AGAuthor: Douglas Niska Date Published: 6/25/2007 Article Title: UnitedHealthcare breach Article URL: http://doj.nh.gov/consumer/pdf/united_health.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071221-11 Textron RI Electronic Business Yes - 0 (Password) **ITRC does not consider a password adequate protection for breached data. In June Textron had a laptop stolen that included current and former employee names, SSNs and account numbers. 475 NH residents were affected.

Attribution 1 Publication: Textron notice to NH AGAuthor: Susan Hamlyn Date Published: 7/31/2007 Article Title: Textron breach Article URL: http://doj.nh.gov/consumer/pdf/textron.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071221-10 Sungard Higher Education PA 2/12/2007Electronic Business Yes - 0 Unknown #

A thief stole a laptop from a parked SunGard employee's vehicle. Names, SSNs, bank transfer ABA numbers and account number and/or credit card information may have been on the laptop.

Attribution 1 Publication: notice to NH AGAuthor: Randi Serota Date Published: 3/19/2007 Article Title: SunGard Higher Education breach Article URL: http://doj.nh.gov/consumer/pdf/sungard.pdf Identity Theft Resource Center Report Date: 12/31/2007 Page 4 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details. Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071221-09 Student Loan Corporation CT 8/1/2007Electronic Banking/Credit/Financial Yes - 519 Published #

A portable computer was stolen from an office of a third party vendor. It may have contained names, SSNs and email addresses.

Attribution 1 Publication: Student Loan CorpAuthor: James Nelson, Busin Date Published: 8/9/2007 Article Title: Student Loan Corporation breach Article URL: http://doj.nh.gov/consumer/pdf/student_loan2.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071221-08 Public Storage, Glendale CA 12/11/2006Electronic Business Yes - 0 Unknown #

Public Storage in Glendale, CA notified the NH AG that someone gained access to electronic company personnel files at their corporate offices. These included files for all active employees including SSNs, dates of birth and payrolll information. The files may also contain information about dependants.

Attribution 1 Publication: Public StorageAuthor: Ammar Karouf, VP Date Published: 1/29/2007 Article Title: Public Storage Corp Offices breach Article URL: http://doj.nh.gov/consumer/pdf/public_storage.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071221-07 Professional Education IL Electronic Business Yes - 0 Institute-Millionaire Elite Unknown #

A data encryption lapse on the Millionaire Elite website caused the SSNs and dates of birth of a small number of individuals to be exposed.

Attribution 1 Publication: notice from PEI to NH AGAuthor: Susie Canchola Date Published: 2/15/2007 Article Title: Millionaire Elite website breach, Professional Education Institute Article URL: http://doj.nh.gov/consumer/pdf/PEI.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071221-06 mytreo.net; Palm Inc CA 5/2/2007Electronic Business Yes - 679 Published #

mytreo.net, a division of Palm Inc. notified the NH AG's office of a breach that was discovered on May 2, 2007. The compromised information includes names, addresses, phone numbers, SSNs and in certain instances encrypted credit card numbers.

Attribution 1 Publication: mytreo.netAuthor: Tadd Rosenfeld Date Published: 5/29/2007 Article Title: mytreo.net, Palm Inc breach notice Article URL: http://doj.nh.gov/consumer/pdf/mytreo.pdf Identity Theft Resource Center Report Date: 12/31/2007 Page 5 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Merchant America had an unauthorized computer intrusion into one of the databases which included names, bank accounts numbers and/or driver's license numbers of customers who engaged in one or more the merchants to whom Merchant America provides payment processing services. At least 482 NH residents were affected.

Attribution 1 Publication: Merchant America notice to NH AGAuthor: Kris Winckler Date Published: 3/20/2007 Article Title: Merchant America breach Article URL: http://doj.nh.gov/consumer/pdf/merchant.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071221-04 Intergraph Corp. AL 7/1/2007Electronic Business None - 0 Encrypted Data Intergraph discovered that a server containing the name and credit or debit card number, expiration dates, shipping address an credit card addresses was accessed without authority. The company encrypts all credit card numbers including those on the server that was unlawfully viewed.

Attribution 1 Publication: Intergraph Corp notice to NH AGAuthor: Wendy Ormstedt Date Published: 7/16/2007 Article Title: Intergraph breach Article URL: http://doj.nh.gov/consumer/pdf/intergraph.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071221-03 Embassy Hotels La Quinta CA 3/22/2007Electronic Business Yes - 0 Unknown #

A group of individuals engaged in a credit card fraud in Southern California that affected customer credit cards. The breach would have affected those who stayed at the La Quinta Hotel & Spa between March 22-May 28, 2007. Authorities do not know how the breach occurred.

Attribution 1 Publication: SR VP Hilton HotelsAuthor: Tim Glassett Date Published: 9/27/2007 Article Title: Embassy Hotels La Quinta Southern California breach Article URL: http://doj.nh.gov/consumer/pdf/hilton.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071221-02 Franklin County Court OH Electronic Government/Military Yes - 270 Published #

At least six central Ohioans are now under investigation by the U.S. Secret Service for hacking into a government Web site and stealing Social Security numbers to create false credit accounts. Worthington detectives turned over evidence to federal authorities after a state crime lab determined that more than 270 people nationwide might have been victimized by a security lapse in the Franklin County Municipal Court Web site. Victims are located in Ohio, SC, KY, TX and WY. "Police found that someone was randomly feeding Social Security numbers into Clerk Lori Tyack's site, which contained personal information for thousands of people charged with misdemeanors, some guilty of only a speeding ticket. Once a number was hit on, the name, address, age and other information could be used to obtain credit cards and open bank accounts." Identity Theft Resource Center Report Date: 12/31/2007 Page 6 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Columbus DispatchAuthor: Bruce Cadwallader Date Published: 12/21/2007 Article Title: 6 suspected in ID theft via court Web site Article URL: http://dispatch.com/live/content/local_news/stories/2007/12/21/clerkit.ART_ART_12-21-07_B1_OO8RDCG.html?sid=

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071221-01 Greenville County School SC Electronic Educational Yes - 500 District Published #

Hundreds of current and former Greenville County School District employees had personal information stolen from computers accessing state insurance information, prompting an investigation by federal Homeland Security officials. The district notified employees last week that the computers had been compromised by malware and that employees' personal information was taken, including their names, home phone numbers and Social Security numbers. According to a release, the school district says it was informed about the security breach by state information security officials, who learned of it from the Department of Homeland Security, which monitors government computers for suspicious activity

Attribution 1 Publication: WYFFAuthor: staff Date Published: 12/21/2007 Article Title: Employee data theft precise, sophisicated Article URL: http://www.wyff4.com/news/14908709/detail.html

Attribution 2 Publication: WYFF 4 NewsAuthor: staff Date Published: 12/20/2007 Article Title: School Employees' Personal Data Stolen Article URL: http://www.wyff4.com/news/14900680/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071220-12 Mercury Interactive-Hewlett US 7/25/2007Electronic Business Yes - 1,425 Packard (Password) **ITRC does not consider a password adequate protection for breached data. Hewlett Packard, which had information about the former Mercury Interactive employees, had a laptop lost during a business trip. The information included names and SSNs and dates of birth.

Attribution 1 Publication: notice to NH AGAuthor: Kathryn Young Date Published: 8/17/2007 Article Title: Hewlett Packard-Mercury Interactive breach Article URL: http://doj.nh.gov/consumer/pdf/hp.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071220-11 Henry Schein Financial NY 2/23/2007Electronic Banking/Credit/Financial Yes - 340 Services (Password) **ITRC does not consider a password adequate protection for breached data. A laptop was stolen from a hotel room during a trade show in Chicago. The names and SSN of approximately 340 customers were on the computer. A password is required to log into Windows but it was not encrypted.

Attribution 1 Publication: Henry Schein notice to NH AGAuthor: Michael Ettinger Date Published: 3/16/2007 Article Title: Henry Schein Financial Services Article URL: http://doj.nh.gov/consumer/pdf/henry.pdf Identity Theft Resource Center Report Date: 12/31/2007 Page 7 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

A password protected laptop owned laptop with a payroll Excel file containing names and SSNs of employees was stolen when an employee had her vehicle broken into.

Attribution 1 Publication: GfK NOP notice to NJ AGAuthor: Josh Spector Date Published: 6/20/2007 Article Title: GfK Custom Research breach Article URL: http://doj.nh.gov/consumer/pdf/GFK.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071220-09 Fresenius Medical Care MA 12/13/2006Electronic Medical/Healthcare Yes - 0 Unknown #

Fresenius Medical Care, also known as FMCNA had a laptop stolen from a car on Dec 13, 2006. Among the information stolen was the Insurance Account number which was frequently the same as, or contained, the patient's SSN. It may also be the insured SSNs if used by a dependent.

Attribution 1 Publication: Fresenius notice to NH AGAuthor: Rick King Date Published: 2/18/2007 Article Title: Fresenius breach Article URL: http://doj.nh.gov/consumer/pdf/fresenius.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071220-08 Electronic Data Systems- EDS CA 1/19/2007Electronic Business Yes - 30 Published #

Electronic Data Systems Corp who processes workers comp for the Fireman's Fund had a laptop stolen from an employee's locked car on Jan. 19, 2007. The information included names and SSNs.

Attribution 1 Publication: EDS notice to NH AGAuthor: Chris Carlson Date Published: 3/15/2007 Article Title: EDS breach Article URL: http://doj.nh.gov/consumer/pdf/eds.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071220-07 Carus Publishing US 4/1/2007Electronic Business Yes - 0 Unknown #

Carus Publishing, who are also Cricket Magazines, Cobblestone Publishing and Cricket Books had a hacker steal name and credit card numbers between early April and early May 2007

Attribution 1 Publication: notice to NH AGAuthor: Sugar, Friedberg and Date Published: 5/8/2007 Article Title: Carus Publishing breach Article URL: http://doj.nh.gov/consumer/pdf/carus.pdf Identity Theft Resource Center Report Date: 12/31/2007 Page 8 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

In a letter to the NH AG Biolase reported that an outside accountant firm had a breach, BDO Seidman around May 4-14. Names and SSNs were on the computer. They will be sending a letter to affected individuals nationwide.

Attribution 1 Publication: Biolase TechnologyAuthor: Jodie Saunderson Date Published: 6/19/2007 Article Title: Breach of information Article URL: http://doj.nh.gov/consumer/pdf/biolase.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071220-05 AW Direct CT 8/1/2007Electronic Business Yes - 0 Unknown #

AW Direct reported there may have been unauthorized access to the website that included customer orders and credit card numbers and names.

Attribution 1 Publication: notice to NH AGAuthor: Greg Harper Date Published: 8/31/2007 Article Title: Unauthorized access to website Article URL: http://doj.nh.gov/consumer/pdf/AW_Direct.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071220-04 Advent Software Maintenance CA 11/20/2006Electronic Business Yes - 21 (Password) **ITRC does not consider a password adequate protection for breached data. A laptop with boot level password protection was stolen from the Advent headquarters. It contains a file with names, SSNs of certain current and former employees. The number is unknown other than it did affect 21 individuals in New Hampshire. Source: NH DOJ notification

Attribution 1 Publication: notification to NH DOJ and AGAuthor: letter to NH DOJ by Ri Date Published: 1/10/2007 Article Title: Theft of Laptop Article URL: http://doj.nh.gov/consumer/pdf/advent.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071220-03 ADC Telecommunications MN 2/22/2007Electronic Business Yes - 2,600 (Password) **ITRC does not consider a password adequate protection for breached data. ADC Telecommunications notified the New Hampshire DOJ about a theft of an unencrypted computer that contained SSNs, bank account numbers and other private information. Law enforcement in St Louis Park, MN is investigating.

Attribution 1 Publication: ADC Telecommunications notice to NH Author: Jeff Pflaum Date Published: 2/23/2007 Article Title: breach of ADC Telecommunications Article URL: http://doj.nh.gov/consumer/pdf/ADC.pdf Identity Theft Resource Center Report Date: 12/31/2007 Page 9 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 2 Publication: Author: Date Published: Article Title: Article URL:

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071220-02 CT Department of Motor CT 12/14/2007Electronic Government/Military None - 155 Vehicles Other Protection The Connecticut Department of Motor Vehicles is notifying 155 customers that their personal information may have been on a computer stolen from a mobile service center vehicle while it was being repaired. Authorities say the personal data on the computer included name, address, date of birth, license number, photo and signature. Credit card information was encrypted so that it cannot be used and social security numbers were not part of this file. It is unlikely that the data could be accessed due to a number of security features, including a software program that triggers a deletion of the data when the computer is turned on. "We do not see any reason for alarm because of the built-in deletion programs that activate when the computer is turned on, but we want to notify people as a precaution since we do not have these computers in our possession," DMV commissioner Robert Ward said. Details are available at CT.gov/dmv/dataguard.

Attribution 1 Publication: CourantAuthor: Christopher Keating Date Published: 12/21/2007 Article Title: Computers With DMV Info Stolen Article URL: http://www.courant.com/news/local/hc-ctdmvcomputers1221.artdec21,0,4556793.story

Attribution 2 Publication: WABC Eyewitness NewsAuthor: staff Date Published: 12:20:00 PM Article Title: Connecticut DMV warns of identity theft Article URL: http://abclocal.go.com/wabc/story?section=news/local&id=5846995

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071220-01 Dormitory Authority of the NY 12/18/2007Electronic Educational Yes - 800 State of New York Published #

Data tapes containing Social Security numbers, phone numbers and addresses for up to 800 current and former employees of the state Dormitory Authority, many of whom live in the Capital Region, are missing. A package of backups was sent to the NY City office every evening. On Wednesday, they announced that one envelope was damaged and the 5 tapes were not inside. The tapes contain records for people hired before Jan. 1, 2006. Those hired after that date are tracked on a different system. Officials stressed they are in cassette like containers that require special equipment and software in order to be read. UPDATE: 5 tapes have been found and appear to be free of tampering.

Attribution 1 Publication: Newsday.comAuthor: AP Date Published: 12/27/2007 Article Title: Missing NY state employee data tapes found Article URL: http://www.newsday.com/news/local/wire/newyork/ny-bc-ny--personalinformati1227dec27,0,2523910.story

Attribution 2 Publication: Capital Bureau- Times UnionAuthor: Rick Karlin Date Published: 12/20/2007 Article Title: Dormitory Authority hunts missing ID tapes Article URL: http://timesunion.com/AspStories/story.asp?storyID=648817&category=FRONTPG&BCCode=HOME&newsdate=12/2

Attribution 3 Publication: WNYTAuthor: staff Date Published: 12/20/2007 Article Title: Dormitory Authority loses worker data Article URL: http://wnyt.com/article/stories/S291123.shtml?cat=300 Identity Theft Resource Center Report Date: 12/31/2007 Page 10 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

S&K Famous Brands has informed the New Hampshire DOJ of a security breach on October 24, 2007 involving its web site, www.skmenswear.com. The breach, in the form of a phishing scam, put customers' names, addresses, and credit card numbers and expiration dates at risk. The total number of customers affected was not indicated.

Attribution 1 Publication: Letter to New Hampshire DOJ from S&KAuthor: from pogowasright Date Published: 12/10/2007 Article Title: S & K Famous Brand website security breach Article URL: http://doj.nh.gov/consumer/pdf/sk_men.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071219-01 PA Department of Aging PA 12/5/2007Electronic Government/Military Yes - 21,000 (Password) **ITRC does not consider a password adequate protection for breached data. A state Department of Aging-owned laptop computer containing personal information on nearly 21,000 senior citizens was stolen from a Johnstown home during a Dec. 5 break-in. There have been no reports of misuse of the information, which included names, addresses, Social Security numbers, some medical information and the services clients received. This is the third incident in four months where state-owned computers containing personal information of Pennsylvanians have been stolen. The other two thefts involved computers that contained information on more than 375,000 welfare clients.

Attribution 1 Publication: Patriot NewsAuthor: Jan Murphy Date Published: 12/19/2007 Article Title: Stolen laptop holds data on seniors Article URL: http://www.pennlive.com/news/patriotnews/index.ssf?/base/news/1198033089169550.xml&coll=1

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071218-03 Randall Mortgage Services OH 8/27/2007Paper Data Banking/Credit/Financial Yes - 0 Unknown #

Randall Mortgage Services left behind personal information that could be used for identity theft. at information included consumers' loan account information, wages, credit reports, bank account information and Social Security numbers. The state sent a letter in October informing Shepherd to protect the records but said it has received no response. Shepherd couldn't be reached for comment. The state is now suing the defunct brokerage firm.

Attribution 1 Publication: Business First of ColumbusAuthor: staff Date Published: 12/17/2007 Article Title: State suing mortgage lender for abandoning consumers' info Article URL: http://columbus.bizjournals.com/columbus/stories/2007/12/17/daily5.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071218-02 Menomonie County WI 11/19/2007Electronic Business Yes - 20 Published #

On Nov. 19, the Menomonie Police Department received the first of multiple reports of fraudulent charges on residents’ debit cards. According to the reports, the fraudulent charges are happening in Florida — and the victims’ debit cards are being swiped even though they have their card in their possession. This means that a copy of their card is being made and used, mostly at Florida gas stations. The financial institutions affected are Wisconsin Credit Union, Bremer Bank, Wells Fargo and Stout Higher One card. Although there is more than one city in Florida where the charges have occurred, many of them came from Hialeah, Jacksonville and Miami. Identity Theft Resource Center Report Date: 12/31/2007 Page 11 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Author: Nicole Byrnes Date Published: 12/17/2007 Article Title: Debit card fraud hits Menomonie residents Article URL: http://www.dunnconnect.com/articles/2007/12/17/news/news02.txt

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071218-01 West Penn Allegheny Health PA 11/24/2007Electronic Medical/Healthcare Yes - 42,000 System Published #

The names, SSNs and patient care information of 42,000 patients were on a laptop stolen from a nurse's home. The hospital said the data is password protected and encrypted when the computer is shut off or when the battery runs out but is not sure if the computer was turned on and logged in when stolen. The database goes back to the year 2000.

Attribution 1 Publication: Target 11Author: Karen Welles Date Published: 12/17/2007 Article Title: Nurse's Stolen Laptop May Put Thousands Of Local Patients At Risk Article URL: http://www.wpxi.com/news/14875284/detail.html

Attribution 2 Publication: Pttsburgh Tribune ReviewAuthor: Allison Heinrichs Date Published: 12/16/2007 Article Title: Laptop theft puts 42,000 patients' IDs at risk Article URL: http://www.pittsburghlive.com/x/pittsburghtrib/news/cityregion/s_543235.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071217-01 Deloitte & Touche-IKON NY 11/24/2007Electronic Business Yes - 0 (Password) **ITRC does not consider a password adequate protection for breached data. A laptop containing the personal information of an undisclosed number of Deloitte & Touche partners, principals and other employees was stolen while in possession of a contractor responsible for scanning the accounting firm's pension fund documents, SCMagazineUS.com learned today. The computer contained confidential data, including names, Social Security numbers, birth dates, and other personnel information, such as hire and termination dates, according to a Dec. 6 letter Deloitte sent to victims. The laptop was password protected but not encrypted. Some of the information belonged to people working at Deloitte subsidiaries.

Attribution 1 Publication: further info from NH DOJAuthor: pogowas right Date Published: 12/19/2007 Article Title: Contractor in Deloitte & Touche Breach identified Article URL: http://doj.nh.gov/consumer/pdf/deloitte_touche.pdf

Attribution 2 Publication: SC MagazineAuthor: Dan Kaplan Date Published: 12/14/2007 Article Title: Deloitte partner, principal confidential information on stolen laptop Article URL: http://www.scmagazineus.com/Deloitte-partner-principal-confidential-information-on-stolen-laptop/article/99945/

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071212-01 Gulf Coast Medical Center FL 2/28/2007Electronic Medical/Healthcare Yes - 8,086 (Password) **ITRC does not consider a password adequate protection for breached data. Gulf Coast Medical Center announced that the personal info of about 1900 patients was stolen in November and 8,086 in February, in two separate incidents totaling nearly 10,000 patients. The information was in a computer that went missing in November was stolen from a car in Texas. The more recent theft was in Tallahassee. The computers were password protected and came equipped with a lock to secure the laptop.

Attribution 1 Publication: Pensacola News JournalAuthor: staff Date Published: 3/1/2007 Article Title: Stolen laptops had patient info Article URL: http://www.pensacolanewsjournal.com/apps/pbcs.dll/article?AID=/20070301/NEWS01/70301014 Identity Theft Resource Center Report Date: 12/31/2007 Page 12 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071211-05 Iowa Department of Natural IA 11/21/2007Electronic Government/Military Yes - 7,000 Resources Published #

A contractor working for the DNR revealed on December 5th that a computer jump drive containing the names and social security numbers for 7000 people is missing. The DNR says the drive actually disappeared on November 21st

Attribution 1 Publication: KCRG NewsAuthor: Mike Wagner Date Published: 12/11/2007 Article Title: DNR Tells 7000: Social Security Numbers Lost Article URL: http://www.kcrg.com/news/local/12370426.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071211-04 Philadelphia Office of Mental PA 8/22/2007Electronic Medical/Healthcare Yes - 1,819 Health Published #

A theft of two computers at the department's Office of Mental Health and Substance Abuse Services in Susquehanna TWP may have compromised the medical histories of 375,000 patients and the names and SSNs of 1819 people.

Attribution 1 Publication: Patriot NewsAuthor: Jan Murphy Date Published: 12/8/2007 Article Title: Welfare agency loses data to thieves Article URL: http://www.pennlive.com/news/patriotnews/index.ssf?/base/news/1197086114193990.xml&coll=1

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071211-03 Philadelphia Department of PA 11/13/2007Electronic Government/Military Yes - 14 Public Welfare (Password) **ITRC does not consider a password adequate protection for breached data. For the second time in three months, a computer containing welfare records was stolen from a state Department of Public Welfare office. The latest theft occurred during a Nov. 13 burglary at a county assistance office in Philadelphia. The stolen computer contains information about 86 welfare clients, all from Philadelphia, department spokeswoman Anne Bale said. As of Friday, she said, there had been no indication of misuse of the password-protected information that included the names and Social Security numbers of 14 clients and the names and addresses of 72 clients, Bale said.

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071211-02 Cameron County TX 8/1/2006Electronic Government/Military Yes - 0 Unknown #

A letter sent to Cameron County employees states their personal information was released through an e-mail. According to the letter, an employee released an e-mail with a list of all county officials and employees employed in August 2006. It reportedly contained names, social security numbers, and salaries. The ex-county auditor may be charged. The email was found on his computer during an ongoing investigation in June Identity Theft Resource Center Report Date: 12/31/2007 Page 13 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Channel 5 KRGVAuthor: staff Date Published: 12/10/2007 Article Title: Employee Accused of Emailing County Workers' Personal Information Article URL: http://www.newschannel5.tv/2007/12/10/983648/

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071211-01 Sutter Lakeside Hospital-SLH CA 12/10/2007Electronic Medical/Healthcare Yes - 45,000 (Password) **ITRC does not consider a password adequate protection for breached data. Sutter Lakeside Hospital reported that a laptop containing about 45,000 patient names, medical records and SSNs was stolen from the residence of a contractor. The information dating from 23005 and earlier was to be transferred from a secure system to another but the contractor violated police by downloading it to a laptop. For a small number of patients it also included billing information. The laptop was password protected but it is not known if the file was.

Attribution 1 Publication: Lake County Record BeeAuthor: Elizabeth Wilson Date Published: 12/10/2007 Article Title: Stolen laptop holds private information Article URL: http://www.record-bee.com/local/ci_7687954

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071210-02 Tricare Europe US 11/7/2007Electronic Government/Military Yes - 4,700 Published #

About 4700 households who submitted claims through the Tricare Europe office since 2004 are being notified that their name and SSN may be at risk. For one or more members of each household, it included their name, date of birth, and a medical diagnosis code associated with a health benefits claim submitted to Tricare Management Activity. Most of the affected individuals now have permanent residences in the US. EDS officials’ letter to beneficiaries states that the data breach was discovered during a security review of a computer system that EDS maintained for the Tricare Management Activity. The information that was potentially compromised existed between 2004 and 2007, EDS officials said.

Attribution 1 Publication: Air Force TimesAuthor: Karen Jowers Date Published: 12/10/2007 Article Title: Tricare data breach affects 4,700 families Article URL: http://www.airforcetimes.com/news/2007/12/military_tricarebreach_071207w/

Attribution 2 Publication: Black AnthemAuthor: Tricare Date Published: 12/8/2007 Article Title: TRICARE Responds Quickly to Possible Risk to Beneficiary Data Article URL: http://www.blackanthem.com/News/Veteran_Affairs_27/TRICARE-Responds-Quickly-to-Possible-Risk-to-Beneficiary

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071210-01 Roman's Café- Baton Rouge LA 10/1/2007Electronic Business Yes - 0 Unknown #

Skimming has been a problem in Baton Rouge in recent years including at hotels. The Secret Service are now investigating a case involving Roman's Café after hundreds of customers had their credit card data stolen.

Attribution 1 Publication: Business ReportAuthor: Steve Clark Date Published: 12/3/2007 Article Title: They’re out to get you Article URL: http://www.businessreport.com/news/2007/dec/03/theyre-out-get-you-tchn1/?finance Identity Theft Resource Center Report Date: 12/31/2007 Page 14 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details. Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071207-02 Colorado Department of CO 11/30/2007Paper Data Government/Military Yes - 200 Regulators Office Published #

Police have arrested 4 alleged thieves who stole a car from a shopping center with documents inside listing names, SSNs and birthdates that belong to the Colorado Department of Regulators Office, specifically related to the Board of Dental Examiners. During the investigation, police discovered a massive amount of information from previous crimes including credit card numbers and PIN numbers.

Attribution 1 Publication: 9 NewsAuthor: Carrie McClure Date Published: 12/7/2007 Article Title: Stolen car leads to ID theft ring Article URL: http://www.9news.com/news/article.aspx?storyid=82418

Attribution 2 Publication: 9 News ColoradoAuthor: Jeffrey Wolf Date Published: 12/6/2007 Article Title: Police catch thieves who stole car with state documents inside Article URL: http://www.9news.com/news/local/article.aspx?storyid=82340

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071207-01 Oak Ridge National Lab TN 10/29/2007Electronic Government/Military Yes - 12,000 Published #

The Oak Ridge National Laboratory revealed that a cyber attack over the last few weeks may have allowed names and SSNs of every lab visitor between 1990-2004. Lab officials said the assault appeared "to be part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country." But they would not identify the other institutions.

Attribution 1 Publication: Information WeekAuthor: Thomas Claburn Date Published: 12/7/2007 Article Title: DOE Lab Hacked Article URL: http://www.informationweek.com/news/showArticle.jhtml?articleID=204702720

Attribution 2 Publication: My Eyewitness News ABC 24Author: Associated Press Date Published: 12/6/2007 Article Title: Oak Ridge National Lab Reports "Sophisticated" Cyber Attack Article URL: http://www.myeyewitnessnews.com/news/local/story.aspx?content_id=c5af9893-1fe1-40e0-96a6-0d2b81569062&rss

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071206-01 Forrester Research MA 11/26/2007Electronic Business Yes - 0 Unknown #

A password protected laptop was stolen from the home of a Forrester Research employee that potentially exposed the names and SSNs of an undisclosed number of current and former employees and directors. The laptop contained records pertaining to those who have received grants of Forrester stock options or who have participated in the research firm's Employee Stock Purchase Plan, according to the letter

Attribution 1 Publication: E-weekAuthor: Lisa Vaas Date Published: 12/5/2007 Article Title: Forrester Loses Laptop Containing Personnel Data Article URL: http://www.eweek.com/article2/0,1895,2228887,00.asp Identity Theft Resource Center Report Date: 12/31/2007 Page 15 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

According to a letter sent to the New Hampshire Attorney General, Oracle Corporation had a desktop computer misplaced that contained Lodestar employee and contractor information. The file had one or more of the sensitive data: name, addresses and SSNs

Attribution 1 Publication: Chief Counsel, OracleAuthor: Peter Lefkowitz Date Published: 11/28/2007 Article Title: letter to New Hampshire AG Article URL: http://doj.nh.gov/consumer/pdf/Oracle.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071205-05 KimsCrafts US 8/13/2007Electronic Business Yes - 4,500 Published #

According to a letter written to the New Hampshire Attorney General, KimsCrafts had a breach that allowed access to names and credit card numbers between Aug. 13- Oct. 1, 2007 and included orders placed since June 25, 2001.

Attribution 1 Publication: Verrill Dana LLPAuthor: Jacqueline Rider Date Published: 11/3/2007 Article Title: letter to New Hampshire AG Article URL: http://doj.nh.gov/consumer/pdf/KimCrafts.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071205-04 Memorial Blood Centers MN 11/28/2007Electronic Medical/Healthcare Yes - 268,000 Published #

Memorial Blood Centers reported today that it has begun notifying blood donors of the theft of a laptop computer holding donor information. About 268,000 donor records on this laptop computer contain a donor name in combination with the donor's social security number. The laptop computer was stolen on November 28, 2007 in downtown Minneapolis during early morning preparations for a blood drive.

Attribution 1 Publication: Business WireAuthor: staff Date Published: 12/5/2007 Article Title: Memorial Blood Centers Notifying Donors of Possible Data Loss Article URL: http://www.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20071205005914&news

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071205-03 Fidelity Investments US 11/12/2007Electronic Banking/Credit/Financial Yes - 0 Unknown #

An email with the names, SSNs and employee stock plan purchase information was sent to the wrong people. The incident occurred on November 12.

Attribution 1 Publication: letter to AGAuthor: William Duserick, CP Date Published: 11/30/2007 Article Title: release to NH attorney general Article URL: http://doj.nh.gov/consumer/pdf/fidelity2.pdf Identity Theft Resource Center Report Date: 12/31/2007 Page 16 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

A realtor says a pair of doctors left an office filled with medical files including names and SSNs. Drs Trevino and Stewart left the mess when they moved over 3 weeks ago. MCALLEN - A realtor says a pair of doctors left an office filled with medical files and waste. The Texas Medical Board spokesman says the enforcement department will hear about these concerns and could launch an investigation.

Attribution 1 Publication: KRGV 5Author: staff Date Published: Article Title: Doctors Left Behind Medical Files and Waste Article URL: http://www.newschannel5.tv/2007/12/4/983388/Doctors-Left-Behind-Medical-Files-and-Waste

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071205-01 Duke Law School NC 12/1/2007Paper Data Educational Yes - 1,400 Published #

Duke University officials said the SSNs of about 1400 prospective law school applicants may have been compromised when a school Web site was illegally accessed. A second database was also compromised but did not apparently contain information that might lead to identity theft.

Attribution 1 Publication: Harvard CrimsonAuthor: Alexandra Perloff-Gile Date Published: 12/6/2007 Article Title: Security Breached On Duke Law Site Article URL: http://www.thecrimson.com/article.aspx?ref=521140

Attribution 2 Publication: News & ObserverAuthor: Marlon Walker Date Published: 12/5/2007 Article Title: Breach in Web site security found by Duke Law School Article URL: http://www.newsobserver.com/news/story/811800.html

Attribution 3 Publication: NBC 17Author: Associated Press Date Published: 12/4/2007 Article Title: Duke: Social Security Numbers May Have Been Accessed Article URL: http://www.nbc17.com/midatlantic/ncn/news.apx.-content-articles-NCN-2007-12-04-0031.html

Attribution 4 Publication: Office of News and Communications, DuAuthor: Melinda Vaughn Date Published: 12/4/2007 Article Title: Duke Law School Website Illegally Accessed Article URL: http://www.dukenews.duke.edu/2007/12/law_website.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071204-01 Indianapolis Power and Light IN Electronic Business Yes - 3,000 Published #

The names and SSNs of about 3000 IPL customers from 2003-2007 were posted online up to 4 years according to IPL officials.

Attribution 1 Publication: Indy Channel 6Author: staff Date Published: 12/4/2007 Article Title: Security Lapse Affects Thousands Of Electric Customers Article URL: http://www.theindychannel.com/news/14768281/detail.html Identity Theft Resource Center Report Date: 12/31/2007 Page 17 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

On October 1st the staff of the UWCA Retirement Fund discovered a computer had been stolen. The computer contained the names and SSNs of individuals who were active in the fund during Jan. 1, 2002- Sept 28, 2007.

Attribution 1 Publication: YWCA FundAuthor: Elizabeth Clark Date Published: 12/3/2007 Article Title: letter to the New Hampshire Attorney General Article URL: http://doj.nh.gov/consumer/pdf/ywca.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071203-03 Ortho-Clinical Diagnostics US 5/15/2007Electronic Medical/Healthcare Yes - 4,300 Published #

Almost 4,300 Ortho-Clinical Diagnostics, Inc. employees had their personal information exposed to employees with access to the company network after the security settings on a file that was supposed to restrict access to Human Resources Dept. personnel was inadvertently removed. The file was exposed for approximately six months. The personal information on employees dating back to 2002 may have included home address and telephone number, pre-employment screening information, compensation and other employment data, and social security number.

Ortho-Clinical Diagnostics, Inc. is a subdivision of Johnson & Johnson, and the file was available to any authorized user of the Johnson & Johnson (North America).

Attribution 1 Publication: Ortho-Clinical DiagnosticsAuthor: press release Date Published: 11/29/2007 Article Title: letter to NH DoJ Article URL: http://doj.nh.gov/consumer/pdf/ortho.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071203-02 Labor Ready KS 11/30/2007Paper Data Business Yes - 0 Unknown #

Two workers found W'2s, job applications and other papers with names and SSNs. The company meant them to be shredded but accidentally ended up tossing them.

Attribution 1 Publication: Fox 4 at noonAuthor: staff Date Published: 11/30/2007 Article Title: A disturbing find behind a metro business: personal information Article URL: http://www.myfoxkc.com/myfox/pages/News/Detail?contentId=5092410&version=1&locale=EN-US&layoutCode=TST

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071203-01 WA Bank of America WA 12/1/2007Paper Data Banking/Credit/Financial Yes - 0 Unknown #

A thief made off with hundreds of Bank of America account numbers and customer names after breaking into the car of a bank employee while attending a concert. "The stolen bank papers were in a briefcase inside the SUV." Identity Theft Resource Center Report Date: 12/31/2007 Page 18 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: The Daily News OnlineAuthor: Leila Summers Date Published: 12/2/2007 Article Title: Bank data stolen in break-in Article URL: http://www.tdn.com/articles/2007/12/02/area_news/doc47539946cbb18551636154.txt

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071126-04 Fox Valley Technical College WI Electronic Educational Yes - 0 Unknown #

An employee of Fox Valley Technical College that was not authorized to access employment records apparently had access to several employee records. It is undetermined if the records left this individuals possession or that fraud was the intention

Attribution 1 Publication: Wisconsin Office of Privacy ProtectionAuthor: web release Date Published: 11/19/2007 Article Title: Wiconsin Office of Privacy Protection reports breach at Fox Valley Technical College Article URL: http://privacy.wi.gov/databreaches/databreaches.jsp

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071126-03 Good Neighbors VT 11/22/2007Electronic Business Yes - 8 Published #

A break-in at the Black River Good Neighbors office was probably meant to send a message according to the police. Computers and other electronics were left and only the current and past employee information was taken along with some bank statements. The information taken included the SSNs of the 8 affected individuals.

Attribution 1 Publication: Rutland HeraldAuthor: Brent Curtis Date Published: 11/24/2007 Article Title: Files stolen at Good Neighbors office Article URL: http://www.rutlandherald.com/apps/pbcs.dll/article?AID=/20071124/NEWS02/711240330/1003/NEWS02

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071126-02 Dr. Jeffery Mueller FL 11/23/2007Paper Data Medical/Healthcare Yes - 0 Unknown #

Dozens of confidential medicals records had been tossed into a dumpster belonging to the medical practice of Dr. Jeffery Mueller whose attorney said that the files had be taken and dumped without the doctor's permission. Information included names, prescription information and SSNs.

Attribution 1 Publication: WFTV 9Author: staff Date Published: 11/25/2007 Article Title: Confidential Medical Records Discovered In Parking Lot Article URL: http://www.wftv.com/news/14687792/detail.html Identity Theft Resource Center Report Date: 12/31/2007 Page 19 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Local consumers remain concerned as credit cards and debit cards continue to be compromised by what appears to be a fraud scheme that has affected possibly hundreds of people in the Brookhaven area, bank and law enforcement officials said. Many Brookhaven area residents have been shocked to receive calls from their bank or credit card company advising their card numbers have been compromised and were being used in places such as Florida or Las Vegas. However all of the consumers still have their cards in their possession

Attribution 1 Publication: Daily LeaderAuthor: Therese Apel Date Published: 11/26/2007 Article Title: Banks, authorities tracking credit card scheme Article URL: http://www.zwire.com/site/news.cfm?newsid=19058149&BRD=1377&PAG=461&dept_id=172922&rfi=6

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071121-02 University of Florida FL Electronic Educational Yes - 415 Published #

More than 400 former UF students may be at risk after their SSNs were posted on the UF's Computer & Networking Services web site. All the individuals were former students of Richard Elnicki and had taken classes ISM 4220 or ISM 4330 with him between 1998 and 2001. Many of the files may have been online since 1998. According to college officials no web logs show that nobody had accessed the information in 5 years.

Attribution 1 Publication: The Independent Florida AlligatorAuthor: Devin Culclasure Date Published: 11/21/2007 Article Title: Social Security numbers of former UF students leaked on Web site Article URL: http://www.alligator.org/articles/2007/11/21/news/campus/ssn.txt

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071121-01 United Healthcare-Columbia NY 10/31/2007Electronic Business Yes - 933 University Published #

United Healthcare posted the SSNs of doctors at Columbia University's faculty practice on a public website on October 31. They were removed on Nov. 2. The information was taxpayer id numbers some of which were SSNs along with the names of 993 providers at Columbia who participate in the insurer's network. The web page was viewed 157 times before the data was removed

Attribution 1 Publication: Crain's New York BusinessAuthor: Barbara Benson Date Published: 11/20/2007 Article Title: Insurer inadvertently posted physician SSNs Article URL: http://www.crainsnewyork.com/apps/pbcs.dll/article?AID=/20071120/FREE/71120008/1049

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071120-01 McKinney Dumpster TX 11/18/2007Paper Data Business Yes - 0 Unknown #

A North Texas business in McKinney quickly reacted when a CBS 11 viewer found a files in a dumpster containing SSNs, bank statements, real estate contracts and more.

Attribution 1 Publication: CBS 11Author: staff Date Published: 11/19/2007 Article Title: Personal Information Found In McKinney Dumpster Article URL: http://cbs11tv.com/local/mckinney.dumpster.texas.2.571626.html Identity Theft Resource Center Report Date: 12/31/2007 Page 20 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071119-04 Commerce Bancorp PA 11/7/2007Electronic Banking/Credit/Financial Yes - 0 Unknown #

A Commerce Bancorp employee gave out SSN and account numbers to an undisclosed person according to bank officials. Letters have been sent out to affected individuals.

Attribution 1 Publication: Philly.comAuthor: Harold Brubaker Date Published: 11/14/2007 Article Title: Commerce Bank: Customers' data leaked Article URL: http://www.philly.com/philly/business/20071114_Commerce_Bank__Customers_data_leaked.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071119-03 Wake Technical Community NC Electronic Educational Yes - 0 College Unknown #

According to college officials at Wake Technical Community College a flash drive was misplaced and has been recovered. The names and SSNs of some students were on it.

Attribution 1 Publication: NBC 17Author: staff Date Published: 11/16/2007 Article Title: Potential ID Theft At Wake Tech Article URL: http://www.nbc17.com/midatlantic/ncn/news.apx.-content-articles-NCN-2007-11-16-0014.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071119-02 Ohio Masonic OH 11/14/2007Electronic Business Yes - 600 Home/Battelle& Battell LLC Published #

A Kettering auditing firm, Battelle & Battelle, had a laptop stolen with the information on employees of up to 10 businesses including the Springfield Ohio Masonic Home.

Attribution 1 Publication: Dayton Daily NewsAuthor: Kelly Baker Date Published: 11/17/2007 Article Title: Laptop with workers' personal information stolen from auditors Article URL: http://www.daytondailynews.com/n/content/oh/story/news/local/2007/11/16/ddn111707battelle.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071119-01 Department of Veteran's CA 6/14/2007Electronic Government/Military Yes - 1,800,000 Affairs Published #

After arresting a man for purchasing jewelry with a fraudulent card, investigators found that the thief had 1.8 million SSN from the US Department of Veteran's Affairs where he had been employed for a while as an auditor. "Veterans Affairs' officials have said only 185,000 numbers are at risk because many were repeated in the file." The thief quit when he discovered that they were about to do a background check on him. The thief is believed to be a member of Koreatown Gangsters.

Attribution 1 Publication: Orange County RegisterAuthor: Erika Torres Date Published: 11/16/2007 Article Title: Man arrested in theft of 1.8 million Social Security numbers Article URL: http://www.ocregister.com/news/kim-numbers-affairs-1924451-security-social Identity Theft Resource Center Report Date: 12/31/2007 Page 21 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071116-03 AJ Falciani Realty Company NJ 11/14/2007Electronic Business Yes - 1,000 Published #

Computers containing 500-1000 clients information including SSNs, names, dates of birth of A.J. Falciani Realty Company were taken in a burglary. The computers contained about 7 years of data. In addition, a lock box that held listing of code lock information was taken. The codes can be used to gain access into unoccupied residences as well as those currently for sale.

Attribution 1 Publication: Everything Jersey, NJ.comAuthor: Jason Laday Date Published: 11/16/2007 Article Title: Stolen PCs hold personal data on hundreds Article URL: http://www.nj.com/news/bridgeton/index.ssf?/base/news-2/119519076964280.xml&coll=10

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071116-02 K-State Office of International KS 11/1/2006Electronic Government/Military Yes - 128 Programs Published #

128 international students SSNs were exposed though a K-State Web site. These students had been enrolled in the English Language Program. Only international students were affected because the exposed Social Security numbers came from test scores on the English language proficiency test, said Lynn Carlin, interim vice provost for Information Technology Services. All data has been removed from the Web site.

Attribution 1 Publication: Kansas State CollegianAuthor: Adrianne Deweese Date Published: 11/16/2007 Article Title: 128 students' social security numbers exposed on Web site Article URL: http://media.www.kstatecollegian.com/media/storage/paper1022/news/2007/11/16/TodaysNews/128-Students.Social.

Attribution 2 Publication: K-StateAuthor: Lynn Carlin Date Published: 11/15/2007 Article Title: University Press Release Article URL: http://www.k-state.edu/media/newsreleases/nov07/security111507.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071116-01 Indiana University-Purdue IN Electronic Educational Yes - 32 University Published #

Indiana University-Purdue University Fort Wayne is notifying 32 current and past international students that their information, including SSNs, was on a computer breached by a hacker. All affected individuals will be notified by mail.

Attribution 1 Publication: Inside Indiana BusinessAuthor: staff Date Published: 11/16/2007 Article Title: IPFW Notifies Students of Computer Breach Article URL: http://www.insideindianabusiness.com/newsitem.asp?ID=26495 - middle

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071115-04 University of Tennessee at TN 11/3/2007Electronic Educational Yes - 41 Martin Published #

41 former applicants to the Tennessee Governor's School for the Agricultural Sciences in 2004 at the University of Tennessee had their names, SSNs and other information posted to the Internet. The problem has been remedied. Identity Theft Resource Center Report Date: 12/31/2007 Page 22 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Office of University RelationsAuthor: Bud Grimes Date Published: 11/5/2007 Article Title: UT Martin releasing accidental inforamtion release Article URL: http://www.utm.edu/departments/univrel/archive/2007/November/accidentalinformationrelease.php

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071115-03 Sidney OH YMCA OH 11/4/2007Electronic Business Yes - 0 Unknown #

Investigators said someone broke into the Sidney/Shelby County YMCA in the early-morning hours of Nov. 4 and stole a server-type hard drive and three computers. Police said the hard drive contained payroll information and membership information. It contained bank routing numbers for employees and members. YMCA said there are several layers of security on the hard drive.

Attribution 1 Publication: WHIO TVAuthor: staff Date Published: 11/14/2007 Article Title: Sidney/Shelby Co. YMCA Target Of ID Theft Article URL: http://www.whiotv.com/news/14597076/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071115-02 Virginia Tech VA 9/5/2007Electronic Educational Yes - 12 Published #

In early September, the names and SSNs of about 100 students (12 including SSNs) were exposed through on Tech's file box server. It was discovered by the Liberty Coalition. The problem has been corrected.

Attribution 1 Publication: Collegiate TimesAuthor: Caroline Black Date Published: 11/15/2007 Article Title: Students' social security numbers turn up online Article URL: http://www.collegiatetimes.com/stories/2007/11/15/students__social_security_numbers_turn_up_online

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071115-01 Roudebush VA Medical IN 11/10/2007Electronic Government/Military Yes - 12,000 Center (Password) **ITRC does not consider a password adequate protection for breached data. Two personal computers and a laptop were stolen from an unsecured room at the Roudebush VA Medical Center in Indianapolis over Veterans' Day weekend. The information on one of the computers contained the names, SSNs and dates of service of approximately 12,000 veterans.

Attribution 1 Publication: The Indy Channel- 6 News On Your SideAuthor: staff Date Published: 11/15/2007 Article Title: Hospital Records Compromised In Security Breach Article URL: http://www.theindychannel.com/news/14602314/detail.html

Attribution 2 Publication: Inside Indiana BusinessAuthor: staff Date Published: 11/15/2007 Article Title: Computers Stolen From VA Hospital in Indianapolis Article URL: http://www.insideindianabusiness.com/newsitem.asp?ID=26465 Identity Theft Resource Center Report Date: 12/31/2007 Page 23 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

A clerk at the postal service in Arlington has blown the whistle about the dumping of "tens of thousands of pages of sensitive employee information." The records included names, addresses and SSNs. Other papers had medical information, accident reports, performance reviews and countless grievances including sexual harassment claims.

Attribution 1 Publication: ABC 7 News WJLAAuthor: staff Date Published: 11/9/2007 Article Title: Only On 7: Post Office Records Article URL: http://www.wjla.com/news/stories/1107/471325.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071112-05 Henry County VA 11/5/2007Electronic Banking/Credit/Financial Yes - 0 Unknown #

Hackers apparently have gotten into financial data banks where they have obtained valid card numbers. Since Monday, the Sheriff's Office has taken 20 or 30 complaints from local debit card holders in Henry County. The thieves are actually manufacturing debit cards under some of the most common bank names: Wachovia, BB&T, SunTrust, and various credit unions. Then they're apparently selling the cards on the black market to third parties in various states.

Attribution 1 Publication: WDBJ 7 newsAuthor: staff Date Published: 11/9/2007 Article Title: Dozens of Henry County residents are victims of debit card fraud Article URL: http://www.wdbj7.com/Global/story.asp?S=7338933

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071112-04 Dr. Andrew Campbell TX 11/8/2007Paper Data Medical/Healthcare Yes - 300 Published #

A Dallas doctor admits to dumping old patient records, leaving medical records, insurance statements and even SSNs available for possible theft. The more than 300 files were old, many belonging to deceased patients. The doctor felt that he believes no real damage was done since the patients are all deceased.

Attribution 1 Publication: CBS 11 DallasAuthor: Bud Gillett Date Published: 11/9/2007 Article Title: Medical Records Found Dumped In Dallas Trash Bin Article URL: http://cbs11tv.com/topstories/local_story_313201708.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071112-03 Attorney W. Dan Mahoney CO 11/11/2007Paper Data Business Yes - 0 Unknown #

Police collected 17 boxes filled with Social Security numbers and other personal information from a trash container behind an office building in Colorado on Sunday. They were dumped by the law firm of W. Dan Mahoney who anticipated they would be picked up by the trash collector on Monday.

Attribution 1 Publication: CBS 11Author: staff Date Published: 11/12/2007 Article Title: Clients' Legal Info Found Dumped In Lawyer's Trash Article URL: http://cbs11tv.com/consumer/local_story_316110458.html Identity Theft Resource Center Report Date: 12/31/2007 Page 24 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071112-02 Nevada Department of NV 6/1/2007Electronic Government/Military Yes - 0 Information Technology Unknown #

More than 470 unencrypted CD containing payroll information about state workers including their SSNs has been lost or stolen over the past 3 years. Bi-weekly CD's were sent to more than 80 agencies totaling 13,000 CDs. 97%, or 470, are still considered missing.

Attribution 1 Publication: Nevada AppealAuthor: Geoff Dornan Date Published: 11/10/2007 Article Title: CDs with state workers' information missing Article URL: http://www.nevadaappeal.com/article/20071110/NEWS/111100113

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071112-01 Carolinas Medical Center NC 11/4/2007Electronic Medical/Healthcare Yes - 28,000 Northeast (Password) **ITRC does not consider a password adequate protection for breached data. A paramedic left a computer on the back bumper of an ambulance and it is now missing. It includes the names, addresses and SSNs of 28,000 people helped by the county EMS over the past 4 years.

Attribution 1 Publication: WCNCAuthor: staff Date Published: 11/8/2007 Article Title: Lost EMS laptop contained patient info Article URL: http://www.wcnc.com/news/topstories/stories/wcnc-110707-krg-paramedic.1e9e3c6d7.html

Attribution 2 Publication: WBTVAuthor: staff Date Published: 11/7/2007 Article Title: 28K in Jeopardy of ID Theft Because of Lost Laptop Article URL: http://www.wbtv.com/news/topstories/11094071.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071107-04 Hernando County FL 11/5/2007Paper Data Government/Military Yes - 0 Unknown #

Hernando County tossed thousands of cancelled checks, Medicare payments, old ambulance bills mostly dating from 2001-2. The records included SSNs, bank account and routing numbers and even deposit slips and certified checks

Attribution 1 Publication: Hernando TodayAuthor: Michael Bates Date Published: 11/6/2007 Article Title: Public records found in trash bin Article URL: http://www.hernandotoday.com/MGBT3R4AP8F.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071107-03 Atty Joe Gamez TX 5/1/2007Paper Data Medical/Healthcare Yes - 0 Unknown #

Thousands of medical records, driver's licenses and SSNs turned up in a dumpster at an elementary school. After examination, it was determined that the files belonged to Joe Gamez's law firm. The firm said their storeroom had been broken into 6 months ago which was confirmed by the police. Identity Theft Resource Center Report Date: 12/31/2007 Page 25 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: WOAIAuthor: Eric Runge Date Published: 11/7/2007 Article Title: Gold Mine for ID Thieves: Thousands of Records Found in Dumpster Article URL: http://www.woai.com/news/local/story.aspx?content_id=1a103b0d-d2bd-4ba9-99c2-214020cbed75

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071107-02 Butte Community Bank CA 10/24/2007Electronic Banking/Credit/Financial Yes - 0 Unknown #

Chico-based Butte Community Bank notified an undisclosed number of customers this week that a laptop computer probably containing their names, addresses, Social Security numbers and account numbers was stolen in mid-October. The computer is password protected.

Attribution 1 Publication: Chico ER.comAuthor: Greg Welter Date Published: 11/7/2007 Article Title: Sensitive customer information on bank's stolen laptop Article URL: http://www.chicoer.com/ci_7389966?source=most_viewed

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071107-01 Montana State University MT 11/2/2007Electronic Educational Yes - 271 Published #

In 3 separate data breaches 271 students and employees who lived on-campus from 1998-the spring of 2007 had their names and SSNs exposed. "On Nov. 2, it was determined that a stolen data storage device contained the Social Security numbers of 216 students and employees who lived in on-campus housing from 1998 to the spring of 2007.

In a separate incident that also occurred on Nov. 2, an independent security analyst informed university data security staff that an Excel spreadsheet with the names and Social Security numbers of 42 people - mostly new hires during the summer of 2006 - was available on the MSU Web site. The spreadsheet was immediately removed.

While investigating the Excel spreadsheet incident, MSU data-security staff discovered another Excel spreadsheet with the Social Security numbers of 13 people affiliated with the Department of Computer Science on the university's Web site. It, too, was immediately removed. "We take these incidents very seriously and act as swiftly as we can to notify the affected parties," said Cathy Conover, an MSU spokeswoman. "We try to learn as much as we can from each incident to improve our security and are investing a great deal of time to prevent these events from happening again."

Attribution 1 Publication: Billings GazetteAuthor: MSU News Service Date Published: 11/6/2007 Article Title: MSU notifies students, staff of security breaches Article URL: http://www.billingsgazette.net/articles/2007/11/06/news/state/20-breach.txt

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071106-01 ALL KIDS AL 11/1/2007Electronic Government/Military Yes - 1,554 Published #

The personal information, including the names, ages and Social Security numbers of more than 1,500 families enrolled in the state's ALL Kids health care coverage program, were accidentally sent to the wrong families last week, officials with the Alabama Department of Public Health confirmed Monday.

Attribution 1 Publication: Captial BureauAuthor: Sebastian Kitchen Date Published: 11/6/2007 Article Title: Personal information sent to wrong families Article URL: http://www.al.com/news/press-register/index.ssf?/base/news/119434413578700.xml&coll=3 Identity Theft Resource Center Report Date: 12/31/2007 Page 26 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071105-07 Royal Management Loan TX 10/31/2007Paper Data Banking/Credit/Financial Yes - 0 Company Unknown #

A dumpster was found to be full of loan papers belonging to Royal Management in Boerne.

Attribution 1 Publication: KENS 5 Eyewitness NewsAuthor: James Munoz Date Published: 11/1/2007 Article Title: Personal information found in Boerne dumpster Article URL: http://www.mysanantonio.com/news/metro/stories/MYSA110107.dumpsterdata.KENS.1cca0df08.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071105-06 New England School of Law MA 10/15/2007Electronic Educational Yes - 5,098 Published #

"In mid-October, the New England School of Law was alerted that personal information, including SSNs, of school alumni was available on a page of the school's website through the Internet search engine Google." It has been removed

Attribution 1 Publication: Letter to NH AG by New England SchoolAuthor: John O'Brian Date Published: 10/29/2007 Article Title: New England School of Law breach Article URL: http://doj.nh.gov/consumer/pdf/ne_law.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071105-05 Track Data Securities Corp US 10/12/2007Electronic Business Yes - 0 Unknown #

Track Data learned that its computer system was compromised and data pertaining to customers including SSNs and names were affected. This letter only discussed 276 New Hampshire residents but implies other states were involved. "Track Data is sending the attached notice to all individuals (including New Hampshire residents)….."

Attribution 1 Publication: Letter to NH Attorney GeneralAuthor: Duane Morris attorney Date Published: 10/12/2007 Article Title: Track Data Securities breach Article URL: http://doj.nh.gov/consumer/pdf/DuaneMorris.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071105-04 Dallas Independent School TX 11/1/2007Paper Data Educational Yes - 0 District Unknown #

Hundreds of documents of some North Texas students, including SSNs and names, were found in a dumpster. Some of them belong to Skyline High School students and date back four to six years.

Attribution 1 Publication: CBC 11, Dallas/Fort WorthAuthor: Steve Pickett Date Published: 11/2/2007 Article Title: Documents Of Dallas Students Found In Dumpster Article URL: http://cbs11tv.com/consumer/local_story_306165933.html Identity Theft Resource Center Report Date: 12/31/2007 Page 27 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071105-03 American Academy of US 10/22/2007Electronic Business Yes - 0 Pediatrics Unknown #

A laptop which contained names and SSN was lost in a move by the Academy. The laptop was place in a locked file cabinet for the move but cannot be found.

Attribution 1 Publication: SchiffHardin LLPAuthor: letter to NH Attorney Date Published: 10/23/2007 Article Title: American Academy of Pediatrics breach Article URL: http://doj.nh.gov/consumer/pdf/SchiffHardin.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071105-02 Scarborough & Tweed US 9/25/2007Electronic Business Yes - 570 Published #

In a letter to the New Hampshire Attorney General, Scarborough & Tweed announced that in late September, a data security incident occurred via the company's web server in Delaware. 570 US customers may have had their name, account number and credit card numbers accessed. They are being notified by letter.

Attribution 1 Publication: Scarborough & TweedAuthor: Release to NH AG Date Published: 10/26/2007 Article Title: 570 Scarborough & Tweed customers' personal information accessed by SQL injection Article URL: http://doj.nh.gov/consumer/pdf/ScarboroughTweed.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071105-01 UC Davis CA 9/24/2007Electronic Educational Yes - 168 Published #

A hacker broke into the UC Davis private computer accounts between Sept. 24 and Oct. 29 and may have stolen credit card numbers and other financial information..

Attribution 1 Publication: Sacramento BeeAuthor: Tony Bizjak Date Published: 11/4/2007 Article Title: UC Davis student records hacked Article URL: http://www.sacbee.com/101/story/470772.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071101-02 CUNY- City University of NY NY 10/19/2007Electronic Educational Yes - 20,000 (Password) **ITRC does not consider a password adequate protection for breached data. As many as 20,000 current and former CUNY students had their information breached when a laptop with their names and SSNs was stolen from a financial aid office in Midtown. Affected individuals were notified by letter on October 19th. "Officials said the missing laptop had not been functional and that any sensitive data it contained was password-protected."

Attribution 1 Publication: New York PostAuthor: YOAV GONEN Date Published: 11/1/2007 Article Title: CUNY THEFT THREATENS STUDENT IDS Article URL: http://www.nypost.com/seven/11012007/news/regionalnews/cuny_theft_threatens_student_ids_154952.htm Identity Theft Resource Center Report Date: 12/31/2007 Page 28 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071101-01 Clarian Health Partners, Inc. IN 10/22/2007Electronic Medical/Healthcare Yes - 1,200 Published #

Clarian Health Partners misplaced a mobile device containing the names, contact information, SSNs and certain medical information in October. A memo has been sent to all affected individuals.

Attribution 1 Publication: Inside Indiana Business with Gerry DickAuthor: Linda Munch Date Published: 10/31/2007 Article Title: Clarian Informs Patients of Data Security Breach Article URL: http://www.insideindianabusiness.com/newsitem.asp?ID=26228

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071031-01 Pathology Group of Mid- TN 9/23/2007Electronic Business Yes - 75,000 South Published #

According to the notice sent by the Pathology Group, several computers with flat screen monitors were stolen. One of those computers had patient information on about 75,000 people. The thieves not only stole thousands of people's personal information including credit card information according to one patient who received a call from a Visa company.

Attribution 1 Publication: WREG 3 MemphisAuthor: Omari Fleming Date Published: 10/30/2007 Article Title: Identification theft hits 70,000 people Article URL: http://www.wreg.com/Global/story.asp?S=7288802

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071030-05 Kentucky 33 businesses KY Paper Data Business Yes - 0 Unknown #

The Kentucky Attorney General did a sweep of 121 companies in Lexington, Frankfort, Florence and Louisville and found 33 businesses were not shredding records that contained identifying information including medical records and SSNs. AG Greg Stumbo said, "33 of the 121 businesses threw more than 500 records containing personal information about more than 1,250 people into publicly accessible trash receptacles."

Attribution 1 Publication: Lexngton Herald LeaderAuthor: Jack Brammer Date Published: 10/31/2007 Article Title: Probe measures ID theft potential Article URL: http://www.kentucky.com/179/story/217263.html

Attribution 2 Publication: Lexington Herald LeaderAuthor: Jack Brammer Date Published: 10/30/2007 Article Title: Attorney general: Many businesses aren’t protecting personal records Article URL: http://www.kentucky.com/181/story/216613.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071030-04 Tennessee Department of TN 10/20/2007Electronic Government/Military Yes - 500 Transportation Published #

The Tennessee Department of Transportation accidentally circulated information on an inter-office memo. 500 war vets had their names and SSNs exposed by what started as an email inter-office memo. It floated around only 11 minutes but was seen by nearly 500 people. Identity Theft Resource Center Report Date: 12/31/2007 Page 29 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: NEWS 15Author: STAFF Date Published: 10/20/2007 Article Title: Email Error; Potential Source For Identity Theft Article URL: http://www.newschannel5.com/Global/story.asp?S=7242547

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071030-03 Unknown store NC 10/29/2007Paper Data Business Yes - 0 Unknown #

Two men found a box full of cell phone customer applications from all around Salisbury. They included SSNs, credit card information and even driver's license information. "ABC Phones and ACC Communications are listed on the documents. The stores sold Alltel products, however Alltel representative said the company isn’t responsible for the documents since the stores were locally owned by ABC Phones. Update: a correction has been made. No applications were from ABC phone, all were from ACC Communications.

A representative with ABC phones, based out Greenville, said they just found out about the situation late Monday afternoon. The representative said the company is concerned about this and is taking steps to review what was found. The company representative added that first they had to confirm the documents did indeed belong to its customers."

Attribution 1 Publication: pogowasrightAuthor: Dissent Date Published: 11/7/2007 Article Title: Correction to a Breach Report Article URL: http://www.pogowasright.org/index.php?topic=Breaches&page=2

Attribution 2 Publication: News 14Author: Jennifer Moxley Date Published: 10/29/2007 Article Title: Personal documents found in trash can Article URL: http://news14.com/content/headlines/588963/personal-documents-found-in-trash-can/Default.aspx

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071030-02 University of Nevada, Reno NV 10/19/2007Electronic Educational Yes - 16,000 Published #

A professor at the University of Nevada in Reno has lost a flash drive that contained the names and SSNs of about 16,00 current and former freshmen students in fall semesters 2001-1007.

Attribution 1 Publication: News 4Author: staff Date Published: 10/31/2007 Article Title: Student's Personal Information Lost at UNR Article URL: http://www.krnv.com/Global/story.asp?S=7282937&nav=8faO

Attribution 2 Publication: Reno Gazette JournalAuthor: Lenita Powers Date Published: 10/30/2007 Article Title: UNR professor loses flash drive with students' personal information Article URL: http://news.rgj.com/apps/pbcs.dll/article?AID=/20071030/NEWS02/710300339/1321/NEWS

Attribution 3 Publication: Nevada News, University of Nevada RenAuthor: John Trent Date Published: 10/29/2007 Article Title: University update on possible student data breach Article URL: http://www.unr.edu/nevadanews/detail.aspx?id=2412 Identity Theft Resource Center Report Date: 12/31/2007 Page 30 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

About 3,000 Oahu postal employees received letters in the mail this weekend warning them that their personal information may be compromised. The employees' names, Social Security numbers and other information were on a laptop computer that was stolen in August.

Attribution 1 Publication: Hawaii ChannelAuthor: staff Date Published: 10/29/2007 Article Title: USPS Stolen Laptop Held Hawaii Employee Information Article URL: http://www.thehawaiichannel.com/news/14453350/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071029-03 Hartford Life Insurance OH 9/27/2007Electronic Business None - 0 Other Protection Hartford Life Insurance policyholders in Ohio were included in a data security breach the company discovered last month, the Ohio Department of Insurance announced Monday. The department said the Hartford, Conn.- based insurer misplaced three backup tapes that contained personal information of some Ohio consumers. The incident was discovered Sept. 27, the department said. The tapes require extremely sophisticated equipment to read them.

Attribution 1 Publication: Business First of ColumbusAuthor: staff Date Published: 10/30/2007 Article Title: Insurer's data breach affecting Ohio consumers Article URL: http://www.bizjournals.com/columbus/stories/2007/10/29/daily6.html

Attribution 2 Publication: Dayton Business JournalAuthor: staff Date Published: 10/29/2007 Article Title: Insurer's data breach affecting Ohio consumers Article URL: http://dayton.bizjournals.com/dayton/stories/2007/10/29/daily7.html?jst=b_ln_hl

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071029-02 University of Akron OH Electronic Educational Yes - 1,200 Published #

A microfilm containing the personal information of approximately 1,200 University of Akron alumni is missing. The affected individuals were grads of the fall 1974 class and the information includes names, birth dates and SSNs.

Attribution 1 Publication: Beacon JournalAuthor: staff Date Published: 10/25/2007 Article Title: Identity data on UA alumni is missing Article URL: http://www.ohio.com/news/break_news/10788671.html

Attribution 2 Publication: WKYC TV (NBC)Author: staff Date Published: 10/24/2007 Article Title: University of Akron: Microfilm containing personal info on alumni missing Article URL: http://www.wkyc.com/news/news_article.aspx?storyid=76694&provider=gnews Identity Theft Resource Center Report Date: 12/31/2007 Page 31 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

An online retailer of posters, prints and framed art on Saturday alerted customers that hackers had gotten into website to access credit card accounts. Art.com, which operates websites including Art.com and Allposters.com, said it is investigating the intrusion and asked its clientele to be more vigilant.

Attribution 1 Publication: AHN News WriterAuthor: Harriette Cecilio Date Published: 10/28/2007 Article Title: Art.com's Website Hacked; Customers Alerted Of Possible Identity Theft Article URL: http://www.allheadlinenews.com/articles/7008975169

Attribution 2 Publication: breach listAuthor: WI Office of Privacy P Date Published: 10/27/2007 Article Title: Art.com breach Article URL: http://privacy.wi.gov/databreaches/2007/oct07.jsp

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071024-9 US Navy OH 10/19/2007Paper Data Government/Military Yes - 0 Unknown #

The United States Navy has launched an internal investigation after dozens of personal files of their recruits were found laying in a garbage dumpster. 9 News captured exclusive video and reaction as Navy Recruiters tried to collect the information Friday night. The discovery was made outside their headquarters located on Mall Road in Florence. Information included SSNs and names.

Attribution 1 Publication: WCPOAuthor: staff Date Published: 10/22/2007 Article Title: Navy Starts Inquiry After NKY Dumpster Paperwork Discovery Article URL: http://www.wcpo.com/news/local/story.aspx?content_id=5ec00d15-4940-455c-b648-84f5e9ba94cb

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071024-12 Duquesne University PA 10/8/2007Electronic Educational Yes - 8,000 Published #

Thousands of financial aid information were emailed to a student who then reported the incident to the university. Those on the list included anyone who filled out a FAFSA or financial aid form and listed Duquesne U on it. The files contained SSNs and names. No danger is anticipated.

Attribution 1 Publication: Pittsburgh Channel- Call 4Author: staff Date Published: 10/18/2007 Article Title: Duquesne U Accidentally E-Mails Personal Student Info Article URL: http://www.thepittsburghchannel.com/news/14371981/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071024-11 Ameriquest GA GA 10/18/2007Paper Data Banking/Credit/Financial Yes - 1,200 Published #

The Ameriquest office in GA, closed 2 years ago, is now under investigation since boxes of sensitive information from the company was tossed into a dumpster. The papers are mainly mortgage papers which include names and SSNs. Identity Theft Resource Center Report Date: 12/31/2007 Page 32 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: First Coast News- WXIAAuthor: staff Date Published: 10/19/2007 Article Title: Sensitive Personal Info In The Trash Article URL: http://www.firstcoastnews.com/news/georgia/news-article.aspx?storyid=94001

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071024-10 Saint Vincent Catholic NY Electronic Medical/Healthcare Yes - 100,000 Medical Center of NY Published #

Saint Vincent Catholic Medical Centers of New York has warned 100,000 current and former patients that databases holding some of their personal information and insurance policy numbers were breached earlier this year.

Letters were sent last week to the affected patients who were treated at Saint Vincent's existing and former acute-care hospitals, including the former St. Vincent's Hospital, West Brighton, between August 1988 and November 2006, said Michael Fagan, a spokesman for the Manhattan-based system.

Attribution 1 Publication: Staten Island AdvanceAuthor: Frank Donnelly Date Published: 10/20/2007 Article Title: Data on Saint Vincent's patients goes astray Article URL: http://www.silive.com/news/advance/index.ssf?/base/news/11928618176960.xml&coll=1

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071024-08 University of Cincinnati #2 OH Paper Data Educational Yes - 0 Unknown #

In a second breach this month, the Univ. of Cincinnati is reporting that paper files were left in filing cabinets that were sent to be resold.

Attribution 1 Publication: WCPOAuthor: Ian Preuth Date Published: 10/23/2007 Article Title: New Information On The Device Stolen From UC Article URL: http://www.wcpo.com/news/local/story.aspx?content_id=857e329c-afe5-4925-8703-16cde4637905

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071024-07 Dr. O'Donnell IN 10/22/2007Paper Data Medical/Healthcare Yes - 0 Unknown #

A doctor has removed the boxes filled with medical records that he put by a dumpster in the parking lot behind his office after they were pointed out to him by a passerby and a story was published.

Attribution 1 Publication: Reporter TimesAuthor: Dann Denny Date Published: 10/23/2007 Article Title: Bloomington physician removes medical files from dumpster Article URL: http://www.reporter-times.com/?module=displaystory&story_id=92327&format=html Identity Theft Resource Center Report Date: 12/31/2007 Page 33 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Nearly 500 students' financial aid information was available on network Two publicly accessible documents that contained the record of nearly 500 recipients of the federal Perkins Loan along with each recipient's address, date of birth, Social Security number, legal name and loan amount were uncovered on the Bates network by The Bates Student on Oct. 13. All that was necessary to access the files was a Bates username and password.

Attribution 1 Publication: Bates StudentAuthor: Sam Nagourney Date Published: 10/23/2007 Article Title: 'Potential Breach' of Confidential Student Data Article URL: http://media.www.batesstudent.com/media/storage/paper1116/news/2007/10/23/News/potential.Breach.Of.Confident

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071024-05 Not Your Average Joe's MA 9/29/2007Electronic Business Yes - 3,500 Restaurants Published #

The Dartmouth-based chain of Not Your Average Joe's estimated less than 3,500 of the 350,000 customers it served in August and September had their credit card information stolen. The 14-restaurant chain said it is working with the US Secret Service and major credit card companies to determine how the data theft occurred and precisely how many customers were affected.

Attribution 1 Publication: South Coast TodayAuthor: Brian Fraga Date Published: 10/25/2007 Article Title: Not Your Average Joe's deals with credit card security breach Article URL: http://www.southcoasttoday.com/apps/pbcs.dll/article?AID=/20071025/NEWS/710250354

Attribution 2 Publication: Boston GlobeAuthor: Bruce Mohl Date Published: 10/24/2007 Article Title: Restaurant chain customers' credit card data stolen Article URL: http://www.boston.com/business/globe/articles/2007/10/24/restaurant_chain_customers_credit_card_data_stolen/

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071024-04 Dixie State College UT 9/11/2007Electronic Educational Yes - 11,000 Published #

An unauthorized person gained access to confidential files including SSNs for some alumni and current DSC employees via the college's computer system. Once DSC officials became aware of the incident, the compromised files, which contained approximately 11,000 names of those who graduated or worked at DSC from 1986 to 2005, were immediately deleted from the server. In addition, law enforcement officials, the Utah State Attorney General's Office and the Utah Higher Education Commissioner's office were notified.

Attribution 1 Publication: Salt Lake TribuneAuthor: Nate Carlisle Date Published: 10/25/2007 Article Title: Dixie students, alums warned of data breach Article URL: http://www.sltrib.com/news/ci_7275082

Attribution 2 Publication: The SpectrumAuthor: staff Date Published: 10/23/2007 Article Title: Personal information compromised on Dixie State computer system Article URL: http://www.thespectrum.com/apps/pbcs.dll/article?AID=/20071023/NEWS01/71023004 Identity Theft Resource Center Report Date: 12/31/2007 Page 34 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

A Blockbuster store has been dumping membership forms, employment application that included SSN and credit card numbers and other credit card information in the dumpster behind its store.

Attribution 1 Publication: Herald TribuneAuthor: Todd Ruger Date Published: 10/25/2007 Article Title: State watching response to Blockbuster store identity breach Article URL: http://www.heraldtribune.com/article/20071025/NEWS/710250439

Attribution 2 Publication: Herald TribuneAuthor: Cathy Zollo Date Published: 10/23/2007 Article Title: Bonanza for identity theft in trash behind Sarasota Blockbuster Article URL: http://www.heraldtribune.com/article/20071023/NEWS/710230558

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071024-02 West Virginia Public WV 10/12/2007Electronic Government/Military None - 0 Employees Insurance Agency Other Protection "West Virginia officials are alerting 200,000 past and current members of three health insurance programs that a computer tape containing some personal information is missing. The tape, containing such information as names, addresses and Social Security numbers, slipped out of a package shipped Oct. 12 by the state Public Employees Insurance Agency to a Pennsylvania analyst it uses."

Attribution 1 Publication: Charleston Daily MailAuthor: staff Date Published: 10/23/2007 Article Title: State employees say they expect missing information to be found Article URL: http://www.dailymail.com/story/News/200710232/State-employees-say-they-expect-missing-information-to-be-found/

Attribution 2 Publication: Daily MailAuthor: Associated Press Date Published: 10/23/2007 Article Title: 200,000 notified of missing tape containing personal information Article URL: http://www.dailymail.com/story/News/200710232/200-000-notified-of-missing-tape-containing-personal-information/

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071024-01 University of Cincinnati OH 9/18/2007Electronic Educational Yes - 7,000 Published #

A flash drive was taken from a U.C. Employee last month. It had the Social Security numbers and other data for more than 7,000 people.

Attribution 1 Publication: Local 12Author: staff Date Published: 10/18/2007 Article Title: UC Students' Personal Information Stolen Article URL: http://www.local12.com/news/local/story.aspx?content_id=35011124-74e7-4f96-8644-baf54bf00990 Identity Theft Resource Center Report Date: 12/31/2007 Page 35 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

WAFF investigators found numerous boxes of credit card receipts with the full credit card numbers of former diners of Copeland's of New Orleans printed on the receipt in an open shed behind the now closed restaurant. The receipts have been turned over to the Huntsville Police Department.

Attribution 1 Publication: WAFF 48Author: staff Date Published: 10/17/2007 Article Title: WAFF 48 Investigators find your credit card receipts Article URL: http://www.waff.com/Global/story.asp?S=7221222&nav=0hBE

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071018-03 Wilmington Police Dept. NC 10/18/2007Electronic Government/Military Yes - 0 Unknown #

The Wilmington Police Department has fixed a big problem on their new website P2C or Police to Citizens. Along with providing police reports, the website also listed stolen social security numbers, drivers license numbers and North Carolina ID numbers. WECT discovered the problem on the day the site was launched and notified the police department.

Attribution 1 Publication: WCETAuthor: staff Date Published: 10/18/2007 Article Title: WPD Website Revealed Personal Information Article URL: http://www.wect.com/Global/story.asp?S=7231751&nav=2gQc

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071018-02 Home Depot, Massachusetts MA 10/15/2007Electronic Business Yes - 10,000 (Password) **ITRC does not consider a password adequate protection for breached data. A laptop computer was stolen from a Home Depot regional manager's car in Massachusetts. It contained the name and SSNs of 10,000 employees but no customer information. Home Depot is not disclosing the city or town but acknowledges that the employees were mostly from the Northeast.

Attribution 1 Publication: Fox NewsAuthor: Associated Press Date Published: 10/17/2007 Article Title: 10,000 Employees' Data on Stolen Laptop Article URL: http://www.foxnews.com/wires/2007Oct17/0,4670,HomeDepotStolenLaptop,00.html

Attribution 2 Publication: WCVB TV Boston 5Author: staff Date Published: 10/15/2007 Article Title: Home Depot Laptop With Personal Employee Data Stolen Article URL: http://www.thebostonchannel.com/news/14353117/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071018-01 University of Cincinnati OH Electronic Educational Yes - 7,366 Published #

An encoded Flash drive was stolen from an employee's desk at the University of Cincinnati. Data included SSNs of more than 7,000 current and former students. Identity Theft Resource Center Report Date: 12/31/2007 Page 36 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: WLWT 5 NewsAuthor: staff Date Published: 10/17/2007 Article Title: Thief Walks Off With ID Data On Former UC Students Article URL: http://www.wlwt.com/news/14363019/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071016-02 Kiski Area School District PA 10/6/2007Electronic Educational Yes - 0 Unknown #

A laptop was stolen from an Kiski School District administrator's car and may have had SSNs for some teachers and administrators according to Asst. Superintendent James Dick.

Attribution 1 Publication: Valley News DispatchAuthor: Michael Aubele Date Published: 10/16/2007 Article Title: Laptop stolen with Kiski Area staff info Article URL: http://www.pittsburghlive.com/x/tribunereview/news/westmoreland/s_532887.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071016-01 Louisiana Office of Student LA 9/19/2007Electronic Educational None - 0 Financial Assistance Other Protection Iron Mountain has notified LOSFA that it lost back-up media. The lost media includes some personal information on individuals that participated in or considered participating in the programs administered by LOSFA. The data is compressed and requires special software, specific computer equipment and sophisticated computer skills to access it. LOSFA urges anyone who falls into the following categories to go to http://www.osfa.la.gov/Notice.htm or to call (1-800-645-7990) to learn more about the breach.

Attribution 1 Publication: Houston ChronicleAuthor: Associated Press Date Published: 10/17/2007 Article Title: 9 years of La. applicants' data lost Article URL: http://www.chron.com/disp/story.mpl/ap/nation/5222008.html

Attribution 2 Publication: KATC 3Author: staff Date Published: 10/15/2007 Article Title: Office of financial aid loses back up info Article URL: http://www.katc.com/Global/story.asp?S=7217462

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071015-08 Administaff Inc TX 10/3/2007Electronic Business Yes - 159,000 (Password) **ITRC does not consider a password adequate protection for breached data. A password protected laptop of Administaff, a HR company, was reported missing on Oct. 3rd. It included the names, addresses and SSNs for onsite employees paid in 2006. The records include 96,000 former employees and 63,000 current employees.

Attribution 1 Publication: ComputerworldAuthor: Jaikumar Vijayan Date Published: 10/17/2007 Article Title: Stolen laptop prompts Administaff to alert 159,000 of possible breach Article URL: http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=privacy&articleId=904302

Attribution 2 Publication: Houston ChronicleAuthor: AP Date Published: 10/15/2007 Article Title: Administaff Laptop With Info Missing Article URL: http://www.chron.com/disp/story.mpl/ap/fn/5216053.html Identity Theft Resource Center Report Date: 12/31/2007 Page 37 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details. Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071015-07 Transportation Security US 10/12/2007Electronic Government/Military Yes - 3,930 Admin. Published #

Two laptops belonging to a contractor are missing and considered stolen. They included the names, commercial driver's license numbers and in some cases SSNs of commercial drivers who transport hazardous materials. Earlier this year, TSA lost a computer hard drive with sensitive bank and payroll data for 100,000 employees. The hard drive contained historical payroll data, Social Security numbers, dates of birth, addresses, time and leave data, bank account and routing information, and details about financial allotments and deductions.

Attribution 1 Publication: Associated PressAuthor: Eileen Sullivan Date Published: 10/15/2007 Article Title: TSA Laptops with Personal Info Missing Article URL: http://ap.google.com/article/ALeqM5jVsQSGHmxE5jv_4QU9UxSKo2ggGQD8S9SORO3

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071015-06 Blessing Hospital IL 9/17/2007Paper Data Medical/Healthcare Yes - 230 Published #

According to a letter sent to the college's more than 230 students, Brown said that on Sept. 19, a Blessing Hospital employee printed out a list of Blessing-Rieman students with their Social Security numbers to help students gain entry into a clinical database. Brown said the employee intended to destroy the list after she completed the task but stopped to help a patient and inadvertently left the list in the patient's room. It was later found by a housekeeper.

Attribution 1 Publication: Herald WhigAuthor: Kelly Wilson Date Published: 10/10/2007 Article Title: Student IDs breached at Blessing Hospital Article URL: http://www.whig.com/299826675187061.php

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071015-05 University of Texas TX 9/25/2007Electronic Educational Yes - 22 Published #

Personal information, including Social Security numbers of 22 current and former students, was posted and available to access on a university FTP site in late September. All the students impacted were enrolled in a petroleum and geosystems class during the summers of 2001 and 2002.

Attribution 1 Publication: KXANAuthor: Date Published: Article Title: UT Students' Personal Information Accessible On FTP Article URL: http://www.kxan.com/Global/story.asp?S=7197865

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071015-04 Applera US 8/9/2007Electronic Business Yes - 0 Unknown #

A briefcase was stolen on August 9 from an employee of Applera. The briefcase contained at least one file with the names and SSNs of some employees.

Attribution 1 Publication: pogowasrightAuthor: pogowasright Date Published: 10/11/2007 Article Title: Applera employees at risk of ID theft after laptop stolen from an employee's car Article URL: http://doj.nh.gov/consumer/pdf/applera.pdf Identity Theft Resource Center Report Date: 12/31/2007 Page 38 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071015-03 Cotton Patch Restaurant TX 6/1/2007Electronic Business Yes - 140 Published #

The United Postal Service is closing its investigation of the theft of 140 victims of stolen credit cards. All victims had eaten at the Cotton Patch during the summer. It is not know how the numbers were accessed or how the thieves were able to make purchases in several locations including in Europe. At this time no employee is being held responsible. "Information compiled during the investigation revealed that protective measures were not adequately implemented on the restaurant's computer system, a vulnerability that exposed hundreds of customers' personal data to hackers all over the world."

Attribution 1 Publication: Daily SentinelAuthor: Matthew Stoff Date Published: 10/12/2007 Article Title: Dinner, with a side of I.D. theft Article URL: http://www.dailysentinel.com/news/content/news/stories/2007/10/12/cotton_patch_1012.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071015-02 Montana State University MT Electronic Educational None - 0 Encrypted Data A hacker remotely accessed a server that housed records containing credit card numbers and SSNs of students who enrolled online for extended university courses during the last 2 years. The data in question is encrypted.

Attribution 1 Publication: The Billings OutpostAuthor: staff Date Published: 10/13/2007 Article Title: MSU computers hacked Article URL: http://newbillingsoutpost.com/news//index.php?option=com_content&task=view&id=19799&Itemid=27

Attribution 2 Publication: MSU News ServiceAuthor: staff Date Published: 10/13/2007 Article Title: MSU computers hacked Article URL: http://newbillingsoutpost.com/news//index.php?option=com_content&task=view&id=19799&Itemid=27

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071015-01 King County Transportation WA 9/28/2007Electronic Government/Military Yes - 1,400 Dept. (Password) **ITRC does not consider a password adequate protection for breached data. A password protected laptop with the information of 1400 current and former employees has been stolen. The information included names and SSNs and was not encrypted. It was stolen on Sept 28 during a home burglary. The affected employees work or worked in the Roads, Airport and Fleet divisions.

Attribution 1 Publication: Seattle TimesAuthor: Keith Ervin Date Published: 10/12/2007 Article Title: County workers' data on stolen laptop Article URL: http://seattletimes.nwsource.com/html/localnews/2003944263_missingdata12m.html Identity Theft Resource Center Report Date: 12/31/2007 Page 39 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Anyone who worked for or volunteer for the Pembroke schools in the last four years has been exposed to a data breach that includes, names and SSNs. It was available on the Internet from May until October 2, 2007. School officials attributed the security breach to a problem with data storage within the district’s computer system.

Attribution 1 Publication: The Patriot LedgerAuthor: Sydney Schwartz Date Published: 10/9/2007 Article Title: School Web site breached? Personal info of Pembroke workers, volunteers accessible for months Article URL: http://www.patriotledger.com/articles/2007/10/09/news/news01.txt

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071009-05 Tennessee students TN 8/28/2007Electronic Educational Yes - 5,247 Published #

A man working on a dissertation accidentally posted SSNs and names of more than 5000 students and several hundred teachers. The website has since been taken down. A third file contained information but no SSNs.

Attribution 1 Publication: WATE KnoxvilleAuthor: staff Date Published: 10/3/2007 Article Title: Personal info for thousands of Tenn. students accidentally put online Article URL: http://www.wate.com/Global/story.asp?S=7164247&nav=E8Yv

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071009-04 Pfizer- Wheels, Inc. US 9/25/2007Electronic Business Yes - 1,800 Published #

Wheels Inc which provides cars to the spouses and domestic partners of about 1,800 Pfizer employees had a breach caused by a temporary encryption error which released the names, addresses, birth dates and driver's license numbers of the affected individuals.

Attribution 1 Publication: The Day, ConnecticutAuthor: Lee Howard Date Published: 10/9/2007 Article Title: Pfizer Employee Data Released by Outside Company Article URL: http://www.theday.com/re.aspx?re=4736b536-0db1-468e-be25-af1d3db485fc

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071009-03 Commerce Bank KS Electronic Banking/Credit/Financial Yes - 20 Published #

Personal data for 20 customers were compromised in an attempted hacking on a computer system. The regional bank quickly shut the system down after detecting the hacking.

Attribution 1 Publication: Ozark BusinessAuthor: Dirk VanderHart Date Published: 10/10/2007 Article Title: Hackers breach bank's security Article URL: http://www.news-leader.com/apps/pbcs.dll/article?AID=/20071010/BUSINESS/710100327/1092 Identity Theft Resource Center Report Date: 12/31/2007 Page 40 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 2 Publication: Wichita EagleAuthor: Jerry Siebenmark Date Published: 10/9/2007 Article Title: Hackers breach Commerce system Article URL: http://www.kansas.com/business/updates/story/196130.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071009-02 Semtech CA 9/20/2007Electronic Business Yes - 0 Unknown #

An undisclosed vendor has lost a laptop that contained personal information for Semtech's US employees in late September. The company declined to say how many of its 690 employees may be affected.

Attribution 1 Publication: Pacific Coast Business TimesAuthor: Stephen Nellis Date Published: 10/8/2007 Article Title: Semtech faces identity-theft threat Article URL: http://www.pacbiztimes.com/index.cfm?go2=articles/wk_100807b

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071009-01 Carnegie Mellon University PA 9/2/2007Electronic Educational Yes - 0 Unknown #

On Sept. 2, two laptops were stolen from the office of a computer science professor that included student SSNs in unencrypted files. Students enrolled in courses taught by the faculty member between summer 2004 and spring 2006 could be affected

Attribution 1 Publication: The TartanAuthor: Ellen Tworkoski Date Published: 10/8/2007 Article Title: Professor's laptops stolen; contained unsecured student information Article URL: http://www.thetartan.org/2007/10/8/news/laptop

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071008-02 University of Iowa IA 9/15/2007Electronic Educational Yes - 100 (Password) **ITRC does not consider a password adequate protection for breached data. The University of Iowa is informing 184 former and current students that their grade information was contained on a laptop computer stolen from a former teaching assistant now living in Arizona. The theft of the computer, which occurred last month in a break-in of the instructor's home, contained class records of students who took his philosophy courses at the UI between 2002 and 2006. Social security numbers (SSNs) were also present in 100 of the records.

Attribution 1 Publication: Press CitizenAuthor: staff Date Published: 10/8/2007 Article Title: UI contacts former students after laptop theft Article URL: http://www.press-citizen.com/apps/pbcs.dll/article?AID=/20071008/NEWS01/71008002/1079 Identity Theft Resource Center Report Date: 12/31/2007 Page 41 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details. Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071008-01 Massachusetts Division of MA 9/11/2007Electronic Business Yes - 450,000 Professional Licensure Published #

Information held by the Massachusetts Division of Professional Licensure including names and SSNs was placed on 28 disks and mailed to agencies to be used as marketing or promotional tools in a response to a "public records request." The SSNs were accidentally included even policy is to not send them. More than 30 professions were involved including nursing home administrators, public accountants, plumbers, dentists, aestheticians, registered nurses and veterinarians. 2 disks still are lost in the mail and contain about 16,000 person's data. The others have been recovered but it is not know if anyone's personal information was compromised.

Attribution 1 Publication: Boston GlobeAuthor: Michael Naughton Date Published: 10/4/2007 Article Title: Data for 450,000 mistakenly released Article URL: http://www.boston.com/news/local/articles/2007/10/04/data_for_450000_mistakenly_released/

Attribution 2 Publication: Mass High Tech: Journal of New EnglanAuthor: Catherine Williams Date Published: 10/4/2007 Article Title: State security lapse leads to internal investigation Article URL: http://www.bizjournals.com/masshightech/stories/2007/10/01/daily34.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071005-01 Athens Regional Health GA 9/24/2007Electronic Medical/Healthcare Yes - 85 Service Published #

A computer missing from a Regional First Care clinic in Watkinsville held the personal information of more than 1,400 people, according to Athens Regional Health Services, the parent corporation of Athens Regional Medical Center and the clinic.

Workers at the 1010 Village Drive clinic first noticed on Sept. 24 that the Dell Optiplex GX-620 computer was missing.

The computer held Social Security numbers for 85 people, some health information for 545 people and the name, address and/or telephone numbers of 811 people, ARHS chief information officer Timothy Penning said in a news release Tuesday.

Attribution 1 Publication: On Line AthensAuthor: Lee Shearer Date Published: 10/2/2007 Article Title: Personal data was on missing ARMC server Article URL: http://www.onlineathens.com/stories/100307/news_20071003074.shtml

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071001-07 Venetian Casino Resort US 9/14/2007Electronic Business Yes - 0 Unknown #

The Venetian Casino Resort has learned that a former employee uploaded files belonging to the Venetian Resort including personal information and credit card information of individuals who stated at the Resort in 2005, including 14 New Hampshire residents.

Attribution 1 Publication: notification letterAuthor: Duane Morris LLP Date Published: 9/14/2007 Article Title: notification letter to NH Dept of Justice and Attorney General Article URL: http://doj.nh.gov/consumer/pdf/Venetian.pdf Identity Theft Resource Center Report Date: 12/31/2007 Page 42 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Nature Conservancy, a nonprofit, was the victim of a hacking incident that compromised the security of names, SSNs, and possible financial account information. For questions, contact 970-221-2939 (Katherine Runnels, Sr. Atty, Nature Conservancy). A letter has been sent out to affected individuals. UPDATE: Reports by several papers state that 14,000 people were affected. ITRC called the Conservancy's senior attorney and was told that updates may be coming but nothing is official other than 3,500 at this time.

Attribution 1 Publication: Nature ConservancyAuthor: breach letter Date Published: 9/24/2007 Article Title: Breach notification letter to NH Attorney General Article URL: http://doj.nh.gov/consumer/pdf/nature.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071001-05 Brick Township NJ 9/19/2007Electronic Government/Military Yes - 0 Unknown #

A computer disc with township personnel records was among the items taken Sept. 19 from a home of a township employee, Capt. John Rein said Sunday. The Business Administrator has warned employees to monitor "personal affairs."

Attribution 1 Publication: Asbury Park PressAuthor: Margaret Bonafide Date Published: 10/1/2007 Article Title: Stolen disc has data on personnel Article URL: http://www.app.com/apps/pbcs.dll/article?AID=/20071001/NEWS02/710010351/1070/NEWS02

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071001-04 Invision HR Staffing Group GA 9/29/2007Paper Data Business Yes - 0 Unknown #

Sensitive documents including SSNs were found in a strip mall in Morrow. They appear to be from the Invision HR Staffing Group which has changed its name and moved to College Park.

Attribution 1 Publication: !! AliveAuthor: Deloris Keith Date Published: 10/1/2007 Article Title: Trashed Documents Create ID Scare Article URL: http://www.11alive.com/news/article_news.aspx?storyid=103923

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071001-03 Wayne County MI Electronic Government/Military Yes - 0 Unknown #

The personal information of several Wayne County employees has been used to commit identity theft. The county authorities believe that at least one county employee is responsible for the thefts.

Attribution 1 Publication: Detroit NewsAuthor: Robert Snell Date Published: 9/30/2007 Article Title: Wayne County warns employees of ID theft Article URL: http://www.detnews.com/apps/pbcs.dll/article?AID=/20070930/UPDATE/709300372/1409/METRO Identity Theft Resource Center Report Date: 12/31/2007 Page 43 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Documents including SSNs were found in a dumpster at the site of the former Shelton Intermediate School, now under renovation. While the papers were to be shredded, it is uncertain why that was not done.

Attribution 1 Publication: Eyewitness News WFSBAuthor: Katy Zachry Date Published: 9/29/2007 Article Title: Classified Papers Found In Dumpster Article URL: http://www.wfsb.com/news/14233338/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20071001-01 Gap Inc. US 9/19/2007Electronic Business Yes - 800,000 Published #

The Gap had two laptops containing the personal information of certain job applicants including SSNs stolen from the offices of a third-party vendor that managers job applicant data for Gap. Personal data for approximately 800,000 people who applied online or by phone for store positions at one of Gap Inc.'s brands between July 2006 and June 2007 was contained on the stolen laptop. Contrary to the company's agreement with the vendor, the information on the laptop was not encrypted. Since the Gap uses more than one vendor not all applicants are involved. Those who applied online or by phone for a job with the company between July 2006 and June 2007 are encouraged to contact the Gap Inc. Security Assistance Helpline at 1-866-237-4007.

Attribution 1 Publication: PR NewswireAuthor: staff Date Published: 9/28/2007 Article Title: Laptop Computer Stolen From Vendor That Manages Job Applicant Data for Gap Inc. Article URL: http://money.cnn.com/news/newsfeeds/articles/prnewswire/AQF07328092007-1.htm

Attribution 2 Publication: Info WorldAuthor: Robert McMillian, IDG Date Published: 9/28/2007 Article Title: Gap contractor blamed for data breach Article URL: http://www.infoworld.com/article/07/09/28/Gap-contractor-blamed-for-data-breach_1.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070927-01 E-Bay US 9/25/2007Electronic Business Yes - 1,200 Published #

Hackers posted 1,200 eBay users including some credit card numbers on an official online forum dedicated to fraud prevention on the auction site. It was up for about 90 minutes. An eBay spokesperson said the posts were most likely the result of account takeovers and not a security breach on eBay.

Attribution 1 Publication: The Register-UKAuthor: Dan Goodin in San Fr Date Published: 9/25/2007 Article Title: eBay forum mysteriously leaks account details on 1,200 users Article URL: http://www.theregister.co.uk/2007/09/25/ebay_account_details_published/

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070926-01 Utah Dept. of Workforce UT 9/24/2007Electronic Government/Military Yes - 2,000 (Password) **ITRC does not consider a password adequate protection for breached data. A password-protected laptop computer with a spreadsheet containing the Social Security numbers and other personal information of about 2,000 people was reported stolen today by the Utah Department of Workforce Services. Identity Theft Resource Center Report Date: 12/31/2007 Page 44 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Deseret Morning NewsAuthor: staff Date Published: 9/24/2007 Article Title: Workforce Services laptop with personal information stolen Article URL: http://deseretnews.com/article/1,5143,695212876,00.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070924-13 Ramsey County, Minnesota MN 6/10/2007Electronic Government/Military Yes - 584 Published #

584 county employees were told that their SSNs were on the back-up tape that had been stolen from an Ohio's intern's car this summer. More than 1.3 million individuals, businesses and other entities have been affected by the breach so far in Ohio, Connecticut and now Minnesota.

Attribution 1 Publication: Columbus DispatchAuthor: Mark Niquette Date Published: 9/22/2007 Article Title: THEFT FROM STATE INTERN'S CAR Article URL: http://www.columbusdispatch.com/live/content/local_news/stories/2007/09/22/datamore.ART_ART_09-22-07_B3_I87

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070924-12 Gary Indiana IN 9/18/2007Paper Data Government/Military Yes - 0 Unknown #

Gary, Indiana officials have now secured a cache of city records that included personal information and SSNs after notification by the Times. The records were outside of a building that had not be used by the city for several years.

Attribution 1 Publication: NWI TimesAuthor: Bill Dolan Date Published: 9/18/2007 Article Title: Gary secures records with sensitive data that workers abandoned Article URL: http://www.thetimesonline.com/articles/2007/09/18/news/lake_county/docb819ab879f0402e98625735900821359.txt

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070924-11 West Mifflin Schools PA 8/1/2007Electronic Educational Yes - 0 Unknown #

The West Mifflin Area School District has advised teachers and bus drivers that a laptop computer containing their names, Social Security numbers and driver-license numbers was stolen from the car of an auditor with the state Auditor General's office.

Attribution 1 Publication: Pittsburgh Tribune ReviewAuthor: staff Date Published: 9/22/2007 Article Title: Stolen laptop has IDs of West Mifflin teachers, bus drivers Article URL: http://www.pittsburghlive.com/x/pittsburghtrib/news/cityregion/s_528882.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070924-10 Presbyterian Hospital in TX 9/5/2007Electronic Medical/Healthcare Yes - 8,300 Dallas Published #

A former billing worker stole un unknown amount of credit card numbers. The hospital discovered the theft after a patient's loved one called its hotline. Kristina Garcia handled 300 credit card transactions via phone and computer access to files of more than 8,000 patients. Identity Theft Resource Center Report Date: 12/31/2007 Page 45 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: My Fox DallasAuthor: Kristina Garcia Date Published: 9/20/2007 Article Title: Hospital Issues ID Theft Warning Article URL: http://www.myfoxdfw.com/myfox/pages/News/Detail?contentId=4414682&version=2&locale=EN-US&layoutCode=TS

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070924-09 Central Piedmont Community NC 9/1/2007Electronic Educational Yes - 2,600 College Published #

A possible security breach at Central Piedmont Community College has officials there taking precautions, as a former employee of the college may have accessed private employee information like social security numbers, birth dates and addresses. Thursday, an email was sent out to nearly 2,600 employees, warning them of the possible incident.

Attribution 1 Publication: News 14 CarolinaAuthor: Lisa Reyes Date Published: 9/21/2007 Article Title: Suspected security breach at CPCC Article URL: http://news14.com/content/headlines/587477/suspected-security-breach-at-cpcc/Default.aspx

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070924-08 University of Kansas KS Paper Data Educational Yes - 0 Unknown #

It is unclear how many student documents, including financial aid applications, have been mishandled and dumped without shredding for years at the University of Kansas according to allegations by the Lawrence Journal-World who received information about these activities. “Clearly this information was not properly handled, we’re in full agreement with that,” said Lynn Bretz, director of University Communications at KU. “We are asking anyone with records, please return them to us.”

Attribution 1 Publication: Kansas City StarAuthor: Laura Bauer Date Published: 9/19/2007 Article Title: KU investigating release of personal information Article URL: http://www.kansascity.com/news/breaking_news/story/282051.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070924-07 Vertical Web Media US 8/29/2007Electronic Business Yes - 0 Unknown #

"Vertical Web Media's president says hackers breached the company's network even though patches were up-to- date and defenses were in place. They are the publisher of Internet Retailer. Despite running what he thought was a well-secured network, the president of a publishing company has disclosed that a "coordinated and sophisticated" group of hackers broke in and stole customers' credit card information. Vertical Web Media said its network was breached in August and hackers made off with customers' names, addresses, phone numbers and e-mail addresses, along with credit card numbers and expiration dates".

Attribution 1 Publication: Information WeekAuthor: Sharon Gaudin Date Published: 9/19/2007 Article Title: 'Coordinated' Hackers Steal Internet Retailer Customer Credit Cards Article URL: http://www.informationweek.com/news/showArticle.jhtml?articleID=201807539 Identity Theft Resource Center Report Date: 12/31/2007 Page 46 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Using a library computer a former Chester County Hospital employee bought more than $12,000 worth of merchandise from information he stole from about 150 patients who paid for services at the hospital. He worked in the billing department.

Attribution 1 Publication: NBC10Author: staff Date Published: 9/20/2007 Article Title: Hospital Worker Steals 150 IDs, Makes $12K In Purchases Article URL: http://www.nbc10.com/news/14159176/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070924-05 Century 21 -Vegas NV 9/18/2007Paper Data Business Yes - 0 Unknown #

Hundreds of paper files with personal financial information were discovered in a dumpster and included bank account information. Most of the files were from the late 1990's and were from a Century 21 company that is moving.

Attribution 1 Publication: Las Vegas NowAuthor: Chris Saldana Date Published: 9/18/2007 Article Title: Dumpster Full of Personal Information Discovered Article URL: http://www.klas-tv.com/Global/story.asp?S=7091061

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070924-04 Albert Einstein Medical PA 1/1/2007Electronic Medical/Healthcare Yes - 300 Center Published #

Police arrested a woman charged with identity theft last Thursday after they discovered more than $10,000 worth of stolen merchandise. According to Capt. John Gallagher of the major crimes unit, Samia Morse, 27, worked in the administration department of Albert Einstein Medical Center until January of this year. Morse "got actual, original copies of patient information." During her employment, she had access to hundreds of patient files, many of which she stole for their identities, to purchase thousands of dollars worth of clothes and accessories from the Neiman Marcus department store. Many of the victims were elderly, some 70 or older, who, according to police, are likely targets because of their vulnerability.

Attribution 1 Publication: Evening BulletinAuthor: Jenny DeHuff Date Published: 9/18/2007 Article Title: South Philadelphia Woman Charged With Identity Theft Article URL: http://www.thebulletin.us/site/news.cfm?newsid=18827552&BRD=2737&PAG=461&dept_id=576361&rfi=6

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070924-03 Queens-University of NC 9/17/2007Electronic Educational Yes - 623 Charlotte Published #

A university employee accidentally sent an email with all the students' addresses and SSNs in an attempt to notify them about a financial aid opportunity. Identity Theft Resource Center Report Date: 12/31/2007 Page 47 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: WCNCAuthor: MARIO ROLDAN Date Published: 9/18/2007 Article Title: Students at risk for ID theft after e-mail Article URL: http://www.wcnc.com/news/local/stories/wcnc-091707-jmn-queens_emails.e20c08d2.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070924-02 ABN Amro Mortgage Group - FL 9/20/2007Electronic Banking/Credit/Financial Yes - 5,208 Citigroup Published #

Three spreadsheets with more than 5,000 SSNs about ABN Amro Mortgage Group, a subsidiary of Citigroup, was leaked via an online file-sharing network by a Florida former employees using BearShare and LimeWire. Tiversa is heading the investigation.

Attribution 1 Publication: eWeekAuthor: Lisa Vaas Date Published: 9/21/2007 Article Title: Citigroup Customer Data Leaked on LimeWire Article URL: http://www.channelinsider.com/article/Citigroup+Customer+Data+Leaked+on+LimeWire/215728_1.aspx

Attribution 2 Publication: Yahoo NewsAuthor: Anick Jesdanun Date Published: 9/21/2007 Article Title: Mortgage data leaked over file network Article URL: http://news.yahoo.com/s/ap/20070921/ap_on_hi_te/file_sharing_leak

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070924-01 City of Columbus, OH OH Electronic Government/Military Yes - 3,500 (Password) **ITRC does not consider a password adequate protection for breached data. People who had signed up for the Columbus city's mobile tool library SSNs were stolen when 3 computers were taken from a warehouse.

Attribution 1 Publication: WTOLAuthor: AP Date Published: 9/21/2007 Article Title: City: Stolen computers held personal information on 3,500 people Article URL: http://www.wtol.com/Global/story.asp?S=7108269

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070917-06 Carmel High School CA 3/22/2007Electronic Educational Yes - 0 Unknown #

A Carmel High school student has been charged with three felony counts for "computer crimes." The student was charged Wednesday after a nearly six-month investigation into illegally obtained records from school computers, according to police. The two students involved had acquired SSNs and other employee information on every employee in the district.

Attribution 1 Publication: Monterey HeraldAuthor: staff Date Published: 9/13/2007 Article Title: Student charged in data theft Article URL: http://www.montereyherald.com/local/ci_6880028?nclick_check=1 Identity Theft Resource Center Report Date: 12/31/2007 Page 48 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details. Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070917-05 University of Michigan clinics MI 9/6/2007Electronic Medical/Healthcare Yes - 8,585 (Password) **ITRC does not consider a password adequate protection for breached data. The U-M is sending letters today Friday to 4,513 people whose patient records included their names, addresses and medical information used in billing. Another 4,072 people will receive a different version of the letter because their records also included their Social Security numbers. The tapes contained patient records as a backup to a billing system. They were kept in a lock box in an administrative office at the U-M School of Nursing. The tapes can only be read with the right type of equipment. The records were those of patients who had visited two U-M Health System nurse-managed clinics in Ann Arbor - the Community Family Health Center at 1230 N. Maple and the North Campus Family Health Service at 2364 Bishop St. Some of the patient records are eight years old.

Attribution 1 Publication: Michigan DailyAuthor: Emily Barton Date Published: 9/19/2007 Article Title: Sensitive patient data stolen from nursing building Article URL: http://media.www.michigandaily.com/media/storage/paper851/news/2007/09/19/Crime/Sensitive.Patient.Data.Stolen.

Attribution 2 Publication: mLive-Everything MichiganAuthor: Dave Gershman Date Published: 9/13/2007 Article Title: Tapes containing patient records stolen from U-M Article URL: http://blog.mlive.com/annarbornews/2007/09/tapes_containing_patient_recor.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070917-04 Kraft-Affiliated Computer NH 8/31/2007Electronic Business Yes - 95 Services Published #

Affialiated Computer Services which provides prescription drugs through Caremark has misplace a backup tape that contained names and SSNs for current and former Kraft employees. This is the 7th breach caused by ACS.

Attribution 1 Publication: pogowasrightAuthor: Kraft disclosure letter Date Published: 9/14/2007 Article Title: Lost Affiliated Computer Services tape contained data on Kraft Foods employees Article URL: http://doj.nh.gov/consumer/pdf/Kraft.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070917-03 Printpack GA 8/20/2007Electronic Business Yes - 0 Unknown #

In mid-August a computer was stolen from Printpack's Finance Department which included current and former employee SSNs, and other information used for tax and human resources purposes. The URL below is the letter to the Attorney General notifying them of the breach

Attribution 1 Publication: pogowasrightAuthor: letter from company t Date Published: 9/14/2007 Article Title: Computer stolen from Printpack headquarters contained personal details on current and former employees Article URL: http://doj.nh.gov/consumer/pdf/Printpack.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070917-02 Voxant US 8/31/2007Electronic Banking/Credit/Financial Yes - 4,500 Published #

Server hack compromises Voxant online store: Hackers breached the e-commerce server of Voxant and stole the access key to the application database which was encrypted. At risk is credit card numbers for about 4500 people. Identity Theft Resource Center Report Date: 12/31/2007 Page 49 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Breach Blog/ SC MagazineAuthor: Dan Kaplan Date Published: 9/14/2007 Article Title: Letter to the state Attorney General of New Hampshire Article URL: http://doj.nh.gov/consumer/pdf/Voxant.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070917-01 Tennessee Tech University TN 9/11/2007Electronic Educational Yes - 3,100 Published #

On Tuesday, Sept. 11, a technical problem in the way student bills are printed resulted in the chance that some student social security numbers and personal identification numbers may have been sent to another student's address. While the university suspects the number of records made vulnerable is relatively small, campus officials preferred to err on the side of warning all 3,100 individuals who might have been mailed a bill on that date.

Attribution 1 Publication: Herald CitizenAuthor: staff Date Published: 9/14/2007 Article Title: Technical glitch could make personal data for some TTU students vulnerable Article URL: http://www.herald-citizen.com/NF/omf.wnm/herald/news_story.html?rkey=0046193+cr=gdn

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070911-02 TennCare-Americhoice Inc. TN 7/19/2007Electronic Medical/Healthcare Yes - 67,000 Published #

A CD containing the identifying information of 76,000 TennCare enrollees disappeared on July 19 in Knoxville. The data included names SSNs, birthdays and addresses. Customers in all 18 East Tennessee counties are affected.

Attribution 1 Publication: WATEAuthor: Erica Estep Date Published: 9/12/2007 Article Title: TennCare provider loses patient information on thousands Article URL: http://www.wate.com/global/story.asp?s=7054941&ClientType=Printable

Attribution 2 Publication: WATEAuthor: staff Date Published: 9/10/2007 Article Title: TennCare provider loses patient information on thousands Article URL: http://www.wate.com/Global/story.asp?S=7054941&nav=menu7_2_1

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070911-01 Pennsylvania Public Welfare PA 8/22/2007Electronic Government/Military Yes - 2,000 Department (Password) **ITRC does not consider a password adequate protection for breached data. Two computers containing the medical histories of more than 300,000 state Public Welfare recipients were stolen from an office in the former Harrisburg State Hospital. Only full names and SSNs of 2000 were at risk. The others were identified by codes

Attribution 1 Publication: Patriot NewsAuthor: JAN MURPHY Date Published: 9/11/2007 Article Title: Computers stolen from welfare office Article URL: http://www.pennlive.com/midstate/patriotnews/article121468.ece - story Identity Theft Resource Center Report Date: 12/31/2007 Page 50 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Gander Mountain Company today announced that computer equipment, containing certain customer transaction information relating to a single store in Pennsylvania, is missing and may have been stolen. This includes credit card and check numbers. The transaction data relates only to customers who conducted business with the Gander Mountain store located in Greensburg, PA, during the period from July 2002 through June 2007.

Attribution 1 Publication: WTAE TVAuthor: staff Date Published: 9/11/2007 Article Title: Greensburg Gander Mountain Announces Theft Of Customer Info Article URL: http://www.thepittsburghchannel.com/news/14092404/detail.html

Attribution 2 Publication: CNNAuthor: PR Newswire Date Published: 9/10/2007 Article Title: Gander Mountain Announces Possible Theft of Pennsylvania Store Computer; Customers of the PA Store Could Be Affecte Article URL: http://money.cnn.com/news/newsfeeds/articles/prnewswire/AQM90510092007-1.htm

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070910-07 Purdue University IN 8/15/2007Electronic Educational Yes - 111 Published #

Students who took Animal Sciences 102 in 2004 may have had their information including SSNs posted on a server connected to the Internet. The document was found recently through an internal search and reported to the chief information security officer at Purdue.

Attribution 1 Publication: Indy StarAuthor: staff Date Published: 9/10/2007 Article Title: Purdue tells students of compromised info Article URL: http://www.indystar.com/apps/pbcs.dll/article?AID=/20070910/BUSINESS/70910019/1003

Attribution 2 Publication: Purdue News ServiceAuthor: Date Published: 9/10/2007 Article Title: Purdue University warns of possible computer security breach Article URL: http://www.jconline.com/apps/pbcs.dll/article?AID=/20070910/NEWS09/70910012

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070910-06 Veteran Affairs Medical WV 9/3/2007Electronic Medical/Healthcare Yes - 700 Center in Martinsburg Published #

"Susan Anderson, vice president of the National Association of Government Employees and president of the local chapter, said she was notified last week that mail was sent to as many as 700 employees last week with their Social Security numbers visible to all who saw the envelopes." The HR department mailed out the SF 50's forms, used by the government to notify individuals of personnel actions. However, they were misfolded in such a way that the name and SSN were visible through the envelope's window.

Attribution 1 Publication: The JournalAuthor: Naomi Smoot Date Published: Article Title: Data breach hits VA center Article URL: http://www.journal-news.net/news/articles.asp?articleID=11779 Identity Theft Resource Center Report Date: 12/31/2007 Page 51 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

A former store manager told a news station that Family Video Stores had a habit of keeping private information of employees and applicants in the public restroom. This included SSNs. She said people who applied and worked at stores in Altoona, Latrobe, Somerset, Greensburg and Indiana had sensitive information in boxes in the restrooms and could be at risk for identity theft.

Attribution 1 Publication: Channel 6 News-WJAC TVAuthor: staff Date Published: 9/5/2007 Article Title: Private Files Left In Bathrooms At More Than One Store Article URL: http://www.wjactv.com/news/14053118/detail.html

Attribution 2 Publication: WJAC TVAuthor: staff Date Published: 9/4/2007 Article Title: Private Information Found In Public Restroom Article URL: http://www.wjactv.com/news/14044629/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070910-04 Brevard Public Schools FL 8/19/2007Electronic Educational Yes - 61 Published #

Personal information of 61 Brevard Public School employees may be in danger due to the loss of luggage by a state auditor. The bag went missing during an Aug 19th Delta Airlines flight. The material was being used for a routine audit. The flight stopped several places in Florida and then went to Melbourne, Australia. The bag has not been found yet.

Attribution 1 Publication: Florida TodayAuthor: Kimberly Moore Date Published: 9/4/2007 Article Title: Lost luggage has info on 61 school workers Article URL: http://www.floridatoday.com/apps/pbcs.dll/article?AID=/20070904/NEWS01/709040325/1006

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070910-03 McKesson Pharmaceuticals US 7/16/2007Electronic Medical/Healthcare Yes - 0 Unknown #

McKesson is alerting thousands of its patients is at risk after the theft of 2 computers which housed information including SSNs and medical information. The loss appears to affect both current and former patients. "The company representative said it's not clear if the data on the machines was encrypted. "

Attribution 1 Publication: InformationWeekAuthor: Sharon Gaudin Date Published: 9/7/2007 Article Title: McKesson: Stolen Computers Contain Patient Information Article URL: http://www.informationweek.com/news/showArticle.jhtml?articleID=201804872

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070910-02 De Anza College CA 8/24/2007Electronic Educational Yes - 4,375 (Password) **ITRC does not consider a password adequate protection for breached data. A theft of a math professor's laptop may put 4375 students and former students' information at risk for identity theft, including in many cases SSNs. According to one source the laptop and file were password protected. Anyone who took a mathematics class at De Anza between 1991 and 2003 and from 2005 through this year can contact De Anza's Dean of Admissions & Records Kathleen Moberg at mobergkathleenfhda.edu or 408-864- 8292 to learn if their information was contained on the stolen laptop. Identity Theft Resource Center Report Date: 12/31/2007 Page 52 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: San Jose Mercury NewsAuthor: Sharon Noguchi Date Published: 9/8/2007 Article Title: Foothill-De Anza College District reviews data policy after laptop theft Article URL: http://www.mercurynews.com/valley/ci_6836567?nclick_check=1

Attribution 2 Publication: Mercury NewsAuthor: Sean Webby Date Published: 9/7/2007 Article Title: Stolen laptop contained data on De Anza students Article URL: http://www.mercurynews.com/crime/ci_6825076?nclick_check=1

Attribution 3 Publication: NBC 11 San FranciscoAuthor: staff Date Published: 9/6/2007 Article Title: More Than 4,000 De Anza Students At Risk For ID Theft, School Says Article URL: http://www.nbc11.com/news/14063454/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070910-01 University of South Carolina SC 8/31/2007Electronic Educational Yes - 1,482 Published #

Student files were found on a public website which included some SSNs, test scores and grades. The breach involved 1482 students and the school is now auditing the program to see how long the information was on the Internet, who may have accessed it and what was released. Liberty Coalition is taking credit for discovering the "disclosure."

Attribution 1 Publication: Charlotte ObserverAuthor: Associated Press Date Published: 9/6/2007 Article Title: USC investigates student information found on the Web Article URL: http://www.charlotte.com/205/story/266353.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070904-03 Pfizer breach #3 MI 7/10/2007Electronic Business Yes - 34,000 Published #

A breach that occurred last year was noticed on July 10th and includes the SSNS, bank account and credit card numbers of about 34000 Pfizer current and former employees in Michigan according to a letter sent to employees on August 24th. This is the third breach reported by Pfizer Inc this year.

Attribution 1 Publication: Detroit NewsAuthor: Eric Morath Date Published: 9/4/2007 Article Title: Pfizer workers' identities at risk Article URL: http://www.detnews.com/apps/pbcs.dll/article?AID=/20070904/BIZ/709040369/1003/METRO

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070904-02 Brookfield Town Hall MA 8/25/2007Electronic Government/Military Yes - 0 Unknown #

Burglars broke into Brookfield Town Hall late Tuesday or early Wednesday and stole a computer from the treasurer’s office that contained information about town employees. “Identity theft is the concern,” said James Allen, chairman of the Board of Selectmen. He said records of current and former town employees were stored on the computer. No information about residents was stored there.

Attribution 1 Publication: Worchester Gazette and Telegram NewAuthor: James F. Russell Date Published: 8/31/2007 Article Title: Worker data lost in theft- Computer taken in Brookfield Article URL: http://www.telegram.com/article/20070831/NEWS/708310683/1116 Identity Theft Resource Center Report Date: 12/31/2007 Page 53 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

A desktop computer with the personal information of patients including SSNs and medical histories was stolen mid-July according to hospital officials. The investigation is stated as the cause in the delay in notification. Update: Computer found

Attribution 1 Publication: Baltimore SunAuthor: Chris Emery Date Published: 9/4/2007 Article Title: Stolen Hopkins computer is returned- Lawyer, who learned location from client, returned property Article URL: http://www.baltimoresun.com/news/health/bal-computer0904,0,500185.story

Attribution 2 Publication: Baltimore SunAuthor: Chris Emery Date Published: 9/1/2007 Article Title: Hopkins reports theft of data Article URL: http://www.baltimoresun.com/news/health/bal-te.theft01sep01,0,1208422.story

Attribution 3 Publication: The ExaminerAuthor: Associated Press Date Published: 9/1/2007 Article Title: Computer with patient information stolen from Hopkins Hospital Article URL: http://www.examiner.com/a-911689~Computer_with_patient_information_stolen_from_Hopkins_Hospital.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070831-04 University of New Hampshire NH 4/17/2007Electronic Educational Yes - 29 Published #

The University of New Hampshire has notified the state that on or about April 17, 2007, a Microsoft Excel spreadsheet with names and SSN of 29 NH residents who are graduate students at the university was posted on the university web site. The error was detected on July 27th, but on August 9, UNH discovered that a copy was in Google's cache; cached copies were cleared by August 12.

Attribution 1 Publication: University of New HampshireAuthor: press release Date Published: 8/17/2007 Article Title: University of New Hampshire breach Article URL: http://doj.nh.gov/consumer/pdf/unh.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070831-03 AT&T US 7/27/2007Electronic Business Yes - 0 Unknown #

A laptop containing unencrypted personal data on current and former employees of the former AT&T Corp. was stolen recently from the car of an employee of a professional services firm doing work for the company. That theft prompted the company to notify an unspecified number of individuals about the potential compromise of their Social Security numbers, names and other personal details.

A spokesman for AT&T today confirmed the July 27 incident and said it affected only people who were employees of AT&T before it was acquired by SBC Communications Inc. in 2005 and became AT&T Inc. No data involving employees of SBC, BellSouth or Cingular was affected, the spokesman said.

Attribution 1 Publication: ComputerworldAuthor: Jaikumar Vijayan Date Published: 8/30/2007 Article Title: AT&T laptop theft exposes employee data Article URL: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9033813 Identity Theft Resource Center Report Date: 12/31/2007 Page 54 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Attribution 1 Publication: Baltimore SunAuthor: Jennifer Skalka Date Published: 8/30/2007 Article Title: MDE reports stolen laptop-Computer was taken from vehicle, contains information about people with state licenses Article URL: http://www.baltimoresun.com/news/local/bal-laptop0830,0,1752108.story

Attribution 2 Publication: ComputerworldAuthor: Jaikumar Vijayan Date Published: 8/30/2007 Article Title: AT&T laptop theft exposes employee data Article URL: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9033813

Attribution 3 Publication: Home Town AnnapolisAuthor: AP Date Published: 8/30/2007 Article Title: State officials report theft of laptop containing personal information Article URL: http://www.hometownannapolis.com/cgi-bin/read/2007/08_30-07/TOP

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070831-01 Connecticut Department of CT Electronic Government/Military Yes - 107,600 Revenue Services (Password) **ITRC does not consider a password adequate protection for breached data. A stolen laptop with the names and SSNs of 106,000 Connecticut taxpayers has initiated the notification of affected taxpayers. Update: The head of the state's tax-collection agency admitted to a legislative committee Monday that a laptop stolen from a department employee last month held banking information from more than 1,600 businesses — in addition to the identifying information on more than 106,000 individuals, which had already been reported.

Attribution 1 Publication: The DayAuthor: Ted Mann Date Published: 9/25/2007 Article Title: State Says Laptop Held Businesses' Banking Info Article URL: http://www.theday.com/re.aspx?re=6b84b76f-dd2a-4502-8a87-b816e20aa441

Attribution 2 Publication: Boston GlobeAuthor: Susan Haigh, AP Date Published: 9/24/2007 Article Title: Official: DRS worker could use laptop out of state, but not data Article URL: http://www.boston.com/news/local/connecticut/articles/2007/09/24/official_drs_worker_could_use_laptop_out_of_st

Attribution 3 Publication: WTNH- news 8Author: AP Date Published: 8/28/2007 Article Title: Computer stolen with state tax data for 106,000 residents Article URL: http://www.wtnh.com/Global/story.asp?S=6994392&nav=3YeX

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070827-10 Spotsylvania County VA 8/15/2007Electronic Government/Military Yes - 3,000 (Password) **ITRC does not consider a password adequate protection for breached data. Spotsylvania County, VA, officials have mailed letters warning about 3,000 current and former employees, residents and business owners that their personal information may be on a missing county-owned computer. It is believed that someone stole the laptop which included records for workers employed in the county in 2005, some business license information and resident personal property tax details.

Attribution 1 Publication: The Free Lance-StarAuthor: Dan Telvock Date Published: 8/25/2007 Article Title: Missing laptop spurs warning-County officials report possible security breach with missing computer Article URL: http://fredericksburg.com/News/FLS/2007/082007/08252007/311591 Identity Theft Resource Center Report Date: 12/31/2007 Page 55 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070827-09 Oklahoma Law Enforcement OK 8/24/2007Electronic Government/Military Yes - 0 Telecommunications System Unknown #

Someone hacked into 3 Oklahoma law enforcement computers putting SSNs potentially at risk. "Details of the extent of the security compromise remained sketchy Friday, but officials said only the Elk City and Eufaula police departments and the Kiowa County Sheriff Department were affected. The Department of Public Safety is urging anyone who has had contact with those agencies to check for any suspicious charges on credit cards or to obtain a credit report as soon as possible. Even people pulled over for a traffic stop but not given a ticket could be at risk."

Attribution 1 Publication: The OklahomanAuthor: Josh Rabe Date Published: 8/25/2007 Article Title: Breach puts information in peril Article URL: http://newsok.com/article/3110406/1187986334

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070827-08 OB-GYN Pittsburgh PA 8/20/2007Paper Data Medical/Healthcare Yes - 0 Unknown #

Medical records from a doctor who has left Pittsburgh were found by a dumpster. The doctor said they could not all fit into the recycle dumpster so they were left in boxes on the ground. The documents included thousands of old medical records from the early 1990's including patient histories and SSNs.

Attribution 1 Publication: Team 4- Pitsburgh ChannelAuthor: staff Date Published: 8/20/2007 Article Title: Medical Records, Social Security Numbers Found In Dumpster Article URL: http://www.thepittsburghchannel.com/print/13933726/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070827-07 Best Western Phoenix, AZ AZ 3/22/2007Paper Data Business Yes - 164 Published #

Guests of a Best Western Hotel in Phoenix may be victims of identity theft. Four individuals have been arrested for using documents from an on-site storage area that was dated between 2002-2006. Most of it is credit card information and several credit cards accounts have been fraudulently used. Customers are now just being notified.

Attribution 1 Publication: The Arizona RepublicAuthor: staff Date Published: 8/22/2007 Article Title: Customer data stolen from Valley hotel Article URL: http://www.azcentral.com/news/articles/0822swv-hoteltheft0822-ON.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070827-06 Verus- Holy Name Hospital NJ 8/21/2007Electronic Medical/Healthcare Yes - 0 Unknown # Identity Theft Resource Center Report Date: 12/31/2007 Page 56 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: pogowasright exclusiveAuthor: pogowasright Date Published: 8/21/2007 Article Title: Holy Name Hospital involved in Verus, Inc. incident Article URL: http://www.pogowasright.org/article.php?story=20070821164555196&query=Holy%2BName%2BHospital

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070827-05 Calif. Public Employees CA 8/22/2007Paper Data Government/Military Yes - 445,000 Retirement System Published #

445,000 California public retired employees had part or all of their SSNs printed on the mailing panel of brochures sent out for a an election to fill a vacancy on the board of CalPERPS.

Attribution 1 Publication: Sacramento BeeAuthor: Darrell Smith Date Published: 8/22/2007 Article Title: Apology sent over CalPERS privacy error Article URL: http://www.sacbee.com/111/story/338031.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070827-04 New York City Financial NY 8/20/2007Electronic Government/Military Yes - 280,000 Services Agency Published #

A laptop loaded with financial information on as many as 280,000 city retirees was stolen from a consultant who took the computer to a restaurant, city officials said. The private consultant to the New York City Financial Information Services Agency had access to personal data about members of various city pension systems, mayoral spokesman Jason Post said Wednesday. The consultant told authorities Monday the portable computer had been stolen.

Attribution 1 Publication: NewsdayAuthor: Associated Press Date Published: 8/23/2007 Article Title: Laptop with NYC retirees. finance data stolen Article URL: http://www.newsday.com/business/am-retiree0823,0,6813539,print.story

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070827-03 Loomis Chaffee School CT 8/2/2007Electronic Educational Yes - 0 Unknown #

A burglary earlier in August at Lomis Chaffee School has left the names and SSNs of several hundred past students vulnerable. "However, in an Aug. 3 e-mail Headmaster Wiegel sent to school staff, he wrote that while "much of the date is encrypted or password-protected, we cannot be certain that some data was not compromised by this theft."

Attribution 1 Publication: Journal InquiryAuthor: James White Date Published: 8/23/2007 Article Title: Loomis Chaffee grads warned about potential identity theft after thieves steal school computer equipment Article URL: http://www.journalinquirer.com/site/news.cfm?newsid=18740383&BRD=985&PAG=461&dept_id=569436&rfi=6 Identity Theft Resource Center Report Date: 12/31/2007 Page 57 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Personal records including addresses and Social Security numbers of more than 35,000 veterans and their families were stolen this month from the offices of a POW support organization in Texas, officials announced Friday. The break-in occurred at the group's Arlington office on either Aug. 11 or 12. Police records show thieves took a number of computer hard drives, mail, checks and other paper files. Those digital and paper records included information on the group's entire membership, including addresses, dates of birth, Social Security numbers and VA claims data. Department of Veterans Affairs officials also are involved in the investigation.

Attribution 1 Publication: Stars and StripesAuthor: Leo Shane III Date Published: 8/26/2007 Article Title: Personal data for 35,000 vets stolen Article URL: http://www.estripes.com/article.asp?section=104&article=48342

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070827-01 Freeman Health- Verus MO 4/13/2007Electronic Medical/Healthcare Yes - 0 Unknown #

Freeman Health System in Joplin Missouri confirmed that it was one of the hospitals affected when a Verus employee left a firewall down after transferring data from one server to another. The firewall error has affected all Verus Inc clients using the Vpac online payment system. The period for exposed data was from April 13 to May 22.

Attribution 1 Publication: pogowasright exclusiveAuthor: pogowas right Date Published: 8/24/2007 Article Title: Freeman Health System confirms Verus-related security breach Article URL: http://www.pogowasright.org/index.php?page=3

Attribution 2 Publication: Joplin GlobeAuthor: staff Date Published: 8/23/2007 Article Title: Freeman online payment system firewall deactivated: Hospital officials say no records exposed Article URL: http://www.joplinglobe.com/local/local_story_235160144.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070821-01 Walter Reed Army Institute of DC 8/17/2007Paper Data Medical/Healthcare Yes - 0 Research Unknown #

Boxes of documents containing personal information from Walter Reed Army Institute of Research were found off-base in a trash bin. They were supposed to be shredded. A resident found them and alerted police. The boxes have been returned to the Institute and are being audited. Most were from the late 1990's. They have not disclosed what personal information they contained.

Attribution 1 Publication: WJLAAuthor: staff Date Published: 8/21/2007 Article Title: Army Documents With Personal Data Found in Trash Bin Article URL: http://www.wjla.com/news/stories/0807/449095.html

Attribution 2 Publication: NBC 4- Maryland, DC, VirginiaAuthor: staff Date Published: 8/20/2007 Article Title: Walter Reed: Files Found In Dumpster Meant For Shredding Article URL: http://www.nbc4.com/news/13932874/detail.html Identity Theft Resource Center Report Date: 12/31/2007 Page 58 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details. Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070820-01 Board of Barbers and WV 8/17/2007Electronic Government/Military Yes - 0 Cosmetologists' Office Unknown #

Suspects who broke into the Board of Barbers and Cosmetologists' Office on Friday made off with personal information of nearly ever West Virginia barber and cosmetologist licensed since 1986, according to Larry Absten, the board's director.

Attribution 1 Publication: WBOYAuthor: Kimberly Beary Date Published: 8/20/2007 Article Title: Suspects stole safe from Board of Barbers and Cosmetologists Office. Article URL: http://www.wboy.com/story.cfm?func=viewstory&storyid=27840

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070816-01 Benefit Planners- Boerne TX 8/14/2007Paper Data Business Yes - 0 Unknown #

A trash bin was filled with hundreds of documents behind a shopping plaza in Boerne. The space was once occupied by Benefit Planners, a company that provides insurance claims. The papers included SSNs.

Attribution 1 Publication: KENS 5 Eyewitness NewsAuthor: Bridget Smith Date Published: 8/15/2007 Article Title: Documents with personal information found in Boerne trash bin Article URL: http://www.mysanantonio.com/news/metro/stories/MYSA081507.docsintrash.kens.374edd39.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070815-03 Coast Guard DC 8/1/2007Paper Data Government/Military Yes - 6,200 Published #

Thousands of paper documents containing sensitive personal information about Coast Guardsmen and their families have gone missing in Washington, D.C. The Coast Guard intends to notify 6200 members who participated in the Special Needs and Family Advocacy Programs. The documents included the SSNS of service members involved.

Attribution 1 Publication: Navy TimesAuthor: Patricia Kime Date Published: 8/14/2007 Article Title: Coast Guard loses 3,500 sensitive records Article URL: http://www.navytimes.com/news/2007/08/coastguard_lost_info_070814w/

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070815-02 Verus- Sky Lakes Medical OR 5/1/2007Electronic Medical/Healthcare Yes - 30,000 Center Published #

A online billing company, Verus Inc, transferred Sky Lakes Medical Center's patient information including names and SSNS from one server to another but didn't take proper security measure leaving the information exposed to the public on the Internet for about a month. Verus has been the source of numerous breaches during 2007 and the hospital has cancelled its contract with Verus.

Attribution 1 Publication: Oregon LiveAuthor: Associated Press Date Published: 8/15/2007 Article Title: Patient information left open online at Oregon hospital Article URL: http://www.oregonlive.com/newsflash/regional/index.ssf?/base/news-20/1187192116196040.xml&storylist=orlocal Identity Theft Resource Center Report Date: 12/31/2007 Page 59 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

A small computer drive with the SSNs and other personal data about every Army National Guard soldier in Idaho has been stolen from a car according to the National Guard. The device was not encrypted.

Attribution 1 Publication: Fox NewsAuthor: Rebecca Boone, Ass Date Published: 8/15/2007 Article Title: Idaho Army National Guard Info Stolen Article URL: http://www.foxnews.com/wires/2007Aug15/0,4670,GuardInformationTheft,00.html

Attribution 2 Publication: Magic Valley Times NewsAuthor: Rebecca Boone Date Published: 8/15/2007 Article Title: Personal information stolen from Idaho Army National Guard Article URL: http://www.magicvalley.com/articles/2007/08/15/ap-state-id/d8r16kao0.txt

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070814-02 Fairlawn Bureau of Motor OH Paper Data Government/Military Yes - 30 Vehicles Published #

The Ohio Dept of Public Safety is investigating the dumping of driver's license documents by the Fairlawn Bureau of Motor Vehicles. Approximately 30 documents were found including names and SSNs.

Attribution 1 Publication: WKYC NewsAuthor: Eric Mansfield Date Published: 8/13/2007 Article Title: EXCLUSIVE: Local BMV investigated after documents trashed Article URL: http://www.wkyc.com/news/news_article.aspx?storyid=72706

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070814-01 Pfizer -Axia US 5/31/2007Electronic Business Yes - 950 Published #

Pfizer has experienced a second breach in less than 2 months. This time 2 laptops containing names and SSNs were stolen from a locked car of an Axia employee, a consulting company used by Pfizer. The breach has been confirmed by a letter to the state Dept. of Justice by Pfizer http://doj.nh.gov/consumer/pdf/axia.pdf

Attribution 1 Publication: theday.comAuthor: Lee Howard Date Published: 8/13/2007 Article Title: Pfizer Has Another Breach of Security Article URL: http://www.theday.com/re.aspx?re=7b6d810e-f7ef-4243-a86c-bfdb9093f983

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070813-06 Patton State Hospital CA 8/2/2007Electronic Medical/Healthcare Yes - 300 Published #

The names and SSNs of about 300 registry nurses have been compromised due to the loss of a computer flash drive. Identity Theft Resource Center Report Date: 12/31/2007 Page 60 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: SB SunAuthor: Joe Nelson Date Published: 8/8/2007 Article Title: Patton IDs at risk after loss of data Article URL: http://www.sbsun.com/news/ci_6569478

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070813-05 Ally Insurance Agency IL 8/7/2007Paper Data Business Yes - 0 Unknown #

A bitter fight between 2 insurance companies apparently led to the finding of hundreds of documents including SSNS and credit card numbers at the Ally Insurance Agency. Ally says that Insurance King stole client info but they claim they found the documents in the trash behind the office building.

Attribution 1 Publication: 13 News RockfordAuthor: Smita Kalokhe Date Published: 8/7/2007 Article Title: Personal Information at the Center of Insurance Companies' Fight Article URL: http://www.wrex.com/News/index.php?ID=20387

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070813-04 Howard Johnson CO 8/6/2007Paper Data Business Yes - 0 Unknown #

A hotel guest found about 200 boxes of customer and employee personal information behind a Howard Johnson. The guest called a television station who involved the police. The documents included full credit card numbers, SSNs and color copies of driver's licenses. "The company did not want to do an interview, but released a statement that said in part "these boxes were under observation at all times by motel staff and security staff. The boxes were not in the dumpster area and never were intended to be disposed." However, it was apparent to both the guest, the police and the television station that the documents were not being guarded.

Attribution 1 Publication: CBS 4 DenverAuthor: Karlyn Tilley Date Published: 8/6/2007 Article Title: Company Leaves Boxes Of Personal Info Outside Article URL: http://cbs4denver.com/local/local_story_218072752.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070813-03 Providence Alaska Medical AK 5/31/2007Electronic Medical/Healthcare Yes - 250 Center Published #

A laptop with the names, medical record numbers, dates of birth and patient diagnoses went missing on May 31, 2007. It included oncology patients that had been seen between Aug. 2005- May 2007. A company spokesperson (Becky Hultberg) said that SSNs may be on there also.

Attribution 1 Publication: KTUUAuthor: Rebecca Palsha Date Published: 8/11/2007 Article Title: Laptop with patient information missing from Providence Article URL: http://attrition.org/dataloss/2007/08/pamc01.html Identity Theft Resource Center Report Date: 12/31/2007 Page 61 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Personal data for 747 patients who were treated at the Legacy Health System primary care physician practice between January 2006-Feb 2007 has been taken including patient receipts, credit card transaction slips, checks and SSNs.

Attribution 1 Publication: Portland Business JournalAuthor: staff Date Published: 8/10/2007 Article Title: Patient information, cash missing after Legacy clinic theft Article URL: http://www.bizjournals.com/portland/stories/2007/08/06/daily51.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070813-01 Loyola University IL 7/10/2007Electronic Educational Yes - 5,800 Published #

A Loyola University computer with 5800 SSNs of students was discarded before its hard drive was erased. Most of the students were undergrad but a few grad students. It had been used by the University's Information Technology Services.

Attribution 1 Publication: WAND TV 17Author: Associated Press Date Published: 8/10/2007 Article Title: Loyola warns 5,800 students at risk of ID theft Article URL: http://www.wandtv.com/Global/story.asp?S=6914214

Attribution 2 Publication: Chicago Sun TiimesAuthor: Shamus Toomey Date Published: 8/10/2007 Article Title: 5,800 students at risk of ID theft, Loyola warns Article URL: http://www.suntimes.com/news/metro/504805,CST-NWS-loyola10.article

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070808-02 Electronic Data Systems AL Electronic Business Yes - 489 Published #

A former employee of Electronic Data Systems was arrested this week for trafficking stolen identities she took while working at the company. The warrant charges Kwantrice Thornton with Medicaid fraud and the selling of identities to be used for fraudulent federal tax returns.

Attribution 1 Publication: Birmingham Biz JournalAuthor: staff Date Published: 8/7/2007 Article Title: Ex-employee of Electronic Data Systems charged with stealing identities Article URL: http://birmingham.bizjournals.com/birmingham/stories/2007/08/06/daily11.html?jst=b_ln_hl

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070808-01 Yale University CT 7/17/2007Electronic Educational Yes - 10,200 (Password) **ITRC does not consider a password adequate protection for breached data. SSNs for over 10,000 current and former students, faculty and staff were breached on July 17 when computers were stolen from the Dean's office. While computers were password protected, no mention has been made of encryption of password protection of the individual files. Identity Theft Resource Center Report Date: 12/31/2007 Page 62 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Yale Daily NewsAuthor: Steven Siegel Date Published: 8/8/2007 Article Title: Computers containing 10,000 SSNs are stolen Article URL: http://www.yaledailynews.com/articles/view/21093

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070807-01 Merrill Lynch NJ 7/25/2007Electronic Banking/Credit/Financial Yes - 33,000 Published #

Merrill Lynch has had a computer with employee personal information including SSNs stolen from one of its offices. According to CNBC the breach may involve more than 33,000 people and occurred about 2 weeks ago.

Attribution 1 Publication: CNBCAuthor: Charlie Gasparino Date Published: 8/7/2007 Article Title: Merrill Lynch ID Theft May Affect 33,000 Employees Article URL: http://www.cnbc.com/id/20162588

Attribution 2 Publication: ReutersAuthor: Tim McLaughlin Date Published: 8/7/2007 Article Title: Merrill Lynch reports computer theft Article URL: http://www.reuters.com/article/fundsFundsNews/idUSN0723295420070807

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070806-07 Paper breach- Worthington OH 7/30/2007Paper Data Business Yes - 20 OH Published #

A woman dropping off newspapers at a recycling center found at least 20 folders containing names, SSNS, and photocopies of driver's licenses that used to belong to an undisclosed title company. The AG is trying to talk with the loan company but phone calls by 10 TV have not been returned..

Attribution 1 Publication: !0 TV- Central OhioAuthor: staff Date Published: 7/30/2007 Article Title: Woman Discovers Consumer Files In Recycling Bin Article URL: http://www.10tv.com/?sec=news&story=sites/10tv/content/pool/200707/1966702217.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070806-06 Work Care UT 8/2/2007Paper Data Business Yes - 0 Unknown #

A truck driver found a large quantity of paper documents for employment drug testing done by Work Care, including names and SSNs and even DL numbers while doing a pick-up in Pleasant Grove.

Attribution 1 Publication: KLS-5 NewsradioAuthor: Marc Giauque Date Published: 8/6/2007 Article Title: Hundreds of Documents Found in Garbage with Personal Info-Part 1 Article URL: http://www.ksl.com/?nid=148&sid=1570169 Identity Theft Resource Center Report Date: 12/31/2007 Page 63 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

An accidental email released the names and SSNs of 201 people that use the career counseling center.

Attribution 1 Publication: WPBF NewsAuthor: staff Date Published: 8/2/2007 Article Title: Accidental E-Mail Releases 210 Social Security Numbers Article URL: http://www.wpbf.com/news/13805645/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070806-04 VeriSign CA 7/12/2007Electronic Business Yes - 0 (Password) **ITRC does not consider a password adequate protection for breached data. A laptop with employee names, addresses, SSNs, dates of birth and salary records was stolen from a car on July 12. While the computer was password protected, that does not guarantee that hackers cannot have access to the data. The data was unencrypted, apparently violating VeriSign's security policies.

Attribution 1 Publication: Consumer AffairsAuthor: Martin Bosworth Date Published: 8/6/2007 Article Title: Stolen Laptop Leads To Data Breach At VeriSign Article URL: http://www.consumeraffairs.com/news04/2007/08/verisign_breach.html

Attribution 2 Publication: The Register- UKAuthor: John Leyden Date Published: 8/6/2007 Article Title: VeriSign worker exits after laptop security breach Article URL: http://www.theregister.co.uk/2007/08/06/verisign_laptop_theft/

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070806-03 Kellogg Community Federal MI 7/18/2007Electronic Banking/Credit/Financial Yes - 0 Credit Union Unknown #

A computer containing member information including names, SSNs and account numbers was stolen during a break-in during the third week of July. The company would not state how many members were affected but does have more than 25,300 members. The computer was taken along with other items from the offices of an undisclosed vendor that provides services to the credit union.

Attribution 1 Publication: Battle Creek EnquirerAuthor: Elizabeth Huff Date Published: 8/4/2007 Article Title: Credit union: members' data stolen Article URL: http://www.battlecreekenquirer.com/apps/pbcs.dll/article?AID=/20070804/NEWS01/708040313/1002/NEWS01

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070806-02 Wabash Valley Correctional IN 8/3/2007Electronic Government/Military Yes - 0 Facility Unknown #

An internal computer breach allowed prison staff access to SSNs and other identifying information of employees for an unknown period of time. The information included those who worked at the facility in Carlisle between 1997-2002. Identity Theft Resource Center Report Date: 12/31/2007 Page 64 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Tribune StarAuthor: Deb McKee Date Published: 8/3/2007 Article Title: Computer breach gives prison staff access to employee information Article URL: http://attrition.org/dataloss/2007/08/wabash01.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070806-01 University of Toledo OH 5/2/2007Electronic Educational Yes - 0 Unknown #

A University of Toledo secretary reported that 2 hard drives were stolen from the Health and Human Services Building. Memory cards for at least one of the computers were also taken. One computer was taken on May 2 and the other between June 15-18. Information on the data bases included names, SSNs, and grades.

Attribution 1 Publication: Toledo BladeAuthor: Meghan Gilbert Date Published: 8/2/2007 Article Title: Personal information may be stolen at UT Article URL: http://toledoblade.com/apps/pbcs.dll/article?AID=/20070802/NEWS21/70802036

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070802-02 Life Time Fitness TX 4/1/2007Electronic Business Yes - 100 Published #

The Texas AG has sued Life Time Fitness for failing to shred more than 100 business records that were found in trash cans adjacent to Life Time Fitness in Dallas, Plana, Allen, Flower Mound, Colleyville and Garland. The information of the records included date of birth, credit card numbers and SSNs and in some case photocopies of drivers licenses and SS cards.

Attribution 1 Publication: Dallas Business JournalAuthor: staff Date Published: 8/1/2007 Article Title: Texas AG sues Life Time Fitness Article URL: http://dallas.bizjournals.com/dallas/stories/2007/07/30/daily23.html?jst=b_ln_hl

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070802-01 E. On -Mountjoy & Bressler US 7/20/2007Electronic Business Yes - 0 Unknown #

A Louisville accounting firm's (Mountjoy and Bressler) laptop was stolen that contained E.On U.S. current and former employee information including names and SSNs.

Attribution 1 Publication: Courier JournalAuthor: Gregory Hall Date Published: 8/2/2007 Article Title: Laptop with E.On employee identity info stolen Article URL: http://www.courier-journal.com/apps/pbcs.dll/article?AID=/20070802/BUSINESS/70802021

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070729-06 Yuba County Child Support CA 7/23/2007Electronic Government/Military Yes - 70,000 Services (Password) **ITRC does not consider a password adequate protection for breached data. A stolen laptop has resulted in compromising about 70,000 people's names and SSNs including 30,000 children whose cases were opened prior to May 2001. The computer requires a double password system to access the information. Child Support Services has set up a telephone line to answer client questions and provide assistance. The number is (530) 749-6000 Identity Theft Resource Center Report Date: 12/31/2007 Page 65 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Appeal-DemocratAuthor: Daniel Witter Date Published: 7/28/2007 Article Title: Yuba County data stolen Article URL: http://www.appeal-democrat.com/news/county_51837___article.html/information_brown.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070729-05 City of Virginia Beach VA 7/15/2007Paper Data Government/Military Yes - 2,000 Published #

A former employee Flexible Benefits Administrators has compromised about 2000 of the Virginia Beach employees. The police found lists of names and SSNs of school employees at this person's house.

Attribution 1 Publication: WTKRAuthor: staff Date Published: 7/27/2007 Article Title: Virginia Beach Employees' Identities Compromised After Fraud Investigation Article URL: http://www.wtkr.com/Global/story.asp?S=6850947

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070729-04 City Harvest US 4/25/2007Electronic Business Yes - 0 Unknown #

City Harvest had a potential breach that included credit card information for donors for donations made prior to April 25, 2007. 793 people in NH were also affected but no numbers on other states are available.

Attribution 1 Publication: NY 2 News- Time Warner CableAuthor: Ingrid Kelley Date Published: 7/27/2007 Article Title: City Harvest Says Donor Information Could Be At Risk After Security Breach Article URL: http://www.ny1.com/ny1/content/index.jsp?stid=8&aid=72018

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070729-03 CESA #11 WI 7/23/2007Electronic Government/Military Yes - 300 Published #

Wisconsin's Office of Privacy Protection is reporting a breach on July 23rd involving CESA affecting 300+ individuals including current employees, past employees, terminated employees and vendors. Information includes Name, Address, Date of Birth, Social Security Number, Bank Routing Info.

Attribution 1 Publication: pogowasrightAuthor: pogowasright Date Published: 7/27/2007 Article Title: CESA #1 Breach Article URL: http://www.pogowasright.org/article.php?story=20070726163120167

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070729-02 American Education PA 7/17/2007Electronic Banking/Credit/Financial Yes - 5,184 Services- Vista Published #

The theft of a laptop from American Education Services, the revenue-generating arm of the Pennsylvania Higher Education Assistance Agency -- has sent letters to 5,184 student loan customers telling them that their personal information was on a laptop stolen in a burglary at a subcontractor's headquarters in Livermore, Calif. The information included names and SSNs. Identity Theft Resource Center Report Date: 12/31/2007 Page 66 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Post GazetteAuthor: Eleanor Chute Date Published: 7/27/2007 Article Title: 5,000 student loan customers' info on stolen laptop Article URL: http://www.post-gazette.com/pg/07208/804836-96.stm

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070729-01 US Marines/Penn State Univ. US 1/1/2004Electronic Government/Military Yes - 10,554 Published #

Some Marines who had rifle range requalification records while attending Marine Corp Recruit Depot Parris Island from January 2004- Dec. 2006 may have their names and SSNs exposed. The information was posted online recently by Penn State University which was doing a research project. The information was then cached on a Google Internet search engine.

Attribution 1 Publication: Marine Corp TimesAuthor: Kimberly Johnson Date Published: 7/26/2007 Article Title: Marines' personal data exposed on Web Article URL: http://www.marinecorpstimes.com/news/2007/07/marine_data_exposed_070726/

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070724-01 St Vincent Hospital- Verus IN 7/17/2007Electronic Medical/Healthcare Yes - 51,000 Published #

A security breach at St. Vincent Hospital in Indianapolis compromised the names, addresses and SSNs of about 51,000 patients. The problem happened when Verus, a subcontractor, set up a program that would allow patients to pay bills online. The hospital is no longer working with Verus.

Attribution 1 Publication: 6 NewsAuthor: staff Date Published: 7/24/2007 Article Title: Patient Information Exposed In Hospital Security Lapse Article URL: http://www.theindychannel.com/news/13742066/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070723-06 unknown retailer NY 7/10/2007Electronic Business Yes - 0 Unknown #

M & T Bank is now issuing thousands of new VISA credit and debit cards due to a breach caused by a major retailer who the bank has declined to name. In its letter to customers, M&T said "some fraudulent activity" had already been reported both in and outside the U.S. It advised customers to be on the lookout for fraudulent activity, activate their replacement card, and update any recurring bill payments to use the new card number. The letter was sent out July 13th.

Attribution 1 Publication: Press and Sun BulletinAuthor: George Spohr Date Published: 7/20/2007 Article Title: Breach forces M&T to reissue cards Article URL: http://www.pressconnects.com/apps/pbcs.dll/article?AID=/20070720/BUSINESS/707200312/1006 Identity Theft Resource Center Report Date: 12/31/2007 Page 67 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Based on a tip, a WANE News 16 went out to the Auburn recycling center and found thousand of receipts full of information that an identity thief could use including credit card receipts.

Attribution 1 Publication: WANE Auburn- News 15Author: staff Date Published: 7/20/2007 Article Title: 15 Finds Out: Personal Information at a Recycling Center Article URL: http://www.wane.com/Global/story.asp?S=6813715&nav=menu32_8_3

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070723-04 US Capitol Police Department DC 7/20/2007Electronic Government/Military Yes - 0 Unknown #

A computer breach may have resulted in the release of payroll data by a private vendor according to US Capitol Police Chief Morse.

Attribution 1 Publication: WTOP newsAuthor: Associated Press Date Published: 7/20/2007 Article Title: Breach May Affect Capitol Police Info Article URL: http://www.wtopnews.com/index.php?nid=596&sid=1195573

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070723-03 Connecticut General CT 7/12/2007Electronic Government/Military Yes - 100 Assembly Transportation Published #

State officials are working with Google to remove SSNs of about 100 former employees of the now-defunct LG Defelice Inc. The legislature's Transportation Committee inadvertently posted the information on a General Assembly web site last week.

Attribution 1 Publication: New Hampshire RegisterAuthor: Gregory Hladky Date Published: 7/18/2007 Article Title: State works to purge Defelice data Article URL: http://www.nhregister.com/site/news.cfm?newsid=18602579&BRD=1281&PAG=461&dept_id=590581&rfi=6

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070723-02 Cricket Cell Phone NE 7/16/2007Electronic Business Yes - 300 Published #

300 of Cricket cell phone customers are being told that their credit and debit card information was stolen from a southwest Omaha store. Cricket has confirmed an internal investigation, "implying an inside job."

Attribution 1 Publication: WOWT 6 NewsAuthor: staff Date Published: 7/19/2007 Article Title: Information Compromised Article URL: http://www.wowt.com/news/headlines/8612447.html Identity Theft Resource Center Report Date: 12/31/2007 Page 68 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Two School of Education databases were hacked into potentially exposing 5500 current and former students at the University of Michigan. Technology administrators noticed suspicious activity on a server on July 3rd. Affected information included names, SSNs but no financial information.

Attribution 1 Publication: Free PressAuthor: Jennifer Dixon Date Published: 7/21/2007 Article Title: Hacker accesses personal information from U-M databases Article URL: http://www.freep.com/apps/pbcs.dll/article?AID=/20070721/NEWS06/70721011/

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070720-02 Delaware Courts DE 7/18/2007Electronic Government/Military Yes - 2,700 Published #

A computer hard drive containing personal information related to criminal cases in Superior Court, Family Court and the Court of Common Pleas was stolen in some luggage owned by an employee of Affiliated Computer Services which manages Delaware's information technology. The employee has been fired for not following proper procedures. Those affected will be notified by letter and a call center will be set up- 866-567-7095.

Attribution 1 Publication: Delaware OnlineAuthor: Esteban Parra Date Published: 7/20/2007 Article Title: Computer data from Delaware courts stolen Article URL: http://www.delawareonline.com/apps/pbcs.dll/article?AID=/20070720/NEWS/70720040

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070720-01 SAIC US 5/29/2007Electronic Business Yes - 867,000 Published #

Pentagon contractor SAIC Inc may have compromised the names, birth dates, SSNs and health information of more than 1/2 million military personnel and their relatives because it did not encrypt data transmitted online. "SAIC said the problem occurred when it transmitted information from 580,000 households of military personnel and their family members over the Internet in an unencrypted form. A household may represent more than one person, the company said. The data was stored on a single, nonsecure server at an SAIC location. The company said it was notified on May 29 by the U.S. Air Forces in Europe that it had detected an unsecured transmission of the information."

Attribution 1 Publication: Northwest Florida Daily NewsAuthor: Mladen Rudman and Date Published: 7/20/2007 Article Title: Local security breach could compromise IDs of nearly one million troops Article URL: http://www.nwfdailynews.com/article/7237

Attribution 2 Publication: SAICAuthor: Date Published: 7/20/2007 Article Title: SAIC Press Release from the Chairman and CEO Article URL: http://www.saic.com/response/customers.html

Attribution 3 Publication: Army TimesAuthor: William McMichael Date Published: 7/20/2007 Article Title: Data security lapse affects almost 900,000 Article URL: http://www.armytimes.com/news/2007/07/military_saicdatabreach_070720w/

Attribution 4 Publication: chron.comAuthor: Associated Press Date Published: 7/20/2007 Article Title: SAIC Warns of Possible Data Breach Article URL: http://www.chron.com/disp/story.mpl/ap/fn/4984717.html Identity Theft Resource Center Report Date: 12/31/2007 Page 69 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 5 Publication: Houston ChronicleAuthor: Donna Borak- AP Bus Date Published: 7/20/2007 Article Title: SAIC warns of possible data breach Article URL: http://www.chron.com/disp/story.mpl/ap/fn/4985176.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070719-06 Collin County, Irving TX 7/18/2007Paper Data Government/Military Yes - 0 Unknown #

A trash bin near a moving and shredding company in Irving contained legal documents not being moved to the new courthouse. While someone had blacked the ID information out, SSNs and birth dates could still be read.

Attribution 1 Publication: ABC 13Author: Associated Press Date Published: 7/18/2007 Article Title: Documents with personal info found in Irving trash bin Article URL: http://abclocal.go.com/ktrk/story?section=state&id=5482549

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070719-05 Purdue University IN 7/1/2007Electronic Educational Yes - 50 Published #

50 students from the spring of 2002 or fall of 2004 may have had their SSNs exposed on the Internet. The page has been removed and affected individuals are being notified.

Attribution 1 Publication: Exponent- University News ServiceAuthor: University News Servi Date Published: 7/18/2007 Article Title: 50 students' personal information leaked onto the Internet Article URL: http://www.purdueexponent.org/index.php?module=article&story_id=6432

Attribution 2 Publication: University websiteAuthor: College press release Date Published: 7/17/2007 Article Title: Data Incident Article URL: http://news.uns.purdue.edu/coe0706.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070719-04 Texas Secretary of State TX 6/1/2005Electronic Government/Military Yes - 0 Website Unknown #

Information on thousands of individuals was exposed on the Texas Secretary of State's SOS Direct Web site, according to Steven Peisner, the president of a fraud prevention vendor that has provided IDG News Service with examples of the information he was able to obtain from the site. "Texas has been automatically removing sensitive information from all documents filed with SOSDirect since June 2005, and the state is now in the process of redacting this information from earlier filings, said Scott Haywood, a spokesman with the Office of the Texas Secretary of State. But residents whose social security numbers are posted on SOSDirect need to contact the Secretary of State's office directly in order to have them removed right away, he added. "

Attribution 1 Publication: PC WorldAuthor: Robert McMillan Date Published: 7/19/2007 Article Title: Texas State Site Leaks Personal Data Article URL: http://www.pcworld.com/article/id,134765-c,onlineprivacy/article.html Identity Theft Resource Center Report Date: 12/31/2007 Page 70 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

The SSNs of 1800 past and present Jackson Local School employees are at risk due to the public access of information on a county maintained Web site. It is now secure according to school officials. The Stark-Portage Area Regional Computer Consortium keeps data for 28 school districts and 2 educational service centers. Jackson schools was the only district compromised.

Attribution 1 Publication: GateHouse MediaAuthor: Melissa Giffy Seeton Date Published: 7/19/2007 Article Title: Internal errors blamed for Franklin employees Social Security scare Article URL: http://www.timesreporter.com/index.php?ID=70390

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070719-02 Kingston Technology CA 9/1/2005Electronic Business Yes - 27,000 Published #

A September 2005 breach was just recently discovered that may have compromised the names, addresses and credit card details of roughly 27,000 online customers of the Kingston Technology Company, a computer memory vendor. It was not until after that probe was completed and a final report released on May 22 that Kingston could confirm the scope of the intrusion and its impact. The company is not offering details as to the delay in notification.

Attribution 1 Publication: Computer WorldAuthor: Jaikumar Vijayan Date Published: 7/17/2007 Article Title: Breach, undetected since '05, exposes data on Kingston customers Article URL: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9027220

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070719-01 Louisiana Board of Regents LA 7/1/2005Electronic Educational Yes - 80,000 Published #

Approximately 80,000 names of former students and current and former employees of were accidentally exposed on an internal Internet site run by the Board of Regents for a long as two years. The information included names, addresses and SSNs but no financial account information. The Board of Regents has oversight over all the state's institutions of higher education. This breach affects: Any student who was enrolled in the 10th grade at a Louisiana public high school and took the EPAS (Educational Planning and Assessment) Plan test between 2001 and 2003. Any Louisiana public college or university faculty or staff member who was employed in either 2000 or 2001.

Attribution 1 Publication: WDSUAuthor: press release Date Published: 7/17/2007 Article Title: Louisiana Board Of Regents Acknowledges Security Breach Article URL: http://www.wdsu.com/news/13698466/detail.html

Attribution 2 Publication: WDSU TVAuthor: Date Published: 7/17/2007 Article Title: y Breach Exposes Thousands To ID Theft Article URL: http://www.wdsu.com/news/13698832/detail.html Identity Theft Resource Center Report Date: 12/31/2007 Page 71 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Hackers raided a Western Union database and stole the personal data of more than 20,000 customers including names, addresses and complete credit card information according to James Keese, Western Union's privacy officer.

Attribution 1 Publication: NY PostAuthor: Chuck Bennett and C Date Published: 7/7/2007 Article Title: Hacker attack $hock Article URL: http://www.nypost.com/seven/07172007/news/nationalnews/hacker_attack_hock_nationalnews_chuck_bennett_and

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070716-02 Securitas Security Service CA 4/26/2007Electronic Business Yes - 100,000 Published #

On April 26 thieves slipped into Securitas Security Services USA's West Coast operation's office and left with a number of laptop computers. The company sent out more than 100,000 letters to current and former employees but is still investigating. The letter said that the computers included names, addresses and Social Security numbers. The company has set up a hotline for inquiries.

Attribution 1 Publication: McClatchy Newspapers and Arizona DailAuthor: Paul Wenske Date Published: 7/15/2007 Article Title: Stolen laptops an open door to ID theft Article URL: http://www.azstarnet.com/business/191790

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070716-01 Westminster College UT Electronic Educational Yes - 100 Published #

Files including the names and Social Security numbers were placed on a student Web server used by Westminster students. The files have since been removed.

Attribution 1 Publication: Deseret Morning NewsAuthor: Pat Reavy Date Published: 7/15/2007 Article Title: College puts privacy info on Net Article URL: http://deseretnews.com/dn/view/0,1249,690192561,00.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070713-08 Orlando Financial Services FL 7/1/2007Paper Data Business Yes - 0 Unknown #

A pile of job applications with SSNs and other personal information were found in a parking lot in west Orange County. They belonged to Orlando Financial Services, a 24 hour check cashing store.

Attribution 1 Publication: WFTV 9 FloridaAuthor: staff Date Published: 7/9/2007 Article Title: Bag Full Of Job Applications Found In Parking Lot Article URL: http://www.wftv.com/news/13648199/detail.html Identity Theft Resource Center Report Date: 12/31/2007 Page 72 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details. Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070713-07 South County Hospital- MA 6/29/2007Paper Data Medical/Healthcare Yes - 79 Medical Bureau of Published #

Billing information for 79 patients is missing after a briefcase belonging to an employee of a company that handles billing was stolen from his car while shopping last month. The paperwork included names, SSNS and a summary of the patient accounts.

Attribution 1 Publication: Providence JournalAuthor: Katie Mulvaney Date Published: 7/11/2007 Article Title: South County Hospital billing information stolen Article URL: http://www.projo.com/news/content/SCHOSPITAL11_07-11-07_PK6AUIH.37a0f1f.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070713-06 Texas A&M - #2 TX 7/9/2007Paper Data Educational Yes - 49 Published #

Yet another professor has misplaced a class business law roster that contained the names and SSNs of 49 students. He had the roster on Monday but then said he could not locate it after class. The university plans to stop using SSNs starting with the fall semester begins.

Attribution 1 Publication: Caller.comAuthor: Isreal Saenz Date Published: 7/11/2007 Article Title: Another A&M-CC professor misplaces students' information Article URL: http://www.caller.com/news/2007/jul/11/another-m-cc-professor-misplaces-students-informat/

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070713-05 Direct Loans+ mobile TX 7/11/2007Paper Data Business Yes - 0 shredding company Unknown #

A mobile shredding truck recently lost unshredded federal educational loan documents belonging to Direct Loans in Seattle. Only the documents were found on the streets of Dallas, TX. Data included SSNS. The name of the shredding company remains unknown at this time.

Attribution 1 Publication: KING 5Author: Ray Lane Date Published: 7/12/2007 Article Title: Seattle loan documents scattered across Dallas Article URL: http://www.king5.com/localnews/stories/NW_071207WAB_shredder_truck_loses_info_KS.6bdaa8d9.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070713-04 St. Louis Sewer District MO 6/20/2007Electronic Government/Military Yes - 1,600 Published #

A 10 year employee of the Metropolitan St. Louis Sewer District stole the SSNs of about 1600 current and former employees by downloading them to a home computer. He has been fired and law enforcement is investigating.

Attribution 1 Publication: St. Louis Post-DispatchAuthor: Phil Sutin Date Published: 7/13/2007 Article Title: News > St. Louis City / County > Story Article URL: http://www.stltoday.com/stltoday/news/stories.nsf/stlouiscitycounty/story/33EFD47679FB1BAF862573170067720F? Identity Theft Resource Center Report Date: 12/31/2007 Page 73 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

According to the letter sent by John Flynn for the Disney Movie Club: One of Alta Resources' employees sold certain credit card information to federal law enforcement agents, as part of an undercover sting operation, in May 2007. The information included your name, address, credit card number and expiration date, and credit card type (e.g., Visa, MasterCard, American Express or Discover), and may have included your telephone number and e-mail address if you had provided that contact information to us. We have been assured that the card security code (e.g., the CVV or CVC code) for your card was not included in this information.

Attribution 1 Publication: Network WorldAuthor: Paul McNamara Date Published: 7/11/2007 Article Title: Disney Movie Club members victimized in latest data-breach horror show Article URL: http://www.networkworld.com/community/?q=node/17416

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070713-02 Cuyahoga County Dept. of OH 6/20/2007Electronic Government/Military Yes - 3,000 Development Published #

Thieves stole a computer memory stick filled with names and sensitive personal information who received energy assistance from a counter weatherization program when they carjacked an employee's car. The data includes names, addresses and SSNs.

Attribution 1 Publication: News Net 5Author: staff Date Published: 7/9/2007 Article Title: Thousands of Personal Records Stolen in Carjacking Article URL: http://www.newsnet5.com/news/13649077/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070713-01 City of Encinitas CA 3/20/2007Electronic Government/Military Yes - 1,200 Published #

Credit card or checking account information for about 1200 people who had enrolled their children in the Encinitas' youth recreation programs were accidentally put on the web instead of the internal database. SSNs did not appear to be involved.

Attribution 1 Publication: North County TimesAuthor: Adam Kaye Date Published: 7/13/2007 Article Title: Confidential data revealed on Encinitas' Web site Article URL: http://www.nctimes.com/articles/2007/07/13/news/coastal/3_22_297_12_07.txt

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070709-06 Subaru in Boston MA Paper Data Business Yes - 158 Published #

A man stole 158 vehicle purchase contracts from a Subaru dealership. Gerado Rosario has been arrested and accused of doctoring fake driver licenses with customer info and his photos. He also applied for and maxed out credit cards in customer names.

Attribution 1 Publication: Boston Channel- WCVB 5Author: Rhondella Richardson Date Published: 7/4/2007 Article Title: Personal Information Stolen from Dealership Article URL: http://www.thebostonchannel.com/news/13622026/detail.html Identity Theft Resource Center Report Date: 12/31/2007 Page 74 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070709-05 Chuck E Cheese OR 7/5/2007Paper Data Business Yes - 0 Unknown #

KGW news staff alerted interrogators after an anonymous caller said to check out the open dumpster behind the Chuck E Cheese in Beaverton. Inside were boxes and boxes of employment files including copies of SS cards, driver's licenses and even health plan info. They have since been shredded

Attribution 1 Publication: KGW News 8Author: Kyle Iboshi Date Published: 7/5/2007 Article Title: Chuck E. Cheese dumpster yields sensitive secrets Article URL: http://www.kgw.com/news-local/stories/kgw_070507_news_chuck_e_cheese_w2.47d9eae4.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070709-04 Ohio State University- OH 6/19/2007Electronic Educational Yes - 0 Buckeye Corner Unknown #

Dozens of Ohio State University fans have had their credit card numbers stolen after ordering merchandise from the Buckeye Corner online between June 19-26. Bruce Harlan, the local chain's chief executive said that his company isn't the source but believes the information was intercepted during the time the customers were placing the order. Police and two security companies are working to determine whether the web site has been hacked. So far at least 20 customers have contacted the company with complaints of fraud but the company has yet to post information on its website about the breach to alert all of its customers.

Attribution 1 Publication: Columbus DispatchAuthor: Amy Saunders Date Published: 7/7/2007 Article Title: http://www.columbusdispatch.com/dispatch/content/business/stories/2007/07/07/buckeye_corner.ART_ART_07-07-07_C10 Article URL: http://www.columbusdispatch.com/dispatch/content/business/stories/2007/07/07/buckeye_corner.ART_ART_07-07-

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070709-03 Copeland restaurant FL 7/4/2007Paper Data Business Yes - 0 Unknown #

Thirty boxes of sensitive information was found in trash bins behind the now closed Copeland's restaurant. The documents included partial credit card numbers of customers as well as SSNs, names and addresses of former employees. The Pensacola Police will determine the next step for the information.

Attribution 1 Publication: Pensacola News JournalAuthor: Sean Dugas Date Published: 7/8/2007 Article Title: Documents from Copeland's to be turned over to police Article URL: http://www.pensacolanewsjournal.com/apps/pbcs.dll/article?AID=/20070708/NEWS01/707080320/1006

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070709-02 Girl Scouts Mile Hi Council CO 6/27/2007Electronic Business Yes - 0 Unknown #

The Girl Scouts Mile Hi Council has notified its members and their parents that tapes had been stolen from a car on June 27th. The tapes included some SSNs and credit card numbers from the camp and event registration database. The information is from the years 2003-2007. Identity Theft Resource Center Report Date: 12/31/2007 Page 75 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Rocky Mountain NewsAuthor: staff Date Published: 7/9/2007 Article Title: Girl Scouts council loses personal info in theft of tapes Article URL: http://www.rockymountainnews.com/drmn/local/article/0,1299,DRMN_15_5621147,00.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070709-01 Highlands University NM 7/1/2007Electronic Educational Yes - 420 Published #

Highlands University in New Mexico had a break-on on campus that affected the SSN and credit card and account information of some students. The notice was directed towards students who signed up for graduate courses at the Adv. Placement Institute at New Mexico State University or attended an International BA Institute at United World College or the Interactive Math Summer Institute at Albuquerque's South Valley Academy.

Attribution 1 Publication: KOATAuthor: Associated Press Date Published: 7/5/2007 Article Title: Highlands Alerts 420 Students To Possibility Of ID Theft Article URL: http://www.koat.com/news/13629937/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070703-01 Fidelity National Information US 6/3/2007Electronic Business Yes - 8,500,000 Services- Certegy Check Published #

A former employee from Certegy Check Services stole 2.3 million consumer records including credit card and bank account numbers. As of 6/3 (first reports), it is not known if SSNs are involved. About 2.2 million bank account records were stolen and 99,000 credit card records were taken. Some were sold according to the Fidelity. Authorities including the Secret Service are investigating and the employee has been identified UPDATE 7/25: Fidelity now believes that 8.5 million consumer records are involved according to a SEC filing- 5.7 million checking and 1.5 million credit cards. Note from ITRC: Please refer to our breach victim information guide on our website for helpful tips.

Attribution 1 Publication: Channel RegisterAuthor: Dan Goodin Date Published: 12/4/2007 Article Title: IT pro admits stealing 8.4M consumer records Article URL: http://www.channelregister.co.uk/2007/12/04/admin_steals_consumer_records/

Attribution 2 Publication: CNN MoneyAuthor: Associated Press Date Published: 7/25/2007 Article Title: Fidelity Nat'l widens scope of theft Article URL: http://money.cnn.com/news/newsfeeds/articles/newstex/AFX-0013-18404346.htm

Attribution 3 Publication: CNN MoneyAuthor: PR Newswire Date Published: 6/3/2007 Article Title: Fidelity National Information Services Announces Misappropriation of Consumer Data by Employee of Certegy Check Servi Article URL: http://money.cnn.com/news/newsfeeds/articles/prnewswire/CLTU02603072007-1.htm

Attribution 4 Publication: Fox NewsAuthor: Associated Press Date Published: 6/3/2007 Article Title: Fidelity: 2.3M Records Containing Credit Card, Bank Account Information Stolen Article URL: http://www.foxnews.com/story/0,2933,287862,00.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070702-03 University of Florida at FL 5/30/2007Electronic Medical/Healthcare Yes - 1,000 Shands Published #

Police are investigating the potential theft of a hard drive from the hospital at the University of Florida at Shands which was stolen on May 30th. The letter that went out states that names, medical record numbers, dates of birth and medical information was on the disk but not SSNs. Identity Theft Resource Center Report Date: 12/31/2007 Page 76 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: News 4 JAXAuthor: staff Date Published: 6/28/2007 Article Title: Hard Drive With Shands Patients' Info Stolen Article URL: http://www.news4jax.com/news/13589795/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070702-02 Harrison County Schools WV 2/1/2007Electronic Educational Yes - 0 Unknown #

Several computers that contained school district employee information including SSNs were stolen in February. Any employee who filed a work comp claim between Jan. 2001-Feb 2007 may be at risk.

Attribution 1 Publication: WTRFAuthor: staff Date Published: 6/29/2007 Article Title: Stolen Computers Leave Harrison County School Workers at Risk for ID Theft Article URL: http://www.wtrf.com/story.cfm?func=viewstory&storyid=25748

Attribution 2 Publication: The State JournalAuthor: staff Date Published: 6/28/2007 Article Title: Stolen Computers Leave Harrison County School Workers at Risk for ID Theft. Article URL: http://www.statejournal.com/story.cfm?func=viewstory&storyid=25748

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070702-01 University of Calif. Davis CA 6/15/2007Electronic Educational Yes - 1,495 Published #

A criminal investigation into the apparent hacking and misuse of computerized veterinary medical school admissions records has been launched by the University of California, Davis, Police Department, in cooperation with the Sacramento Valley High Tech Crimes Task Force.

On June 15, the university determined that its computer-security safeguards had been breached and someone had gained access to the personal information of an estimated 1,120 applicants to the School of Veterinary Medicine for the 2007-2008 school year, including 131 accepted students. The hacker had accessed information including the applicants' names, birth dates and, in most cases, Social Security numbers. In addition, the records of 375 applicants from the 2004-5 school year may also have been accessed

Attribution 1 Publication: UC Davis press releaseAuthor: staff Date Published: 6/27/2007 Article Title: Criminal Probe Launched Into Computer Hacking of Vet School Admissions Info Article URL: http://www.news.ucdavis.edu/search/news_detail.lasso?id=8225

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070628-03 Bowling Green State OH 5/30/2007Electronic Educational Yes - 199 University Published #

Bowling Green State University is notifying current and former students of accounting professor Dr. David Albrecht that a flash drive with SSNs for about 200 of his students in 2002 is lost. Other information for 1600 students is missing but none that could easily lead to identity theft.

Attribution 1 Publication: Diverse Issues in Higher EducationAuthor: Associated Press Date Published: 6/28/2007 Article Title: Bowling Green U. says professor lost drive with student info Article URL: http://www.diverseeducation.com/artman/publish/article_7876.shtml

Attribution 2 Publication: ABC Local- WTVGAuthor: staff Date Published: 6/27/2007 Article Title: BGSU Security breach Article URL: http://abclocal.go.com/wtvg/story?section=local&id=5427364 Identity Theft Resource Center Report Date: 12/31/2007 Page 77 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070628-02 Milwaukee PC Retail Stores WI 6/25/2007Electronic Business Yes - 65,000 Published #

Credit card information of 65,000 customers may have been compromised when a file was placed on the company's server. It could include customer credit card numbers and personal information. It has since been removed.

Attribution 1 Publication: Today's SMJ Channel 4- MilwaukeeAuthor: Heather Shannon Date Published: 6/27/2007 Article Title: 65,000 Milwaukee PC Customers May Be at Risk Article URL: http://www.todaystmj4.com/news/local/8202232.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070628-01 Texas First Bank- S1 Corp TX 5/19/2007Electronic Banking/Credit/Financial None - 0 Other Protection A laptop was stolen during a car theft in Dallas that contained about 4,000 customer records including SSNs and account numbers. The laptop had a heavily secure password and is equipped with technology designed to prevent unauthorized access. “Based upon feedback from law enforcement, we do not believe the laptop was the target of the theft as other personal effects were stolen,” the bank wrote in a June 15 letter to customers.

Attribution 1 Publication: KHOUAuthor: Laura Elder Date Published: 6/22/2007 Article Title: Bank warns of possible ID theft Article URL: http://www.khou.com/news/local/stories/khou070622_jj_bankid.4056cb0.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070625-01 Ohio Bureau of Workers' OH 5/30/2007Electronic Government/Military Yes - 439 Compensation Published #

The Ohio Bureau of Workers' Compensation disclosed that a laptop was stolen on May 30th that contained the SSNs and other personal data on 439 injured workers. The laptop was stolen from the garage of an employee.

Attribution 1 Publication: Toledo BladeAuthor: Jim Provance Date Published: 6/25/2007 Article Title: Workers’ comp bureau admits to stolen information problem in the State's 2nd personal data compromise incident Article URL: http://toledoblade.com/apps/pbcs.dll/article?AID=/20070625/NEWS24/70625016

Attribution 2 Publication: Middletown JournalAuthor: Laura Bischoff Date Published: 6/25/2007 Article Title: State reports another theft of personal data Article URL: http://www.middletownjournal.com/hp/content/oh/story/news/state/2007/06/25/ddn062507bwcweb.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070620-04 American Airlines US 6/20/2007Electronic Business Yes - 350 (Password) **ITRC does not consider a password adequate protection for breached data. The personal information including SSNs for more than 315 current and former pilots and 50 others had been posted on a password protected internal website. Pilots are upset because they realized that others could see their information. The search function of the site has been disabled. Identity Theft Resource Center Report Date: 12/31/2007 Page 78 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Star TelegramAuthor: Associated Press Date Published: 6/21/2007 Article Title: Personal data exposed on internal Web site Article URL: http://www.star-telegram.com/business/story/144184.html

Attribution 2 Publication: Dallas Morning NewsAuthor: Associated Press Date Published: 6/20/2007 Article Title: American pilots protest security breach on company Web site Article URL: http://www.dallasnews.com/sharedcontent/APStories/stories/D8PSQQN80.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070620-03 California Department of CA 12/1/2006Electronic Government/Military Yes - 0 Forestry Unknown #

California firefighters working for the CA Dept. of Forestry including about 13 assigned to North County and 40 San Diego-area firefighters have fallen victim to identity theft since the thefts were first reported in 2006 according to Randy Scales, Chapter Director for the San Diego unit of the CDF firefighters' union. The thefts seem to peak in January and February but local firefighters still report theft in June of 2007.

Attribution 1 Publication: North County TimesAuthor: Sarah Wilkins Date Published: 6/18/2007 Article Title: Identity thieves hit locally based state firefighters Article URL: http://www.nctimes.com/articles/2007/06/19/news/top_stories/6_01_356_18_07.txt

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070620-02 Mathis Companies, inc. TN 6/17/2007Paper Data Business Yes - 0 Unknown #

A Soddy Daisy (TN) woman took some things to a recycling bin and found large boxes of business records that contained personal information for more than a dozen employees of the Mathis Company. The information included payroll check stubs, tax info, names and SSNs. The company is now out of business and the owner was puzzled as to how the documents got there. He believes a storage unit where they had been kept may have dumped them.

Attribution 1 Publication: WTVC- 9Author: Kim Fields Date Published: 6/18/2007 Article Title: Personal Information Uncovered in Recycling Bin Article URL: http://www.newschannel9.com/articles/mathis_13133___article.html/information_york.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070620-01 Shamokin Area School PA 6/16/2007Electronic Educational Yes - 0 District Unknown #

An employee gained unauthorized access to the Smamokin Area School District computer database that stores student information including SSNs. It is not clear if the information has been used yet.

Attribution 1 Publication: WNEP 16Author: Andy Hirsch Date Published: 6/18/2007 Article Title: Computer Breach Exposes Students' Social Security Numbers Article URL: http://www.wnep.com/Global/story.asp?S=6675365&nav=menu158_2 Identity Theft Resource Center Report Date: 12/31/2007 Page 79 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

A contractor employee accidentally sent out an email to 39 recipients at Ames with information for 426 other Ames contractor employees.

Attribution 1 Publication: Internal releaseAuthor: Sylvia Longchamps Date Published: 6/14/2007 Article Title: Incident Report- Personally Identifiable Information Incident Article URL: http://www.spaceref.com/news/viewsr.html?pid=24526

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070618-03 Texas A&M TX 6/1/2007Electronic Educational Yes - 8,000 Published #

The chairman of the math department, vacationing in Madagascar, lost a computer storage device that contained the names and SSNs of all students at the school in 2006. He had planned to do some work while on his trip.

Attribution 1 Publication: KRIST TVAuthor: Bart Bedsole Date Published: 6/18/2007 Article Title: Identity theft may be problem for TAMUCC students Article URL: http://www.kristv.com/Global/story.asp?S=6667387&nav=menu192_2

Attribution 2 Publication: Caller.comAuthor: David Kassabian Date Published: 6/18/2007 Article Title: Professor loses student data Article URL: http://www.caller.com/news/2007/jun/16/professor-loses-student-data/

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070618-02 Ohio State Employees OH 6/10/2007Electronic Government/Military None - 0 Other Protection A backup computer storage device with the names and SSNs of all 64,000 Ohio state employees was stolen from the car of a state agency intern, who had the device as part of a practice meant to keep data safe. According to authorities it would take a significant level of expertise and multiple computer programs plus special equipment to access the data. The Dayton Daily has a complete timeline of events per OBM Director Sabety. UPDATE: The Associated Press printed a breakdown on what information was stored on the device and who, so far, is potentially affected by a possible data breach: (as of 6/16) UPDATE: 225,000 taxpayers' information was also on the tape and so far nearly 1/2 million Ohioans are confirmed to be on the stolen device. (Dayton Daily News 6/20)

Names and Social Security numbers of all 64,000 state employees. Names and Social Security numbers on 53,797 participants enrolled in the state's pharmacy benefits management program. Names and Social Security numbers of 75,532 dependents of participants enrolled in the pharmacy benefits program. 2,685 records of school district and local government names and bank account information. 159,708 records of Medicaid providers and their bank account information. Names and account numbers of 1,031 state employees who are teachers in the State Teachers Retirement System. Banking information on 28,362 state employees and vendors who have received electronic funds transfers from the state. SOURCE: Gov. Ted Strickland's office UPDATE: Number is now more than 1 million Ohioans. For a full Office of Inspector General Report go to: http://watchdog.ohio.gov/investigations/2007190.pdf Identity Theft Resource Center Report Date: 12/31/2007 Page 80 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Blade Columbus BureauAuthor: Jim Provance Date Published: 7/20/2007 Article Title: Inspector General recommends disciplinary action in data-theft case Article URL: http://toledoblade.com/apps/pbcs.dll/article?AID=/20070720/BREAKINGNEWS/70720026

Attribution 2 Publication: Beacon JournalAuthor: Associated Press- Ma Date Published: 7/11/2007 Article Title: Count of people with data on stolen device reaches nearly 860,000 Article URL: http://www.ohio.com/mld/beaconjournal/news/state/17481411.htm

Attribution 3 Publication: Dayton Daily NewsAuthor: Laura Bischoff and Wi Date Published: 6/20/2007 Article Title: Strickland: Taxpayer info also on stolen computer tape Article URL: http://www.daytondailynews.com/n/content/oh/story/news/state/2007/06/20/ddn062007dataweb.html

Attribution 4 Publication: Canton RepositoryAuthor: Associated Press- Ma Date Published: 6/18/2007 Article Title: State hires expert to study data theft Article URL: http://www.cantonrep.com/index.php?ID=360550&Category=13&subCategoryID=

Attribution 5 Publication: Beacon JournalAuthor: Associated Press Date Published: 6/16/2007 Article Title: A breakdown of what information was on the stolen computer storage device Article URL: http://www.ohio.com/mld/beaconjournal/news/state/17379372.htm

Attribution 6 Publication: Dayton Daily NewsAuthor: William Hershey Date Published: 6/16/2007 Article Title: Stolen state tape: More personal info than thought Article URL: http://www.daytondailynews.com/n/content/oh/story/news/local/2007/06/16/ddn061607dataweb.html

Attribution 7 Publication: Cincinnati EnquirerAuthor: Stephen Majors, Asso Date Published: 6/15/2007 Article Title: All state workers' info stolen Article URL: http://news.enquirer.com/apps/pbcs.dll/article?AID=/20070615/NEWS01/306150027

Attribution 8 Publication: Columbus DispatchAuthor: Mark Niquette Date Published: 6/15/2007 Article Title: Stolen computer tape holds all state employees' IDs Article URL: http://www.columbusdispatch.com/dispatch/content/flash/stories/2007/06/15/data_stolen.html

Attribution 9 Publication: Dayton Daily NewsAuthor: Laura Bischoff and Wi Date Published: 6/15/2007 Article Title: Back-up tape containing state workers' IDs stolen Article URL: http://www.daytondailynews.com/n/content/oh/story/news/local/2007/06/15/ddn061507idtheftweb.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070618-01 Arkansas Psychology Board AR 5/31/2007Electronic Business Yes - 284 Published #

Confirmed by the ITRC with the Arkansas Psychology Board: submission to Pogowasright. The information for about 284 psychologists was found in a cached Google version of a Microsoft Excel. Information included names, license numbers and SSNs. You can confirm with APB at 501-682-6167. The site has since been taken down.

Attribution 1 Publication: blog then confirmed by ITRC with the APAuthor: Aaron Titus Date Published: 6/14/2007 Article Title: Potential Arkansas.gov data breach Article URL: http://www.aarontitus.net/blog/2007/06/11/potential-arkansasgov-data-breach/ Identity Theft Resource Center Report Date: 12/31/2007 Page 81 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

"In Elliot Hospital's case, the notification of a possible information leak was prompted by a stolen laptop that contained the names, addresses and Social Security numbers of two hospice patients who had since died. The laptop was stolen from a locked office at the Visiting Nurse Association office in Manchester between Feb. 26 and March 7. The hospital reported the breach as a precaution, even though there was nothing to indicate the information on the laptop was "accessed, disseminated or misused in any way," according to a letter provided to the consumer protection bureau by the hospital April 3.

The next day, the hospital reported a second breach involving a private orthopedic practice Elliot Hospital partnered with. The hospital gave access to its medical records to the practice. The hospital later learned that two employees of the private practice had accessed a patient's health information and "disclosed portions" to other employees of the practice. Those employees were fired and the patient, who also happened to be an employee, was notified. Again, as a precaution, the hospital reported the possible breach to the consumer protection bureau."

Attribution 1 Publication: Concord MonitorAuthor: Lisa Arsenault Date Published: 6/13/2007 Article Title: Dozens of computer breaches reported Article URL: http://www.concordmonitor.com/apps/pbcs.dll/article?AID=/20070613/REPOSITORY/706130339

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070614-01 City of Lynchburg VA 5/22/2007Electronic Government/Military Yes - 1,200 Published #

About 1200 Lynchburg City employees and retirees may have been exposed to a security breach. A document was posted on the city's website that included prescription and other personal data. It was discovered about a week after posting by an employee on June 4th. The site has been taken down and the city is working with Google to remove any information that might pop up during a search. The city did report there were a "few" hits on the page. The City's HR Director, when called by ITRC to confirm what information may be affected, declined to comment. UPDATE: SSNs were involved according to officials on 6/14

Attribution 1 Publication: WDBJ 7Author: staff Date Published: 6/14/2007 Article Title: Lynchburg employees personal information may still be on the internet Article URL: http://www.wdbj7.com/Global/story.asp?S=6660626&nav=S6aK

Attribution 2 Publication: WSLS -TV, Roanoke VAAuthor: Aimee Norton Date Published: 6/13/2007 Article Title: City of Lynchburg Identity Theft Scare Article URL: http://www.wsls.com/servlet/Satellite?pagename=Common%2FMGArticle%2FPrintVersion&c=MGArticle&cid=11733

Attribution 3 Publication: News Advance.com: The News and AdvAuthor: Matt Busse Date Published: 6/13/2007 Article Title: City employees' information erroneously put online Article URL: http://www.newsadvance.com/servlet/Satellite?pagename=LNA/MGArticle/LNA_BasicArticle&c=MGArticle&cid=117

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070612-01 Grand Valley State University MI 5/24/2007Electronic Educational Yes - 3,000 Published #

A flash drive containing the SSN of about 3000 current and former students was stolen from the English department. Other office supplies were also taken. .

Attribution 1 Publication: WOOD TV 9, Grand RapidsAuthor: staff Date Published: 6/11/2007 Article Title: Flash drive containing students' SSNs stolen from GVSU Article URL: http://www.woodtv.com/Global/story.asp?S=6643715&nav=0Rce Identity Theft Resource Center Report Date: 12/31/2007 Page 82 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070611-02 Pfizer US 5/25/2007Electronic Business Yes - 17,000 Published #

Approximately 17,000 current and former Pfizer employees are receiving letters about security breach that affected their names and SSNs. “The information was stored on a Pfizer laptop computer that was provided to a Pfizer colleague for use in her home. Due to the unauthorized installation of certain file sharing software on the laptop, files stored in the laptop containing names, social security numbers, and in some instances, addresses and bonus information of approximately 17,000 present and former Pfizer colleagues, were exposed to one or more third parties. Our investigation revealed that certain files containing your data were accessed and copied.” According to the letter sent out to all state Attorneys General- 15,700 actually had their data accessed and copied and about 1,250 may have had their data accessed and copied.

Attribution 1 Publication: The DayAuthor: Lee Howard Date Published: 6/23/2007 Article Title: Pfizer Gets More Time On Data Breach Article URL: http://www.theday.com/re_print.aspx?re=c8d5d2c5-eff8-4a83-8f6a-9b4c31e2da5b

Attribution 2 Publication: CNN MoneyAuthor: Dow Jones Newswire Date Published: 6/13/2007 Article Title: Pfizer, Conn. Attorney General Probing Co Security Breach Article URL: http://money.cnn.com/news/newsfeeds/articles/djf500/200706131557DOWJONESDJONLINE000845_FORTUNE5.htm

Attribution 3 Publication: PharmalotAuthor: Ed Silverman Date Published: 6/11/2007 Article Title: Pfizer: 17,000 Employees Suffer Privacy Breach Article URL: http://www.pharmalot.com/2007/06/pfizer-17000-employees-suffer-privacy-breach

Attribution 4 Publication: OpEd News.comAuthor: Peter Rost Date Published: 6/11/2007 Article Title: Pfizer screws up royally: 17,000 employee names and SS numbers copied by thieves Article URL: http://www.opednews.com/articles/genera_peter_ro_070611_pfizer_screws_up_roy.htm

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070611-01 Concord Hospital- Verus, Inc. NH 4/12/2007Electronic Medical/Healthcare Yes - 9,297 Published #

A security lapse occurred when a WA company called Verus turned off a firewall for maintenance purposes and forgot to turn it back on, potentially exposing more than 9,000 Concord Hospital patients. The information included names, addresses, dates of birth and SSNs. No credit card information was exposed according to hospital representatives. Update: the billing company, Verus, has since been fired. (6/20)

Attribution 1 Publication: Concord MonitorAuthor: Lisa Arsenault Date Published: 6/20/2007 Article Title: Hospital dumps billing company Article URL: http://www.concordmonitor.com/apps/pbcs.dll/article?AID=/20070620/REPOSITORY/706200316

Attribution 2 Publication: Seattlepi.comAuthor: The Associated Press Date Published: 6/10/2007 Article Title: Wash. company blamed for online data breach at N.H. hospital Article URL: http://seattlepi.nwsource.com/local/6420AP_NH_Patient_Data.html

Attribution 3 Publication: Concord HospitalAuthor: Jennifer Dearborn- m Date Published: 6/10/2007 Article Title: Hospital Press release Article URL: http://www.concordhospital.org/news/news.php?shownews=true&id=602&artid=602&arttype=

Attribution 4 Publication: Concord MonitorAuthor: Lisa Arsenault Date Published: 6/9/2007 Article Title: Security breach exposes Concord Hospital patient data Article URL: http://www.concordmonitor.com/apps/pbcs.dll/article?AID=/20070609/NEWS03/70609002/1030 Identity Theft Resource Center Report Date: 12/31/2007 Page 83 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070608-07 Check 'N Go TX Paper Data Business Yes - 0 Unknown #

Check 'N Go in Texas is being investigated for discarding business records in easily accessible trash cans behind stores. The records include names, addresses and SSNs. According to the company, it contracts with Iron Mountain to ensure files are security retained and destroyed and plans to work out an "amenable resolution for our customers."

Attribution 1 Publication: East Texas ReviewAuthor: staff Date Published: 6/8/2007 Article Title: Check 'N Go responds to actions from Texas AG office Article URL: http://www.easttexasreview.com/story.htm?StoryID=4533

Attribution 2 Publication: The Orange LeaderAuthor: Tommy Mann Jr Date Published: 5/31/2007 Article Title: Texas AG sues Check ‘n Go for exposing customers’ personal information records Article URL: http://www.orangeleader.com/news/local_story_151233805.html

Attribution 3 Publication: KFOX TV, TexasAuthor: staff Date Published: 5/24/2007 Article Title: Check 'N Go Sued by State Article URL: http://www.kfoxtv.com/news/13386402/detail.html

Attribution 4 Publication: KBTV 4 TVAuthor: S. Denman Date Published: 5/24/2007 Article Title: Check `N Go Customers Possible Victims of Identity Theft Article URL: http://216.87.159.39/news/default.asp?mode=shownews&id=14762

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070608-06 North Dakota State University ND Electronic Educational Yes - 0 Unknown #

A breach that affected both student loan records and payroll records occurred over a 2-week period of time when the records were compromised during the archiving of paper documents. 57 student loan records were involved, students whose last name begins with "A" and an unknown number of personnel records.

Attribution 1 Publication: KXMC NewsAuthor: Associated Press Date Published: 6/7/2007 Article Title: NDSU says security breach left some records 'vulnerable'… Article URL: http://www.kxmc.com/News/130612.asp

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070608-05 Riverside Community CA 5/20/2007Paper Data Medical/Healthcare Yes - 10,000 Hospital Published #

Medical records from Riverside Community Hospital and surrounding clinics were found in a Chula Vista dumpster according to San Diego's NBC TV News. The records included names, addresses, SSNS, bank account and other detailed medical records including baby records. The stacks also contained information about doctors, including names of physician who were discharged and why.

Attribution 1 Publication: NBC San DiegoAuthor: staff Date Published: 5/20/2007 Article Title: Medical Records Exposed In Dumpster Article URL: http://www.nbcsandiego.com/news/13354644/detail.html Identity Theft Resource Center Report Date: 12/31/2007 Page 84 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

FEMA, the Federal Emergency Management Agency, mistakenly included the SSNs on the outside of envelopes sent to Disaster Assistance Employees. Glenn M. Cannon, assistant administrator in the Disaster Operations Directorate, sent out the following letter:

"Dear Disaster Generalist," he wrote to about 2,300 people on April 16, "an unfortunate administrative processing error at FEMA . . . has resulted in the printing of Social Security numbers on the outside address labels of Disaster Assistance Employee (DAE) . . . reappointment letters."

Attribution 1 Publication: Washington PostAuthor: Al Kamen Date Published: 4/23/2007 Article Title: FEMA's 'Unfortunate' Privacy Disaster Article URL: http://www.washingtonpost.com/wp-dyn/content/article/2007/04/22/AR2007042201362.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070608-03 CVS Corporation TX 3/19/2007Paper Data Medical/Healthcare Yes - 1,000 Published #

The US Texas Attorney is suing CVS Corp, alleging that pharmacy employees dumped credit card numbers, medical information and other sensitive material from more than 1000 customers.

Attribution 1 Publication: ForbesAuthor: Juan Lozano Date Published: 4/17/2007 Article Title: Texas AG: CVS Dumped Customers' Records Article URL: http://www.forbes.com/feeds/ap/2007/04/17/ap3621733.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070608-02 University of Iowa IA 5/19/2007Electronic Educational Yes - 1,100 Published #

Students and faculty of the University of Iowa graduate program are being notified about a web-site security breach. The school is not disclosing what information was on the site.

Attribution 1 Publication: University press releaseAuthor: Dean John Keller Date Published: 6/8/2007 Article Title: Press release from UI Article URL: http://www.grad.uiowa.edu/news/incident.htm

Attribution 2 Publication: Press CitizenAuthor: Staff Date Published: 6/8/2007 Article Title: UI notifies graduate program students, faculty about security breach Article URL: http://www.press-citizen.com/apps/pbcs.dll/article?AID=/20070608/NEWS01/70608007/1079 Identity Theft Resource Center Report Date: 12/31/2007 Page 85 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

The University of Virginia discovered a breach of one of its computer applications that resulted in the exposure of names, SSNs and dates of birth belonging to current and former faculty members. The investigation has revealed that on 54 separate days between May 20, 2005 and April 19, 2007, hackers tapped into the records of 5,735 faculty members. No suspects have been identified. Those affected include anyone who taught or had any faculty designation (academic, administrative or adjunct) at the University or at the College at Wise from approximately 1990 to August 2003. The University’s Information Technology and Communications division first discovered the existence of the database as part of its Social Security number remediation efforts and removed it on April 20, 2007, after concluding an initial internal review "On May 22, programmers who maintain the site discovered -- in a separate, unrelated incident -- that a hacker had defaced a page on the site. After the database was secured, programmers continued reviewing server logs to investigate that attack more thoroughly. On May 29, the earlier breaches were discovered."

Attribution 1 Publication: UVA Today- Press ReleaseAuthor: staff Date Published: 6/8/2007 Article Title: University Of Virginia Alerts Current And Former Faculty That Sensitive Information Has Been Exposed Article URL: http://www.virginia.edu/uvatoday/newsRelease.php?id=2217

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070607-14 Fulton County GA 4/9/2007Paper Data Government/Military Yes - 75,000 Published #

The Secretary of State is investigating the disposal of about 75,000 voter registration cards that contained the voter's full name, address and complete SSN.

Attribution 1 Publication: The WeeklyAuthor: staff Date Published: 4/11/2007 Article Title: Secretary of State Recovers Thousands of 'Active' Fulton County Voter Registration Cards Article URL: http://www.theweekly.com/news/2007/April/11/voter_cards.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070607-13 Dai Nippon Printing Company US 2/20/2007Electronic Banking/Credit/Financial Yes - 8,637,405 Published #

Japan's Dai Nippon Printing company, one of the country's largest commercial printing companies, said that names, addresses and credit card numbers intended for direct mail were stolen by a former contract worker between May 2001 and May 2006. He was recently arrested after the emergence of an Internet shopping scam in which the former employee sold 150,000 pieces of data to a criminal group. Affected companies include American Home Assurance Co, Aeon Co. and Toyota.

ITRC does not know if customers of Toyota Motor and other affected companies include U.S. customers.

Attribution 1 Publication: ReutersAuthor: Reuters Date Published: 3/12/2007 Article Title: Dai Nippon Printing reports client data theft Article URL: http://www.reuters.com/article/technology-media-telco-SP/idUST2997420070312 Identity Theft Resource Center Report Date: 12/31/2007 Page 86 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details. Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070607-12 New Horizons Community CO 4/3/2007Electronic Banking/Credit/Financial Yes - 9,000 Credit Union (Password) **ITRC does not consider a password adequate protection for breached data. New Horizons Community Credit Union (NHCCU), a state chartered federally insured credit union located in Denver, Colo., and operating under conservatorship of the National Credit Union Administration, is notifying members of a potential breach of confidential member loan information. The potential breach results from the theft of a laptop computer from Protiviti, a consultant employed by Bellco Credit Union conducting due diligence to prepare a possible acquisition bid. The computer was protected by two layers of security, a unique user- identifier and a multiple-character, alpha-numeric password.

Attribution 1 Publication: New Horizons CCUAuthor: press release Date Published: 4/11/2007 Article Title: New Horizons Community CU Takes Action After Potential Data Breach; Members Informed of Protections Article URL: http://www.ncua.gov/news/press_releases/2007/MR07-0411.htm

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070607-11 RadioShack TX 3/28/2007Paper Data Business Yes - 0 Unknown #

Thousands of payment slips showing the credit card numbers and other personal information of RadioShack employees was found in a dumpster behind a Corpus Christi-area RadioShack, a news station reported Wednesday. According to the KZTV report, a man rummaging through trash behind a RadioShack store in Portland, Texas, found nearly 20 boxes of discarded records. The sales receipts spanned a time period between 2001-2005 according to a KZTV news report

Attribution 1 Publication: Dallas Business Journal, San Antonio; KAuthor: staff Date Published: 3/29/2007 Article Title: RadioShack customers' personal info found in dumpster Article URL: http://sanantonio.bizjournals.com/dallas/stories/2007/03/26/daily28.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070607-10 Bank and Joint Institute of TX 2/19/2007Paper Data Medical/Healthcare Yes - 0 Texas Unknown #

Hundreds of medical records from a chiropractor's office were found in the trash on Feb 19th behind the building. At least 20 boxes were recovered but some files were found loose on the ground. They included photocopies of driver's licenses, SSNs, names, addresses and private medical histories. The Institute is now defunct and it is believed that a bankruptcy trustee must have dumped the records.

Attribution 1 Publication: KENS 5 Eyewitness NewsAuthor: Barry Davis Date Published: 2/20/2007 Article Title: Medical records found dumped Article URL: http://www.mysanantonio.com/news/metro/stories/MYSA021907.medicalrecordsdumped.KENS.184ada9d.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070607-09 Piper Jaffray MN 1/29/2007Paper Data Business Yes - 1,000 Published #

Current and former Piper Jaffray employees received W-2's with their SSNs on the outside of the envelope.

Attribution 1 Publication: Twin Cities, Pioneer PressAuthor: Nicole Garrison-Spren Date Published: 2/8/2007 Article Title: Piper Jaffray apologizes to employees for W-2 goof Article URL: http://www.twincities.com/mld/twincities/business/16647381.htm Identity Theft Resource Center Report Date: 12/31/2007 Page 87 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070607-08 Central Connecticut State CT 1/31/2007Paper Data Educational Yes - 750 University Published #

During the first week of February 2007 about 750 students received mail from the Bursar's office that showed their SSN in the window of the envelope. More than 23000 letters were folded incorrectly by the mailing machine but unfortunately 750 were mailed before being corrected.

Attribution 1 Publication: CCSU RecorderAuthor: Melissa Traynor Date Published: 2/7/2007 Article Title: Social Security Numbers Exposed in CCSU Letters Article URL: http://clubs.ccsu.edu/recorder/news/news_item.asp?NewsID=175

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070607-07 Metro Credit Services TX 2/3/2007Paper Data Banking/Credit/Financial Yes - 0 Unknown #

Officials said the multiple boxes of documents contained medical records, phone bills and Social Security numbers belonging to thousands of people across Texas. They said the files once belonged to the defunct bill collection company Metro Credit Services, and that the owner of the building at which the company once operated threw out the documents during the weekend. The police has recovered and destroyed the documents they could find.

Attribution 1 Publication: NBC 5- Dallas/Fort WorthAuthor: staff Date Published: 2/6/2007 Article Title: Police find trash bin full of personal records Article URL: http://www.nbc5i.com/news/10943763/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070607-06 Wisconsin Legislative WI 1/31/2007Paper Data Government/Military Yes - 100 Human Resources Office Published #

An employee of the Legislative HR Office took a report home to work on and had it stolen while she was at a health club that she stopped at after work. Her keys were stolen from her locker and her car broken into. The report contained names and SSNs of Assembly personnel.

Attribution 1 Publication: Channel 3000Author: Associated Press Date Published: 2/2/2007 Article Title: Thief Takes Lawmakers' Social Security Numbers Article URL: http://www.channel3000.com/politics/10912171/detail.html

Attribution 2 Publication: breach listAuthor: WI Office of Privacy P Date Published: 2/1/2007 Article Title: State of Wisconsin Legislative Human Resources Office Article URL: http://privacy.wi.gov/databreaches/2007/feb07a.jsp Identity Theft Resource Center Report Date: 12/31/2007 Page 88 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Thousands of visa applications and other sensitive documents sat for more than a month in the open yard of a San Francisco recycling center after they were dumped there by the city's Indian Consulate. The documents included names and SSNs and confidential paperwork for "virtually everyone in California and other Western states who had applied for visas to travel to India between 2002-2005

Attribution 1 Publication: San Francisco GateAuthor: David Lazarus Date Published: 2/2/2007 Article Title: Identity theft pay dirt at recycling center Article URL: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2007/02/02/LAZ.TMP

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070607-04 Chase/Bank One LA Paper Data Banking/Credit/Financial Yes - 4,100 Published #

Names and SSNs of current and former employees were left on a spread sheet found in a desk sold by a used furniture store in Shreveport. A notebook with names and SSNs was also found. Apparently it was from a former Bank One which in July 2005 became part of Chase bank and was disposed of. Customer names were NOT on the list.

Attribution 1 Publication: KSLA- TVAuthor: staff Date Published: 1/26/2007 Article Title: Used Desk Contained Names & SSNs Of Former Bank Employees Article URL: http://www.ksla.com/Global/story.asp?S=5996702&nav=0RY5

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070607-03 Greenville County School SC 1/19/2007Paper Data Educational Yes - 0 District Unknown #

Boxes of personnel records - including the Social Security numbers of thousands of teachers - were accidentally left behind by the Greenville County school district when it vacated its office for renovations, officials say. The 10 boxes held lists of every teacher employed by the district between 1972 and 1990, as well as their Social Security numbers, district spokeswoman Oby Lyles said Friday. Several other boxes contained personnel records as recent as 1998, Lyles said.

The finding comes just two months after it was discovered that the district had sold computers containing Social Security numbers and birthdates for roughly 100,000 students and at least 1,000 employees

Attribution 1 Publication: Myrtle Beach OnlineAuthor: Associated Press Date Published: 1/20/2007 Article Title: School district leaves personnel records behind during renovations Article URL: http://www.myrtlebeachonline.com/mld/myrtlebeachonline/news/local/16508366.htm

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070607-02 Dearfield Medical Building CT 6/5/2007Paper Data Medical/Healthcare Yes - 0 Unknown #

It is "speculated" that a cleaning crew threw away a box of medical files from doctors in the Dearfield Medical Building even though there is a strict policy in the building for doctors to indicate what is trash and what is to be shredded. One of the involved doctors said that his practice has a firm shredding policy and was surprised that they had not been disposed of properly. The papers included test results, insurance approvals and other medical issues. This incident is a HIPAA violation. Identity Theft Resource Center Report Date: 12/31/2007 Page 89 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Greenwich PostAuthor: Ken Borsuk Date Published: 6/7/2007 Article Title: Medical papers found in trash bin may lead to fines Article URL: http://www.acorn-online.com/news/publish/greenwich/18807.shtml

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070607-01 Cedarburg High School WI 6/5/2007Electronic Educational Yes - 900 Published #

Cedarburg High School students used a school computer to access confidential data of current and former School District employees that had not been properly secured on the district computer network, Superintendent Daryl Herrick said Tuesday. The students obtained names, addresses and Social Security numbers and might have accessed personal bank account information, he said. While it was discovered on 6/5 it is not known how long students had access to the data.

Attribution 1 Publication: breach listAuthor: WI Office of Privacy P Date Published: 6/6/2007 Article Title: Cedarburg School District Article URL: http://privacy.wi.gov/databreaches/2007/june07.jsp

Attribution 2 Publication: JS Online- Milwaukee Journal SentinelAuthor: Tom Kertscher Date Published: 6/6/2007 Article Title: Students breach personal data Article URL: http://www.jsonline.com/story/index.aspx?id=616364

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070604-07 Fulton County Voter GA 4/9/2007Paper Data Government/Military Yes - 45,000 Registration Published #

The GA Secretary of State is investigating who threw more than 75,000 Fulton County voter registration cards in the trash. Each card includes the name, address and SSN of the voter. More than 30 boxes of application cards, precinct cards and other documents were found in a construction trash bin at Atlanta Tech College.

Attribution 1 Publication: Access North GA, WDUN News/Talk 55Author: Associated Press Date Published: 4/12/2007 Article Title: 75,000 voter registration cards found in trash bin in Atlanta Article URL: http://www.accessnorthga.com/news/hall/newfullstory.asp?ID=113345

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070604-06 Rockwood Chamberlain TN 5/24/2007Paper Data Medical/Healthcare Yes - 0 Professional Building Unknown #

Piles of medical records were found several feet high outside of a Rockwood doctor's office on May 24th. The records contained names, addresses and SSNs. The records were at least 10 years old and "don't belong to doctors who work out of that building currently." Once the police arrived they found a building trustee who made sure the records were immediately shredded.

Attribution 1 Publication: WATE 6 NewsAuthor: Erica Estep Date Published: 5/24/2007 Article Title: Medical records found in trash outside Rockwood medical building Article URL: http://www.wate.com/Global/story.asp?S=6566130&nav=0RYv Identity Theft Resource Center Report Date: 12/31/2007 Page 90 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details. Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070604-05 CA Department of Alcohol CA 4/3/2007Paper Data Government/Military Yes - 200 and Drug Programs Published #

The California Department of Alcohol and Drug Programs said an envelope containing the names and social security numbers of 300 Drug Medi-Cal clients in San Diego was "damaged" during processing at a post office.

In addition, the paperwork with nearly 200 names is missing. ADP said they were notified of the incident April 3. The paperwork, which is used to reconcile Drug Medi-Cal billings, was en route to the San Diego County Alcohol and Drug Services office when it was damaged, according to officials. As a result, the ADP said they have stopped sending sensitive information through the mail.

Attribution 1 Publication: NBC San DiegoAuthor: staff Date Published: 4/12/2007 Article Title: Personal Info Of Dozens Of San Diegans Breached Article URL: http://www.nbcsandiego.com/news/11741661/detail.html?dl=headlineclick

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070604-04 Stevens Hospital WA Electronic Medical/Healthcare Yes - 550 Published #

Stevens Hospital near Seattle, WA, is notifying patients that names and SSNs have been exposed when a subcontractor had "a lapse in its data security procedures," according to Mike Carter, hospital CEO. One of the subcontractor's computers was unsecured, permitting an Internet search engine to access the information. "The hospital made the announcement today to avoid calling attention to the patient information until it could be blocked and removed," he said.

Attribution 1 Publication: Business WireAuthor: staff Date Published: 6/4/2007 Article Title: Stevens Hospital Notifies Patients after Subcontractor's Computer Security Lapse Makes Identifying Information Accessible Article URL: http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20070604006259&new

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070604-03 Gadsden State Community AL 6/2/2007Paper Data Educational Yes - 400 College Published #

Some Gadsden State CC records with SSNs were found scattered a cross the driveway of an Anniston business. The records belonged to students who took an art appreciation course between 2005 and 2006. They were found when someone mowed the lawn.

Attribution 1 Publication: AL.com- Huntsville Times, Press RegistAuthor: Associated Press Date Published: 6/3/2007 Article Title: Somme Gadsden State student records scattered on driveway Article URL: http://www.al.com/newsflash/regional/index.ssf?/base/news-29/1180904393189240.xml&storylist=alabamanews

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070604-02 Northwestern University IL 6/1/2007Electronic Educational Yes - 4,000 Published #

The files of approximately 4000 students and applicants to Northwestern University were posted online in error. The files, including SSNs, were stored on a computer in the Integrated Graduate Program in the Life Sciences. This affects those students who attended or applied to the program between 1991- 2007. The computer has been shut down. This is the third time in just over 2 years that the school has been breached. Identity Theft Resource Center Report Date: 12/31/2007 Page 91 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Computer WorldAuthor: Jaikumar Vijayan Date Published: 7/6/2007 Article Title: Northwestern Univ. hit by third data breach since '05 Article URL: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9023946&intsrc=news_ts_h

Attribution 2 Publication: WQAD- Moline ILAuthor: staff- Associated Pres Date Published: 6/1/2007 Article Title: Personal data of 4,000 NU students, applicants ends up online Article URL: http://www.wqad.com/Global/story.asp?S=6600947

Attribution 3 Publication: CBS 2 ChicagoAuthor: Associated Press Date Published: 6/1/2007 Article Title: NU contacting 4,000 after security breach Article URL: http://cbs2chicago.com/local/local_story_152220639.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070604-01 Priority One Credit Union CA 4/23/2007Paper Data Banking/Credit/Financial Yes - 0 Unknown #

According to a letter sent from Charles Wiggington, Sr. CEO and President of Priority One Credit Union both the account numbers and SSNs were printed on the outside of envelopes with election ballets sent to members. (confirmed with CEO)

Attribution 1 Publication: PC WorldAuthor: Steve Bass Date Published: 5/31/2007 Article Title: Priority One Credit Union's security breach Article URL: http://www.networkworld.com/news/2007/053107-priority-one-credit-unions-security.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070601-02 Jax Federal Credit Union FL 5/30/2007Electronic Banking/Credit/Financial Yes - 7,500 Published #

About 7500 of the credit union's 38,000 members are getting letters about a security breach. The bank was sending information to a printing company that included names and SSNS but the printer's website was not secure and the exchange was picked up by Google.

Attribution 1 Publication: First Coast News, NBC 12Author: Lindy Thackston Date Published: 5/31/2007 Article Title: Jax Federal Credit Union File Leak Article URL: http://www.firstcoastnews.com/news/topstories/news-article.aspx?storyid=83258

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070601-01 Fresno County CA 5/25/2007Electronic Government/Military Yes - 10,000 Published #

Fresno County officials are looking for a missing computer disk that disappeared last week. It contains names, addresses, SSNs and other data on about 10,000 home health care workers and their clients. Officials at a San Jose software company said they never received the disk which was transported by DHL on May 10th. UPDATE: 6/25- Officials have determined that the disk contained only information pertaining to the home health workers and not their clients.

Attribution 1 Publication: Fresno BeeAuthor: Kerri Ginis Date Published: 6/25/2007 Article Title: Health-worker data disk remains missing Article URL: http://www.fresnobee.com/263/story/68632.html Identity Theft Resource Center Report Date: 12/31/2007 Page 92 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 2 Publication: Fresno BeeAuthor: staff Date Published: 6/1/2007 Article Title: Fresno County searches for disk with employees' personal info Article URL: http://www.fresnobee.com/384/story/51223.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070528-10 College of St. Catherine MN 4/2/2007Paper Data Educational Yes - 25 Published #

The College of St. Catherine had a break-in which resulted in the theft of academic files. So far at least one student's information has been used for theft. Staff reported that earlier in April an office had been disturbed but didn't realize that files had been taken. The files included SSNs, names and other information. Letters went out to the affected students on April 16th.

Attribution 1 Publication: Pioneer PressAuthor: Paul Tosto Date Published: 5/27/2007 Article Title: St. Paul/Files stolen and identities used Article URL: http://www.twincities.com/localnews/ci_6003652

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070528-09 Dollar General TX 5/28/2007Paper Data Business Yes - 0 Unknown #

Poles of employment and business transaction papers were found by an anonymous woman behind the Dollar General on Gulfway Dr in Port Arthur. The papers included names, SSNs, addresses and drivers license numbers of prospective and current employees.

Attribution 1 Publication: 4 Hometown News KBTVAuthor: Kimberly Woodard Date Published: 5/28/2007 Article Title: Local Discount Store Improperly Disposes Confidential Information Article URL: http://www.kbtv4.tv/news/default.asp?mode=shownews&id=14795

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070528-08 International House of IL 1/1/2007Electronic Business Yes - 0 Pancakes plus Unknown #

A string of restaurants including the Springfield International House of Pancakes (IHOP), is now alerting customers that their debit cards have been compromised as a result of a breach at the local chain. Law enforcement says that others restaurants or retails outlets including some outside of Springfield may also be involved.

Attribution 1 Publication: State Journal Register, SpringfieldAuthor: Tim Landis Date Published: 5/26/2007 Article Title: Online security was latest, says restaurant owner Article URL: http://www.sj-r.com/sections/news/stories/115309.asp

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070528-07 CoverTN TN 5/25/2007Electronic Government/Military Yes - 279 Published #

A computer error for TN's new state Cover Tennessee health insurance program caused some applicant's SSNs to become visible to others according to officials. Applicants from mid- February to early March may have been affected. Identity Theft Resource Center Report Date: 12/31/2007 Page 93 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Dickson HeraldAuthor: Erik Schelzig Date Published: 5/26/2007 Article Title: Social Security numbers mistakenly released by CoverTN Article URL: http://www.dicksonherald.com/apps/pbcs.dll/article?AID=/20070526/NEWS0204/70526003

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070528-06 North Carolina Department of NC 5/25/2007Electronic Government/Military Yes - 25,000 Transportation Published #

A computer server holding the names and SSNs of about 25,000 NC Department of Transportation employees, contractors and other state employees was breached. Anyone who worked there between 1997-2006 may be affected.

Attribution 1 Publication: WRALAuthor: staff Date Published: 5/25/2007 Article Title: DOT Security breach affects 25,000 employees Article URL: http://www.wral.com/news/local/story/1446009/

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070528-05 Waco Independent School TX 5/14/2007Electronic Educational Yes - 17,400 district Published #

Two high school seniors hacked into the district's computer server which contained 15,400 student and 2,000 employee records including their SSNs.

Attribution 1 Publication: Waco TribuneAuthor: David Doerr Date Published: 5/23/2007 Article Title: WISD officials investigating reported student hacking of district computers Article URL: http://www.wacotrib.com/news/content/news/stories/2007/05/23/05232007wacwisdhack.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070528-04 University of Pittsburgh PA 5/7/2007Paper Data Medical/Healthcare Yes - 6,000 Medical Center Published #

Donor solicitation letters were sent to about 6,000 former patients on May 7 which exposed the person's SSN as part of a tracking code through the envelope window according to spokesperson Frank Raczkiewicz. This is the medical center's second breach.

Attribution 1 Publication: Post GazetteAuthor: Patricia Sabatini Date Published: 5/22/2007 Article Title: UPMC mailing exposes patients to identity theft risk Article URL: http://www.post-gazette.com/pg/07142/787898-28.stm

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070528-03 University of Irvine Medical CA 5/6/2007Paper Data Medical/Healthcare Yes - 300 Center Published #

Police are investigating the disappearance of medical files for nearly 300 patients from the UCI Medical Center. About 1600 files boxes stored off-site were discovered missing in the last 2 months. The hospital is required to hold records for seven years prior to being destroyed according to state law. The missing boxes represented about 2% of all stored files and included names, addresses, SSNs and medical record numbers. Identity Theft Resource Center Report Date: 12/31/2007 Page 94 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: The Orange County RegisterAuthor: Blythe Bernhard Date Published: 5/11/2007 Article Title: Personal data missing from UCI Medical Center Article URL: http://www.ocregister.com/ocregister/homepage/abox/article_1690870.php

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070528-02 Georgia Department of GA 5/16/2007Paper Data Government/Military Yes - 140,000 Human Resources Published #

140,000 infants have had their SSNs and medical information possibly exposed when the Georgia Department of Human Resources mailed letters to all parents of infants born in GA between 4/1/06-3/16/07, stating that papers records were improperly destroyed. The forms were supplemental forms submitted by hospitals along with official birth certificates. They were supposed to be shredded after the data is entered into a computer but shredding was not done.

Attribution 1 Publication: Atlanta Journal ConstitutionAuthor: Gayle White Date Published: 5/17/2007 Article Title: Security breach involves recent births Article URL: http://www.ajc.com/metro/content/metro/stories/2007/05/16/0517meshrecords.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070528-01 Check into Cash IL 5/22/2007Paper Data Business Yes - 0 Unknown #

File boxes stuffed with documents containing customer loan documents, account registers, collection notes, customer history reports and SSNs were found in a local trash bin Tuesday May 22nd. The responsible employee has been fired. Throwing out info without destroying that information is a crime in Illinois.

Attribution 1 Publication: News-GazetteAuthor: Christine Des Garenn Date Published: 5/23/2007 Article Title: Papers with personal info found in Check into Cash's trash Article URL: http://www.news-gazette.com/news/local/2007/05/23/papers_with_personal_info_found_in_check_into_cashs_trash

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070523-03 University of Colorado CO 5/12/2007Electronic Educational Yes - 44,998 Boulder- College of Arts and Published #

A computer server at the Univ. of Colorado's College of Arts and Sciences' Advising Center was hacked via a worm affecting 45,000 students and their SSNs. The students were enrolled in the Boulder campus between 2002 to the present. IT investigators said the vulnerability in its Symantec anti-virus software system was not properly patched.

Attribution 1 Publication: SC MagazineAuthor: Dan Kaplan Date Published: 5/23/2007 Article Title: Hackers exploit unpatched flaw, disabled firewall to access personal info of 45,000 University of Colorado students Article URL: http://scmagazine.com/us/news/article/659383/hackers-exploit-unpatched-flaw-disabled-firewall-access-personal-in

Attribution 2 Publication: KMGH DenverAuthor: staff Date Published: 5/22/2007 Article Title: Computer Hacker Gains Access To CU Students' Personal Info Article URL: http://www.thedenverchannel.com/news/13366476/detail.html

Attribution 3 Publication: Rocky Mountain NewesAuthor: staff Date Published: 5/22/2007 Article Title: CU server hacked, 45,000 ids at risk Article URL: http://www.rockymountainnews.com/drmn/local/article/0,1299,DRMN_15_5549379,00.html Identity Theft Resource Center Report Date: 12/31/2007 Page 95 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

A worker of a temporary employment agency mistakenly sent out a mass email showing employees' computer addresses and SSNs.

Attribution 1 Publication: Foster's Online- Dover NHAuthor: staff Date Published: 5/23/2007 Article Title: Worker mistakenly sends out personal email database Article URL: http://www.fosters.com/apps/pbcs.dll/article?AID=/20070523/NEWS0201/70523026

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070523-01 Beacon Medical Services CO 5/18/2007Electronic Medical/Healthcare Yes - 5,000 Published #

Thousands of Colorado residents who went to facilities run by Beacon Medical Service may have had their names, insurance providers, medical histories, SSNs and other data exposed. The unsecured computer was accessible through a web browser and provides billing, coding and other services to emergency physicians at 17 facilities. Patient records from at least 10 Colorado clinics and hospitals and one hospital in Peoria IL are affected.

Attribution 1 Publication: Denver PostAuthor: Karen Auge Date Published: 5/24/2007 Article Title: Financial, medical data found on Net Article URL: http://www.denverpost.com/headlines/ci_5971015

Attribution 2 Publication: Minnesota Public Radio- Future TenseAuthor: staff Date Published: 5/22/2007 Article Title: Private medical records of Colorado residents exposed on Internet Article URL: http://minnesota.publicradio.org/collections/special/columns/wavlength/archive/2007/05/private_medical_records_

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070521-09 Columbia Bank NJ 5/15/2007Electronic Banking/Credit/Financial Yes - 0 Unknown #

Columbia Bank, which has the largest share of deposits in Fair Lawn, has notified its online banking customers of a hacker breach. The thief gained access to customer names and SSNs. It affects all customers with online banking according to CEO Raymond Hallock.

Attribution 1 Publication: New Jersey Media GroupAuthor: Richard Newman Date Published: 5/21/2007 Article Title: Columbia Bank says online hackers breached security Article URL: http://www.northjersey.com/page.php?qstr=eXJpcnk3ZjczN2Y3dnFlZUVFeXkzJmZnYmVsN2Y3dnFlZUVFeXk3MTM4

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070521-08 Northwestern University IL 5/11/2007Electronic Educational Yes - 0 Unknown #

A laptop computer belonging to Northwestern University financial aid office in Chicago was stolen recently and the SSNs of some alumni may have been compromised. This is the 3rd incident at Northwestern since March 2005. Identity Theft Resource Center Report Date: 12/31/2007 Page 96 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Chicago TribuneAuthor: staff Date Published: 5/20/2007 Article Title: Stolen laptop contains NU alumni data Article URL: http://www.chicagotribune.com/news/local/chicago/chi-laptop_20may20,1,6443490.story?coll=chi-newslocalchicag

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070521-07 Yuma Elementary School AZ 5/7/2007Electronic Educational Yes - 91 District One Published #

The SSN and payroll information of 91 district substitute teachers was stolen on May 7th when a district employee's car was broken into. The reports did not list bank account numbers.

Attribution 1 Publication: Yuma SunAuthor: Sarah Reynolds Date Published: 5/18/2007 Article Title: Substitute teachers' Social Security numbers stolen in car break-in Article URL: http://www.yumasun.com/news/numbers_34114___article.html/jones_security.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070521-06 Texas Commission on Law TX 5/9/2007Electronic Government/Military Yes - 229,000 Enforcement Officers Published #

Law officers from all across Texas could be at risk of id theft. Burglars stole several laptop computers from Productivity Center Incorporated (PCI) including one that belonged to the commission. Every officer's SSN, date of birth and driver's license number is at risk. According to TCLEOSE, the theft was part of 23 buildings hit in one area of Houston and they do not believe that one laptop was targeted for its information.

Attribution 1 Publication: Southwest Texas RecordAuthor: David Yates Date Published: 12/17/2007 Article Title: No harm, no foul doesn't apply to class action against Productivity Center Inc. alleging 'potential injury' Article URL: http://www.setexasrecord.com/news/205379-no-harm-no-foul-doesnt-apply-to-class-action-against-productivity-cen

Attribution 2 Publication: WFAA- Dallas/Fort Worth Channel 8Author: Steve Stoler Date Published: 5/19/2007 Article Title: Theft puts law officers at risk from ID theft Article URL: http://www.wfaa.com/sharedcontent/dws/wfaa/latestnews/stories/wfaa070518_lj_stoler.81ee4b9a.html

Attribution 3 Publication: Channel 11 NewsAuthor: Jeremy Desel Date Published: 5/19/2007 Article Title: Thousand of police at risk Article URL: http://www.khou.com/news/state/stories/khou070518_tj_copcomputer.81e7d778.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070521-05 Illinois Dept. of Financial and IL 1/1/2007Electronic Government/Military Yes - 300,000 Professional Regulation Published #

Roughly 300,000 licensees and applicants with the Illinois Professional-Regulation Department are being notified that their SSN, licensing information and other information was breached early this year. Affected parties include mortgage brokers, pawn-shop operators and real-estate agents. Sue Hofer, spokesperson for the department said "it looks like criminal conduct," and the hacking of the server appears to have come from a source outside state government. The breach appears to have taken place in January but was not discovered until May 3, 2007.

Attribution 1 Publication: The Originator TimesAuthor: staff Date Published: 6/4/2007 Article Title: Data Breach – Up to 300,000 Originators' Social Security Numbers Compromised Article URL: http://originatortimes.com/content/templates/standard.aspx?articleid=2417&zoneid=1 Identity Theft Resource Center Report Date: 12/31/2007 Page 97 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 2 Publication: Gatehouse News Service- State Journal Author: Mike Ramsey Date Published: 5/19/2007 Article Title: State computer security breached Article URL: http://www.sj-r.com/sections/news/stories/114739.asp

Attribution 3 Publication: Illinois Dept of Financial and ProfessionaAuthor: Dean Martinez Date Published: Article Title: state press release Article URL: www.idfpr.com/breachinformation.asp

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070521-04 Stony Brook University NY 4/11/2007Electronic Educational Yes - 90,000 Published #

The SSNs and university id numbers of faculty, staff, students, alumni and other members of the community were accidentally posted to Google for about 2 weeks until discovery on April 24, 2007.

Attribution 1 Publication: Stony Brook Independent (college paperAuthor: George Agathos Date Published: 5/19/2007 Article Title: Personal information of up to 90,000 compromised at Stony Brook Article URL: http://www.sbindependent.org/node/1850

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070521-03 Alcatel-Lucent NJ 4/5/2007Electronic Business Yes - 0 Unknown #

Telecom and networking equipment maker Alcatel-Lucent announced that a computer disk containing names, addresses, birth dates and SSNs of employees, retirees and their dependents was lost or stolen between April 5 and May 3rd.

Attribution 1 Publication: ABC MoneyAuthor: Associated Press Date Published: 5/17/2007 Article Title: Alcatel-Lucent loses employee data Article URL: http://www.abcmoney.co.uk/news/17200773596.htm

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070521-02 Indianapolis Public Schools IN 5/16/2007Electronic Educational Yes - 25 Published #

Records for at least 7500 Indianapolis Public School students were accidentally posted to the Internet exposing personal information including medical records, names, birthdates, addresses, grades, personal essays/journals of students, employee reviews and social security numbers. Update 5/23: The district now says that the SSN of only 18 students and a few staff were released and a list of special education diagnoses of about 260 students

Attribution 1 Publication: Fort Wayne New SentinelAuthor: Associated Press Date Published: 5/23/2007 Article Title: School leader apologizes for released data Article URL: http://www.fortwayne.com/mld/newssentinel/news/local/17268976.htm

Attribution 2 Publication: Indy StarAuthor: Andy Gammill Date Published: 5/16/2007 Article Title: IPS student records compromised Article URL: http://www.indystar.com/apps/pbcs.dll/article?AID=/20070516/LOCAL/70516042 Identity Theft Resource Center Report Date: 12/31/2007 Page 98 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

In February 2007 a laptop was stolen from the Washington State Auditor's Office in Mount Vernon. The computer contained names, addresses and SSNs of workers from several local governmental agencies including police officers to teachers at the local college. The auditor's office stated that the police did not want notices to go out until now due to the investigation.

Attribution 1 Publication: King 5 NewsAuthor: Rob Piercy Date Published: 5/8/2007 Article Title: Burglary leaves thousands at risk for ID theft Article URL: http://www.king5.com/localnews/stories/NW_050807WABskagitcomputerKC.4dcb892a.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070516-04 Augustana College SD 4/15/2007Electronic Educational Yes - 1,700 Published #

A security glitch allowed Augustana students to access personal school info on all students for about four months until it was discovered.

Attribution 1 Publication: Keloland TV (KELO)Author: Kelli Grant Date Published: 5/11/2007 Article Title: Augie Student Website security glitch Article URL: http://www.keloland.com/News/Education/NewsDetail7796.cfm?ID=0,56973

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070516-03 Community College of So. NV 2/1/2007Electronic Educational Yes - 197,000 Nevada Published #

The Community College of Southern Nevada is warning nearly 200,000 current and past students that their names and SSNs may have been stolen- "months ago." The virus was detected in February on one of the two servers that store student information.

Attribution 1 Publication: KLAS TVAuthor: staff Date Published: 5/14/2007 Article Title: CCSN Warns 200,000 Students Their Info Possibly Stolen Article URL: http://www.klas-tv.com/Global/story.asp?S=6512881

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070516-02 Goshen College IN 5/5/2007Electronic Educational Yes - 7,300 Published #

Between May 5-7 a Goshen College computer was remotely accessed by a "hacker," according to school officials. Information on the computer included a database on about 7300 current or prospective students, from the fall 2003 to the present, as well as some of their parents.

Attribution 1 Publication: Goshen News INAuthor: staff Date Published: 5/12/2007 Article Title: College reports computer security breach Article URL: http://www.goshennews.com/local/local_story_132001116.html Identity Theft Resource Center Report Date: 12/31/2007 Page 99 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

A hospital spokesperson announced that a computer containing patient info was stolen from one of its business offices in April 2007. Two sap tops were stolen but only one had patient info on it. The computer was sold on eBay and the one containing personal information has been recovered.

Attribution 1 Publication: 13 WHAMAuthor: staff Date Published: 5/11/2007 Article Title: Highland Hospital security breach Article URL: http://www.13wham.com/news/local/story.aspx?content_id=d70aed97-d001-4e3f-990d-50f9d8e32769

Attribution 2 Publication: 13 WHAMAuthor: staff Date Published: 5/10/2007 Article Title: Highland Hospital Security Breach Article URL: http://www.13wham.com/news/local/story.aspx?content_id=d70aed97-d001-4e3f-990d-50f9d8e32769

Attribution 3 Publication: Rochester Democrat and ChronicleAuthor: staff Date Published: 5/10/2007 Article Title: Hospital computers stolen, sold on eBay Article URL: Rochester, NY - Highland Hospital is warning its patients of a security breach.

Attribution 4 Publication: Highland HospitalAuthor: staff Date Published: 5/7/2007 Article Title: Press Release from Highland Hospital Article URL: http://www.stronghealth.com/about/hospitals/letter.doc

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070508-01 University of Missouri MO 5/4/2007Electronic Educational Yes - 22,396 Published #

A recent attack on the University of Missouri system computer database allowed one or more people to retrieve 22,396 names and SSNs of employees of any UM campus during the 2004 calendar year. This includes some current or former employees and students. The hacker accessed the information through a web page used to make queries about the status of trouble reports to the IT help desk, based in Columbia. It has since been removed. A hotline has been set up- 866-241-5619. The St. Louis Post-Dispatch reported that the hackers used internet addresses in China and Australia. This is the second time this year the computer system has been compromised

Attribution 1 Publication: Information WeekAuthor: Sharon Gaudin Date Published: 5/9/2007 Article Title: Second Hack At University Exposes Info On 22,000 Students Article URL: http://www.informationweek.com/news/showArticle.jhtml?articleID=199500214

Attribution 2 Publication: MissourianAuthor: Gary Allen Date Published: 5/8/2007 Article Title: Letter from UM VP for Information Technology Article URL: http://digmo.org/stories/2007/05/08/database-breach-e-mail/

Attribution 3 Publication: St. Louis DispatchAuthor: Harry Levins Date Published: 5/8/2007 Article Title: Hackers breach UM computers Article URL: http://www.stltoday.com/stltoday/news/stories.nsf/missouristatenews/story/283B912FC21C6E5B862572D5005520FC

Attribution 4 Publication: Columbia TribuneAuthor: Sara Semelka Date Published: 5/8/2007 Article Title: MU computer attack leaves 22,000 vulnerable Article URL: http://www.columbiatribune.com/2007/May/20070507News054.asp

Attribution 5 Publication: UM press releaseAuthor: staff Date Published: 5/7/2007 Article Title: University Press Release Article URL: doit.missouri.edu/computersecurity Identity Theft Resource Center Report Date: 12/31/2007 Page 100 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

An employee of the Vermont Student Assistance Corporation (VSAC) had his laptop stolen which contained emails with VSAC and Social Security numbers on it.

Attribution 1 Publication: WCAX- TV Channel 3Author: staff Date Published: 5/2/2007 Article Title: Stolen VSAD laptop compromises security Article URL: http://www.wcax.com/Global/story.asp?S=6461230&nav=4QcS

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070507-06 Indiana Department of IN 5/3/2007Electronic Government/Military Yes - 0 Administration Unknown #

The Indiana Department of Administration may have disclosed the SSNs of dozens of people involved with women or minority-owned businesses, officials said on May 7th. An employee was uploading a list to the website near the end of the day and inadvertently also put the tax identification numbers on the list. It was corrected within the next morning, about 12 hours later.

Attribution 1 Publication: South Bend TribuneAuthor: Deanna Martin, Assoc Date Published: 5/7/2007 Article Title: State site may have accidentally released Social Security numbers Article URL: http://www.southbendtribune.com/apps/pbcs.dll/article?AID=/20070507/News01/70507025

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070507-05 US Transportation Security US 5/3/2007Electronic Government/Military Yes - 100,000 Administration Published #

The TSA (Transportation Security Administration) has lost an external, portable computer hard drive containing the SSNs, bank data and payroll information for about 100,000 employees who worked for the Homeland Security agency between Jan. 2002- August 2005.. Authorities realized the drive was missing from a controlled area at TSA headquarters on Thursday, May 3, 2007. They are unsure if the device is still in the building or stolen.

Attribution 1 Publication: TSA Author: staff Date Published: 5/7/2007 Article Title: TSA press statement Article URL: http://www.tsa.gov/datasecurity/statement.shtm

Attribution 2 Publication: Associated PressAuthor: Matt Apuzzo- Associa Date Published: 5/4/2007 Article Title: TSA Loses Hard Drive With Personal Info Article URL: http://apnews.myway.com/article/20070505/D8OTUCJ80.html

Attribution 3 Publication: TSA Author: TSA Date Published: 5/4/2007 Article Title: Press Release- TSA Article URL: http://www.tsa.gov/datasecurity/faqs.shtm - 1 Identity Theft Resource Center Report Date: 12/31/2007 Page 101 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

An Information Technology investigation revealed a laptop stolen from a faculty member's home may contain 750 Louisiana university students personal information including SSNs. Sheri Thompson, IT Communication and Planning Officer said the faculty member did not immediately realize that the laptop could contain personal information. "People aren't necessarily aware of what they've got on their computers...Thinking about what was lost on the computer is sometimes an afterthought."

Attribution 1 Publication: Daily Reveille- Louisiana State UniversitAuthor: Leah Square Date Published: 5/3/2007 Article Title: Stolen laptop may hold id numbers Article URL: http://media.www.lsureveille.com/media/storage/paper868/news/2007/05/03/News/Stolen.Laptop.May.Hold.Id.Numb

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070507-03 Montgomery College TX 5/1/2007Electronic Educational Yes - 450 Published #

Montgomery College students, a campus just outside of Conroe, found that the list of about 450 graduating seniors was publicly available on all campus computers and includes names, SSNs and addresses. According to school officials it was accidentally posted on the public shared drive by a new employee. The list has since been removed.

Attribution 1 Publication: Houston ChronicleAuthor: Renee Lee Date Published: 5/4/2007 Article Title: ID theft a concern for Montgomery College Students Article URL: http://www.chron.com/disp/story.mpl/metropolitan/4777505.html

Attribution 2 Publication: ABC 13 local news, KTRK TV-HoustonAuthor: staff Date Published: 5/3/2007 Article Title: Students' personal information posted on campus computers Article URL: http://abclocal.go.com/ktrk/story?section=local&id=5268451

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070507-02 Maryland Dept. of Natural MD 4/29/2007Electronic Government/Military Yes - 1,433 Resources Published #

A thumb drive containing the names and SSNs of about 1400 past and current employees of the Maryland State Department of Natural Resources is lost and presumed missing according to Eric Schwaab, DNR deputy secretary. It was used by an employee to take work home with him and reported to management at the end of April. The affected individuals are primarily law enforcement officers.

Attribution 1 Publication: Baltimore SunAuthor: Candus Thompson Date Published: 5/3/2007 Article Title: DNR names, social security numbers are missing Article URL: http://www.baltimoresun.com/news/local/bal-dnrstory0503,0,2665140.story?coll=bal-local-headlines

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070507-01 Champaign Police Officers IL 4/20/2007Electronic Government/Military Yes - 139 Published #

The names and SSNs of 139 Champaign current and former police officers were left on a computer donated to charity. The problem surfaced April 20th when the city's Information Technologies Department got a call from Simplified Computers who had purchased the computer in question. Identity Theft Resource Center Report Date: 12/31/2007 Page 102 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: News GazetteAuthor: Steve Bauer Date Published: 5/1/2007 Article Title: Data about 139 officers left on donated computer Article URL: http://www.news-gazette.com/news/local/2007/05/01/data_about__officers_left_on_donated

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070501-08 IBM NY 2/23/2007Electronic Business Yes - 0 Unknown #

Data tapes containing names and SSNs of former IBM Corp. current and former employees have been lost. The incident occurred Feb 23, 2007 when a vendor transporting the tapes lost them somewhere in Westchester County. According to IBM spokesperson, Fred McNeese, "Some of the tapes could be misused if they fell in to the wrong hands. The tapes contained sensitive information including dates of birth, Social Security numbers, and addresses of current and former IBM employees. The majority of information was related to ex-IBMers." Some of the tapes were not encrypted, and McNeese could not say whether this was in violation of IBM policy.

Attribution 1 Publication: IDG News ServiceAuthor: Robert McMillian Date Published: 5/15/2007 Article Title: IBM contractor loses employee data Article URL: http://www.infoworld.com/article/07/05/15/IBM-contractor-loses-employee-data_1.html

Attribution 2 Publication: Poughkeepsie JournalAuthor: Craig Wolf Date Published: 4/23/2007 Article Title: IBM: Tapes with personal data lost Article URL: http://www.poughkeepsiejournal.com/apps/pbcs.dll/article?AID=/20070423/BUSINESS/704230333

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070501-06 AOL US 4/7/2007Electronic Business Yes - 0 Unknown #

A long-term hacker has been charged with four felony charges for allegedly breaking into AOL networks and databases between late December 2006 and April 2007 according to a complaint filed in the Criminal Court of the City of New York. The "cracker" is a 17 year old. For now, AOL isn't notifying any individual customers about the situation. "While [he] did seek to access accounts, we don't believe there was any data compromised that would require customer outreach," the spokeswoman wrote.

Attribution 1 Publication: IDG News- Computer World UKAuthor: Juan Carlos Perez Date Published: 4/27/2007 Article Title: Teenager charged with hacking into AOL databases Article URL: http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?newsid=2768

Attribution 2 Publication: IDG News Service- Info WorldAuthor: Juan Carlos Perez Date Published: 4/27/2007 Article Title: AOL: Hacker unlikely to have stolen customer data Article URL: http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/07/04/27/AOL-hacker-customer-data_1.ht

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070501-05 Virginia Department of Aging VA 4/18/2007Electronic Government/Military Yes - 40,000 (Password) **ITRC does not consider a password adequate protection for breached data. 40,000 elderly Virginians have been put at risk when a computer and other equipment was stolen from the Richmond headquarters of the Virginia Dept. of Aging last month. The department helps elderly obtain meals and home care. Those affected are being advised to monitor bills and financial accounts for fraudulent claims. The data was double password protected. Identity Theft Resource Center Report Date: 12/31/2007 Page 103 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Virginian-PilotAuthor: Christina Nuckols Date Published: 5/1/2007 Article Title: Personal data stolen from Virginia agency Article URL: http://content.hamptonroads.com/story.cfm?story=123820&ran=180020

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070501-04 JP Morgan Chase IL 4/15/2007Electronic Banking/Credit/Financial Yes - 47,000 Published #

JP Morgan Chase is investigating two breaches - one alleged that DC workers dumped documents into garbage bags outside of 5 branch offices in New York. A video is posted on YouTube about the incident. In a second incident- a missing tape containing customer and employee data was reported to the public mid April. "Meanwhile, in a separate incident, the bank two weeks ago started alerting some 47,000 customers and employees in the Chicago area about the potential compromise of their personal data after a disk containing the data was reported missing late last year. The bank said that it took so long to inform affected individuals due to the need to reconstruct the information on the tape.

The tape contained data from J.P. Morgan's private-client services business, which provides financial services to clients with a net worth in excess of $1 million. According to Tom Kelly, the bank's head of media relations for Retail Financial Services and the U.S. Region, the tape was delivered to a secure off-site facility for storage but went missing after that. There is no evidence so far that the data has been misused, he said." It potentially affects 47,000 people in the Chicago area

Attribution 1 Publication: Computer WorldAuthor: Jaikumar Vijayan Date Published: 5/1/2007 Article Title: J.P. Morgan Chase probing data breach shown in YouTube video Article URL: http://www.computerworld.com/action/emailpage.do?command=submit

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070501-03 University of New Mexico NM 4/27/2007Electronic Educational Yes - 3,000 Published #

The laptop of an outside consultant working on UNM's human resource and payroll systems was stolen in San Francisco. It contained names, addresses, id numbers and net pay for staff, faculty and a few grad students.

Attribution 1 Publication: KOB- Eye Witness News 4Author: Todd Dukart Date Published: 4/29/2007 Article Title: UNM says some employee information on stolen laptop Article URL: http://kob.com/article/stories/S72768.shtml?cat=517

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070501-02 Couriers on Demand TX Electronic Business Yes - 0 Unknown #

A North Texas company posted online the private information of hundreds of job applicants including SSNs, names, addresses, driver's license numbers and phone numbers. It has since been removed from the Internet.

Attribution 1 Publication: NBC 5Author: staff Date Published: 4/27/2007 Article Title: N. Texas Company Posted Private Information Online Article URL: http://www.nbc5i.com/money/13207482/detail.html Identity Theft Resource Center Report Date: 12/31/2007 Page 104 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Caterpillar Inc reported that a laptop computer was stolen from a benefits consultant that works with the company. It contained personal data on current and former employees, the majority of which are in the U.S. Caterpillar has more than 90,000 employees around the world, according to its website.

Attribution 1 Publication: St. Louis Post-DispatchAuthor: staff Date Published: 4/28/2007 Article Title: Pension consultant's computer stolen Article URL: http://www.stltoday.com/stltoday/business/stories.nsf/0/59EC256A02229099862572CB000C2047?OpenDocument

Attribution 2 Publication: San Francisco GateAuthor: Associated Press Date Published: 4/27/2007 Article Title: Caterpillar says employee data stolen Article URL: http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2007/04/27/financial/f172558D76.DTL&type=business

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070427-09 Google US 4/27/2007Electronic Business Yes - 0 Unknown #

Google has yanked paid advertisements linking to about 20 search terms that online criminals are using to hijack banking and other personal info from web surfers looking for the Better Business Bureau and other sites. It is unclear how many people were affected before the breach was discovered but appears to target only Windows XP users who have not properly updated their computers.

Attribution 1 Publication: MSNBCAuthor: Associated Press Date Published: 4/27/2007 Article Title: Data theft scam target Google ads Article URL: http://www.msnbc.msn.com/id/18348120/ Identity Theft Resource Center Report Date: 12/31/2007 Page 105 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

A hacker who calls himself MaddoxX has allegedly exposed credit card details of thousands of customers and is threatening to publish. Valve Software is a company that makes software games and even has outlet stores in the United States. "Customers say Valve has known about the alleged security breach since April 8 at the latest….A customer told us he raised the hacker's claims on Valve's Steampowered.com forums, but a company moderator quickly stepped in to delete it, writing, "Please do not re-post that thread. Valve are aware of the issue and are investigating. Making threads on the issue will not help. Sources say a dozen threads about the matter have been suppressed on Valve's official forums. In the meantime the firm has made no attempt to contact the thousands of cyber cafe owners potentially affected. A large file posted on a file sharing site appears to back up the hacker's claims of breaking into the server of Valve's distribution network, Steam. It contains sensitive financial information including Valve's current assets, full details of five credit card transactions from March 12 with the threat of exposing more, and details of how to set up a fake cyber cafe certificate for multiplayer Counter Strike. The 14MB plus directory is essentially a "rip" of the cyber cafe content delivery platform, Steam Cafe, and contains all the files to access Valve's Central Authentication Server."

We contacted MaddoxX via email. He claimed he first gained access to Steam this January, and said that although the cyber cafe customer database is not linked to the standard customer list, he has access to that too. Valve have not contacted him, he said, but have approached his hosting provider to take down the page which announces the hack, so far without success.

The hacker says it's not his intention to steal information. He told us: "I just came across the login details when I was browsing some stuff. The access to their whole customer database was more like luck, but still a hack because the login details are inside some files. They changed the logins now and made it not possible anymore to get the details from the files. The [credit card] details itself are stored in a MySQL database where I still have access to." It is just to show how lax they are with their security. I want a full excuse from VALVe on their site that they did NOT inform anyone about this. I've got several e-mails from cafe owners and they said VALVe hasn't even said shit to them...so you can see how they threat their customers."

Attribution 1 Publication: The RegisterAuthor: Chris Williams Date Published: 4/19/2007 Article Title: Counter Strike firm in credit card hack claim Article URL: http://www.theregister.co.uk/2007/04/19/valve_steam_hack/

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070427-07 Albertsons stores CA 1/26/2007Electronic Business Yes - 0 Unknown #

A group of thieves apparently have replaced an Electric Funds Transfer unit, or PIN pad, at some Albertsons stores allowing them to steal customer account information and PIN numbers. They then used cloned credit cards to clean out the victims' bank accounts via ATM withdrawals. This investigation is still underway as the company replaces or upgrades all card readers.

Attribution 1 Publication: CBS ChicagoAuthor: Dorothy Tucker Date Published: 4/23/2007 Article Title: Identity Theft Scam At Albertson's Grocery Stores Article URL: http://cbs2chicago.com/consumer/local_story_113180054.html

Attribution 2 Publication: Inside Bay Area- The Daily ReviewAuthor: Alejandro Alfonso Date Published: 4/20/2007 Article Title: Identity theft probe expands to Alameda Article URL: http://www.insidebayarea.com/dailyreview/localnews/ci_5711749 Identity Theft Resource Center Report Date: 12/31/2007 Page 106 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

An employee was found to have fellow employees' data on a laptop including names, SSNs and bank account info. The list dates to 2001. An investigation is underway since this employee was not authorized to have this information. The data was found during a routine virus scan of computers.

Attribution 1 Publication: Alamogordo Daily News, NMAuthor: staff Date Published: 4/17/2007 Article Title: DA investigates possible data security breach Article URL: http://www.alamogordonews.com/news/ci_5682295

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070427-05 Ceridian Corp MN 4/26/2007Electronic Business Yes - 150 Published #

the Payroll process firm Ceridian Corp. accidentally posted employee data from a New York advertising firm "Innovation Interactive" on a Web site. Ceridian said a former employee accidentally posted the id and bank account data on a personal Web site. The employee took the data by accident after leaving the company in March 2006.

Attribution 1 Publication: Twin Cities Business JournalAuthor: Carissa Wyant Date Published: 4/26/2007 Article Title: Ceridian accidentally leaks data from NY firm Article URL: http://twincities.bizjournals.com/twincities/stories/2007/04/23/daily36.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070427-04 Purdue University IN 4/24/2007Electronic Educational Yes - 175 Published #

Students from the fall 2001 semester may have had information posted on a web page inadvertently available on the Internet. It contained names and SSNs of students enrolled in a freshman engineering honors course.

Attribution 1 Publication: Purdue UniversityAuthor: Press release Date Published: 4/24/2007 Article Title: 175 told of possible computer security incident at Purdue Article URL: http://news.uns.purdue.edu/x/2007a/070424KsanderEngineer.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070427-03 Baltimore County Dept. of MD 4/16/2007Electronic Government/Military Yes - 6,000 Health Published #

A laptop containing the SSN, date of birth, names and contact info of about 6,000 people was stolen on April 16, 2007 from a Baltimore County health center according to a department spokesperson. The information is from patients seen between 1/1/04-4/12/04

Attribution 1 Publication: WJZ- Baltimore NewsAuthor: Associated Press Date Published: 4/24/2007 Article Title: Baltimore Co. laptop stolen with personal info Article URL: http://wjz.com/local/local_story_114155042.html Identity Theft Resource Center Report Date: 12/31/2007 Page 107 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 2 Publication: ABC 2 NewsAuthor: staff Date Published: 4/24/2007 Article Title: Baltimore County laptop stolen with personal info of 6,000 Article URL: http://www.abc2news.com/news/local/story.aspx?content_id=34d79741-c0bd-4b0b-b6ed-91b75f81cd8e

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070427-02 Neiman Marcus Group TX 4/24/2007Electronic Business Yes - 160,000 Published #

A pension consultant reviewing the files of Neiman Marcus Group had computer equipment stolen. The files included 2-year old data, current as of Aug 30, 2005, and included name, address, SSN, date of birth and salary information. Employees hired after 8/20/05 are not affected. Included are current and former employees of Neiman Marcus Stores, Neiman Marcus Direct, Bergdorf Goodman, Horchow, Horchow Finale, Last Call and individuals receiving a Neiman Marcus Group pension. It also includes information for employees of Chefs Catalog and Contempo Casuals when they were part of Neiman Marcus.

Attribution 1 Publication: Dallas Morning NewsAuthor: Pamela Yip and Maria Date Published: 4/25/2007 Article Title: Neiman employees' data stolen Article URL: http://www.dallasnews.com/sharedcontent/dws/bus/stories/DN-neimansdata_25bus.ART0.State.Edition1.365dcee.ht

Attribution 2 Publication: Dallas Morning NewsAuthor: Maria Kalkias Date Published: 4/24/2007 Article Title: Neiman says employee data stolen Article URL: http://www.wfaa.com/sharedcontent/dws/bus/stories/042507dnbusneiman.40beadd.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070427-01 US Dept of Agriculture US 4/17/2007Electronic Government/Military Yes - 38,700 Published #

While the number is still not final, it is estimated that between 38,000- 63,000 people who received Agriculture Department grants or loans since 1981 have been posted on a publicly available governmental web site in error since 1996. The site is maintained by the Census Bureau. The people were awarded funds through the Farm Service Agency (FSA) or USDA Rural Development (RD). The FSA programs involved are limited to; Conservation Security Program, Emergency Loan for Seed Producers, Emergency Loans, Farm Labor Housing Loans and Grants, Farm Ownership Loans, Special Apple Program, and the Wetlands Reserve Program. The numbers were removed on April 17 but may have been up for many years. Similar data was removed from 32 other agencies as a precaution according to Agriculture spokeswoman Terri Teuber. The breach was discovered by a farmer surfing the net. A hotline has been established - 800 FED-INFO. Unfortunately some watchdog organizations had also copied the info but is uncertain if all have removed the information. The 38,700 is attributed to individuals. No mention has been made of company EIN numbers that may be at risk.

Attribution 1 Publication: Gannett News ServiceAuthor: Malia Rulon Date Published: 4/25/2007 Article Title: Space announces USDA leak hearing Article URL: http://www.newarkadvocate.com/apps/pbcs.dll/article?AID=/20070425/UPDATES01/70425024/1002/NEWS01

Attribution 2 Publication: Fox NewsAuthor: Michael Sniffen- Asso Date Published: 4/23/2007 Article Title: Report: ID breach smaller than feared Article URL: http://www.foxnews.com/wires/2007Apr23/0,4670,GovernmentDataBreach,00.html

Attribution 3 Publication: New York TimesAuthor: Ron Nixon Date Published: 4/20/2007 Article Title: Federal Database Exposes Social Security Numbers Article URL: http://www.nytimes.com/2007/04/20/washington/20cnd-data.html?_r=1&hp=&adxnnl=1&oref=slogin&adxnnlx=11771

Attribution 4 Publication: Axcess NewsAuthor: staff Date Published: 4/20/2007 Article Title: USDA admits data breach, thousands of social security numbers revealed Article URL: http://www.axcessnews.com/index.php/articles/show/id/10832 Identity Theft Resource Center Report Date: 12/31/2007 Page 108 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 5 Publication: Seattle Post-IntelligencerAuthor: Michael Sniffen- Asso Date Published: 4/20/2007 Article Title: Fed breach leaks Social Security Numbers Article URL: http://seattlepi.nwsource.com/national/1152AP_Government_Data_Breach.html

Attribution 6 Publication: Author: Date Published: 4/20/2007 Article Title: Press release from USDA Article URL: http://www.usda.gov/wps/portal/!ut/p/_s.7_0_A/7_0_1RD?printable=true&contentidonly=true&contentid=2007/04/010

Attribution 7 Publication: Denver PostAuthor: Michael Sniffen, Asso Date Published: 4/20/2007 Article Title: Fed Breach Leaks Social Security Numbers Article URL: http://origin.denverpost.com/nationworld/ci_5714663

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070420-03 Los Alamos National NM 3/25/2007Electronic Government/Military Yes - 550 Laboratory Published #

Los Alamos National Laboratory warned 550 lab employees that their names and SSNs had been posted on a Web site run by a subcontractor working on a security system. It is unknown how long the information had been online, now ever, the subcontractor's business (Lujjan Software Services) had not been active for about 2 years. The breach was discovered late in March 2007

Attribution 1 Publication: Santa Fe New MexicanAuthor: Sue Major Holmes, A Date Published: 4/20/2007 Article Title: Los Alamos warns workers about identity theftq Article URL: http://www.freenewmexican.com/news/60494.html

Attribution 2 Publication: Dallas NewsAuthor: Sue Major Holmes, A Date Published: 4/18/2007 Article Title: Los Alamos sybersecurity focus of congresssional hearing Article URL: http://www.dallasnews.com/sharedcontent/APStories/stories/D8OJ97GG1.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070420-02 New Mexico State University NM 4/5/2007Electronic Educational Yes - 5,600 Published #

The names and SSNs of more than 5,600 New Mexico State University students were accidentally posted on the school's web site on April 5th for about 2 hours before the mistake was caught. The file was accessed by 14 computers and all the IP addresses have been tracked. Affected students had registered online to attend commencement ceremonies from 2003-2005.

Attribution 1 Publication: The Santa Fe New MexicanAuthor: Associated Press Date Published: 4/19/2007 Article Title: Personal data of NMSU students posted online Article URL: http://www.freenewmexican.com/news/60444.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070420-01 University of CA, San CA 3/30/2007Electronic Medical/Healthcare Yes - 0 Francisco-2 Unknown #

A computer server was stolen containing names, contact info and SSN for study subjects and potential study subjects involved in a project related to causes and cures of different types of cancer. It was taken from a locked office on March 30, 2007. A hotline has been established for concerned individuals- 866-485-8777 Identity Theft Resource Center Report Date: 12/31/2007 Page 109 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: UCSFAuthor: UCSF alert Date Published: 4/16/2007 Article Title: Frequently Asked Questions Article URL: http://www.ucsf.edu/alert

Attribution 2 Publication: UCSFAuthor: UCSF Date Published: 4/16/2007 Article Title: Letter from UCSF News Dept. Article URL: http://www.ucsf.edu/alert/letter.html

Attribution 3 Publication: Press ReleaseAuthor: Corinna Kaarlela, Ne Date Published: 4/16/2007 Article Title: UCSF computer server with research subject information is stolen Article URL: http://pub.ucsf.edu/newsservices/releases/200704189/

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070417-03 Donaldson Elementary AZ 4/5/2007Electronic Educational Yes - 380 School Published #

The Donaldson Elementary School had a computer server stolen from the school. It contained parent names, addresses, staff names, addresses and phone numbers. It does not appear that SSNs were involved

Attribution 1 Publication: KVOA 4 TucsonAuthor: Sandy Rathbun Date Published: 4/6/2007 Article Title: Student and staff info stolen Article URL: http://kvoa.com/Global/story.asp?S=6337852&nav=HMO6

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070417-02 Ohio State University -1 OH 2/24/2007Electronic Educational Yes - 3,500 Published #

In an article about a computer hacking, OSU also acknowledged "Ohio State also reported Monday that two laptops stolen from the home of a professor in February contained the Social Security numbers and grades of about 3,500 chemistry students over the past decade….Professor Robert Coleman said he transferred the contents of one laptop onto a new laptop just before they were stolen from his house Feb. 24, along with other items.

Information on the laptops included class rosters with students. Social Security numbers and federal grant reports that list the names and Social Security numbers of postdoctoral and undergraduate students working under the grants," Coleman said.

Attribution 1 Publication: SC MagazineAuthor: Frank Washkuch Jr. Date Published: 4/18/2007 Article Title: Hackers, laptop thieves compromise personal information of 17,500 at Ohio State in separate incidents Article URL: http://scmagazine.com/us/news/article/651562/hackers-laptop-thieves-compromise-personal-information-17500-ohi

Attribution 2 Publication: Coshocton TribuneAuthor: Associated Press Date Published: 4/17/2007 Article Title: Personal info stolen from OSU computer Article URL: http://www.coshoctontribune.com/apps/pbcs.dll/article?AID=/20070417/UPDATES01/70417003/1002/NEWS01 Identity Theft Resource Center Report Date: 12/31/2007 Page 110 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Someone hacked into an Ohio State University computer and stole the personal information of more than 14,000 current and former staff and faculty members during the weekend of March 31st from the Office of Research. This is the second breach reported by the university. In February 2 laptops were stolen from the home of a professor with the SSNs and grades of about 3500 chemistry students over the past decade.

Attribution 1 Publication: Coshocton TribuneAuthor: Associated Press Date Published: 4/17/2007 Article Title: Personal info stolen from OSU computer Article URL: http://www.coshoctontribune.com/apps/pbcs.dll/article?AID=/20070417/UPDATES01/70417003/1002/NEWS01

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070413-04 Bank of America NC 4/1/2007Electronic Banking/Credit/Financial Yes - 0 Unknown #

A stolen Bank of America Corp. laptop has resulted in the loss of current, former and retired employees personal information. The bank is not providing a number of affected individuals at this time. Lost data includes names, addresses, birthdays, and SSNS. The laptop belonged to an employee who experienced a recent break-in.

Attribution 1 Publication: Charlotte ObserverAuthor: Rich Rothacker Date Published: 4/13/2007 Article Title: Stolen laptop has Article URL: http://charlotte.com/123/story/83747.html

Attribution 2 Publication: Charlotte ObserverAuthor: Rick Rothacker Date Published: 4/12/2007 Article Title: Stolen BofA laptop held employee data Article URL: http://charlotte.com/115/story/83368.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070413-03 University of Pittsburgh PA 4/10/2007Electronic Medical/Healthcare Yes - 80 Medical Center Published #

A preliminary investigation has revealed that 80 patients who were referred to during a symposium in 2002 have had their names, medical records and SSNs posted to the Radiology Department website. In 2005, the problem was discovered and the information removed. "It was apparently reposted on the site," said Bob Cindrich, UPMC chief legal officer and legal counsel. A complete audit is in process. The reposting was finally noticed on April 10, 2007.

Attribution 1 Publication: Penn LiveAuthor: Associated Press Date Published: 4/14/2007 Article Title: Breach includes Social Security numbers of about 80 UPMC patients Article URL: http://www.pennlive.com/newsflash/pa/index.ssf?/base/news-48/117657209138210.xml&storylist=penn

Attribution 2 Publication: Associated PressAuthor: press release Date Published: 4/12/2007 Article Title: Press Release- Improperly revealed information has been removed from the UPMC web site Article URL: http://www.pittsburghlive.com/x/pittsburghtrib/news/cityregion/s_502354.html

Attribution 3 Publication: Pittsburgh Tribune-ReviewAuthor: Associated Press Date Published: 4/12/2007 Article Title: UPMC apologizes for posting private patient information Article URL: http://www.pittsburghlive.com/x/pittsburghtrib/news/cityregion/s_502354.html Identity Theft Resource Center Report Date: 12/31/2007 Page 111 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Black Hills State University in SD notified 56 scholarship winners that their SSNs were posted in error on the college website March 29, 2007. The information was removed on 4/10 after learning about the problem.

Attribution 1 Publication: Keloland TelevisionAuthor: Keloland Television Date Published: 4/12/2007 Article Title: BHSU website lists personal information Article URL: http://www.keloland.com/News/NewsDetail6374.cfm?Id=0,56215

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070413-01 ChildNet FL 4/6/2007Electronic Government/Military Yes - 12,000 (Password) **ITRC does not consider a password adequate protection for breached data. A computer with 12,000 foster-care parents, adoptive parents and others was stolen from a "secure" office at ChildNet Headquarters, a nonprofit that runs the Broward County's child welfare programs On 4/12 the Sun Sentinel updated the story with the following info: This is the latest in a string of recent thefts at this nonprofit. A suspect has been named but no charges have been filed. The information included names, financial and credit data, SSN, driver's license and passport numbers. It did not include info about foster children and the computer (not the file) needs a password to access the info.

Attribution 1 Publication: South Florida Sun SentinetAuthor: Brian Haas and Bill Hi Date Published: 4/14/2007 Article Title: FBI seizes ChildNet records; CEO fired as more allegations mount against nonprofit Article URL: http://www.sun-sentinel.com/news/local/southflorida/sfl-cchildnet14apr14,0,6355081.story?coll=sfla-home-headline

Attribution 2 Publication: Sun SentinelAuthor: Brian Haas and Bill Hi Date Published: 4/12/2007 Article Title: Stolen ChildNet Laptop puts 12,000 at risk of ID theft Article URL: http://www.sun-sentinel.com/news/local/southflorida/sfl-cchildnet12apr12,0,5437573.story?coll=sfla-home-headline

Attribution 3 Publication: Local 10 newsAuthor: staff Date Published: 4/11/2007 Article Title: Police: Stolen laptop contains foster parents' personal info Article URL: http://www.local10.com/news/11624491/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070411-02 Georgia Dept. of Community GA 4/3/2007Electronic Medical/Healthcare Yes - 2,900,000 Health/Affiliated Computer Published #

According to the Atlanta Journal-Constitution, a CD containing names, SSNs, and addresses of people on Medicaid and Peach Care over a 4-year period until June 2006 has been lost. The total number of potentially affected people is 2.9 million Georgians including children. Affiliated Computer Services, a Dallas-based company, lost the CD while it was being transported by a private carrier. Dena Brummer, press secretary for the state health agency, said she was not aware whether the information on the disk was encrypted and couldn't say whether the data loss would effect her agency's data-handling practices in the future. Update: As of 5/11 the disk is still lost but "there is no indication that any of the information has been used," according to Dr. Rhonda Medows, commissioner of the state Dept. of Community Health.

Attribution 1 Publication: Atlanta Journal-ConstituionAuthor: Bill Hendrick Date Published: 5/11/2007 Article Title: Disk with 2.9 million Georgians' data still lost, but so far unused Article URL: http://www.ajc.com/metro/content/metro/stories/2007/05/10/0511metdata.html

Attribution 2 Publication: Computer WorldAuthor: Lucas Mearian Date Published: 4/10/2007 Article Title: Georgia agency loses private data of 2.9M Medicaid recipients Article URL: http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=privacy&articleId=901614 Identity Theft Resource Center Report Date: 12/31/2007 Page 112 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 3 Publication: Atlanta Journal-ConstitutionAuthor: Andy Miller Date Published: 4/10/2007 Article Title: Personal data on 2.9 million Georgians lost Article URL: http://www.ajc.com/metro/content/metro/stories/2007/04/10/0410metlost_web.html

Attribution 4 Publication: WTVMAuthor: staff Date Published: Article Title: Medicaid and PeachCare Possibly Affected by Data Breach Article URL: http://www.wtvm.com/Global/story.asp?S=6350300&nav=8fap

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070411-01 Turbo Tax US 4/8/2007Electronic Business Yes - 0 Unknown #

A woman discovered that possibly thousands of Turbo Tax's records have been exposed via an undisclosed website. Full information is not available upon request of investigators. This breach seems to have exposed information from electronic filings.

Attribution 1 Publication: WRCB TVAuthor: WRCB TV Date Published: 4/9/2007 Article Title: Turbo Tax Error Article URL: http://www.wrcbtv.com/news/index.cfm?sid=7473

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070409-04 Security Title Agency AZ 3/1/2007Electronic Banking/Credit/Financial Yes - 0 Unknown #

Five weeks ago a hacker alerted the web site of Security Title Agency in Phoenix defacing the web site. Customer information is stores on the same server as the web site. "Security Title Agency admits it's not "100 percent sure" customer information wasn't obtained. But the company is providing free credit monitoring for its customers."

Attribution 1 Publication: KTARAuthor: Kevin Tripp Date Published: 4/5/2007 Article Title: Title Agency warns customers about security breach Article URL: http://ktar.com/?nid=6&sid=440413

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070409-03 Chicago Public Schools- IL 4/6/2007Electronic Educational Yes - 40,000 McGladrey & Pullen (Password) **ITRC does not consider a password adequate protection for breached data. Two laptops containing names and SSNs of 40,000 current and former school employees were stolen from the Chicago Public Schools headquarters downtown offices. However, the laptops belonged to an accounting firm- McGladrey and Pullen and its subcontractor which were doing a review of pension fund contributions and they were responsible for any protection placed on those files. Anyone who contributed to the system's Teacher Pension Fund between 2003-2006 may be at risk. The suspect's image was captured by video and the police are investigating. Files were password protection and one may have been encrypted. Full details of the laptop security systems were not made public by the owners of the computers, the accounting firm. A hotline has been set up- 771-553-1142

Attribution 1 Publication: NBC-5Author: staff- NBC5 Date Published: 4/9/2007 Article Title: Teachers angry over security breach Article URL: http://www.nbc5.com/news/11592000/detail.html

Attribution 2 Publication: Chicago TribuneAuthor: Matthew Walberg Date Published: 4/8/2007 Article Title: Teachers to get credit protection after laptop thefts Article URL: http://www.chicagotribune.com/news/local/chicago/chi-0704070330apr08,1,2393718.story?coll=chi-newslocalchicag Identity Theft Resource Center Report Date: 12/31/2007 Page 113 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 3 Publication: Daily JournalAuthor: Associated Press Date Published: 4/6/2007 Article Title: Stolen laptops contain data on 40,000 Chicago schools employees Article URL: http://www.daily-journal.com/archives/dj/display.php?id=392152

Attribution 4 Publication: CPS Office of CommunicationsAuthor: Mike Vaughn Date Published: 4/6/2007 Article Title: Press release from CPS Article URL: http://www.cps.k12.il.us/AboutCPS/PressReleases/April_2007/stolen%20laptop.htm

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070409-02 Hortica-Florists' Mutual IL 4/5/2007Electronic Business Yes - 0 Insurance Company Unknown #

Florist's Mutual Insurance Company announced a locked shipping case containing magnetic backup tapes cannot be located. They believe the tapes include SSNs, names, driver's license numbers and/or bank account numbers. It was being transported by UPS from a secure offsite facility to the company's headquarters. On April 5, 2007, UPS notified Hortica that all internal recovery processes had been exhausted.

Attribution 1 Publication: Press release- HorticaAuthor: Press release- Hortica Date Published: 4/6/2007 Article Title: Hortica alerting public to loss of backup tapes Article URL: http://www.pr-inside.com/hortica-alerting-public-to-loss-of-r87434.htm

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070409-01 DCH Health System AL 3/22/2007Electronic Medical/Healthcare None - 0 Encrypted Data The SSNs and other personal identification data of about 6,000 DCH Health System current and former employees as well as vested participants, surviving spouses or vested participants is missing. An ENCRYPTED disk and hardcopy documents were lost by a consulting company, Mercer Human Resources Consulting. A packet containing these items disappeared after reaching its intended destination in Louisiana. Note: the problem here is the hardcopy documents rather than the encrypted disk.

Attribution 1 Publication: Tuscaloosa NewsAuthor: Sarah Bruyn Jones Date Published: 4/5/2007 Article Title: Pension data loss could put DCH employees, retirees at risk Article URL: http://www.tuscaloosanews.com/article/20070405/TL01/70405018/-1/NEWS03

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070405-01 University of CA- San CA 3/1/2007Electronic Educational Yes - 46,000 Francisco -1 Published #

UCSF is notifying 46,000 students, faculty and staff that a compromise in security of a computer server may have put their personal info at risk. It did not include patient names or patient info. Data may include names, SSNs and bank account numbers used for electronic payroll and reimbursement deposits. The incident was identified late March and the server taken off line immediately. A hotline has been established- 415-353-8100

Attribution 1 Publication: press releaseAuthor: UCSF press release Date Published: 4/4/2007 Article Title: UCSF Establishes Identity Theft Website: Hotline Article URL: http://pub.ucsf.edu/today/cache/news/200704043.html

Attribution 2 Publication: UCSF news serviceAuthor: press release- ucsf Date Published: 4/4/2007 Article Title: UCSF reports possible compromise in computer security Article URL: http://pub.ucsf.edu/newsservices/releases/200704041/ Identity Theft Resource Center Report Date: 12/31/2007 Page 114 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 3 Publication: KCBSAuthor: KCBS staff Date Published: 4/4/2007 Article Title: Personal Data on Thousands at Risk at UC Security Breach Article URL: http://kcbs.com/pages/338151.php?contentType=4&contentId=398749

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070401-01 University of Montana- MT 3/27/2007Electronic Educational Yes - 500 Western Published #

Between 400 and 500 current and former Univ. of Montana-Western students are potentially at risk after the theft of a computer disk containing names, birth dates, addresses and SSNs from a professor's office, according to school officials. The students are enrolled in the TRIO Student Support Services program.

Attribution 1 Publication: Havre Daily News, North Central MontanAuthor: Associated Press Date Published: 3/30/2007 Article Title: Students. personal information stolen from UM-Western office Article URL: http://www.havredailynews.com/articles/2007/03/30/local_headlines/state.txt

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070330-02 Los Angeles County Child CA 2/24/2007Electronic Government/Military Yes - 243,000 Support Services Published #

Three laptops are missing from a Los Angeles County Child Support Services office, potentially affecting 243,000 clients in Los Angeles, Orange and San Diego counties. The laptops contained personal info including SSNs and went missing during the weekend of Feb 24, 2007. The agency located divorced parents who are in arrears in child support, establishes paternity and collects and distributes child support payments to families. An investigation found that the computers may have contained fewer than 1,000 records but are notifying all potentially affected.

Attribution 1 Publication: Los Angeles TimesAuthor: Susannah Rosenblatt Date Published: 3/30/2007 Article Title: Child support data may be at risk Article URL: http://www.latimes.com/technology/la-me-idtheft30mar30,1,5712063.story?coll=la-headlines-technology&ctrack=1&

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070330-01 Navy Station-College Office CA 3/29/2007Electronic Government/Military Yes - 0 (Password) **ITRC does not consider a password adequate protection for breached data. Three password protected laptop computers are messing from the Navy College Office located on Naval Station San Diego. They believe that SSN, names, rate, rankings and course info were on the computers. This impacts current and former sailors home ported from January 2003 to October 2005 and who were enrolled in the Navy College Program for Afloat College Education.

Attribution 1 Publication: Navt NewsAuthor: staff Date Published: 3/30/2007 Article Title: Navy Laptops with sailor info stolen Article URL: http://www.military.com/features/0,15240,130657,00.html Identity Theft Resource Center Report Date: 12/31/2007 Page 115 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

About 380 St. Mary Parish school employees SSNs were accessed on March 19th by a Yahoo! web page search engine crawler. St. Mary Parish schools Superintendent Donald Aguillard said the crawler violated the school district Web page by accessing a database that stored 2002 through 2004 staff development rosters. Student information was not affected.

"These files were previously secure," Aguillard said. "Yahoo!'s new aggressive Web crawler infiltrated the public server and our technology department responded immediately to the breach in security by addressing the following: Contacting Yahoo! and demanding that our information be stricken from cached files, notified all workshop participants of the possibility that their personal information was revealed, while also contacting the Web page archiving services and demanding the removal of our cached pages." Aguillard said the school system had a file that had been unreadable over the Internet until the Yahoo! search engine got to the public server

Attribution 1 Publication: Daily Iberian- LAAuthor: Randy Louis Date Published: 3/27/2007 Article Title: SS numbers accessed Article URL: http://www.iberianet.com/articles/2007/03/27/news/news/news15.txt

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070329-03 US Army Training and VA 3/26/2007Electronic Government/Military Yes - 16,000 Doctrine Command (Password) **ITRC does not consider a password adequate protection for breached data. A laptop with the names, SSNs and payroll info of as many as 16,000 civilian employees at Fort Monroe was stolen from an employee's personal vehicle. The computer was password protected. The potentially affected employees all work at the US Army Training and Doctrine Command at Fort Monroe.

Attribution 1 Publication: WAVYAuthor: Associated Press Date Published: 3/26/2007 Article Title: Laptop computer containing info on 16,000 Fort Monroe employees stolen Article URL: http://www.wavy.com/Global/story.asp?S=6282161&nav=23ii

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070329-02 Group Health Cooperative WA 3/7/2007Electronic Medical/Healthcare Yes - 31,000 Health Care System Published #

Group Health Cooperative Care System announced that two laptops containing the SSNs, names, addresses and group health id numbers of local patients and employees of about 31,000 are missing. One computer disappeared on Feb. 26th and the other on March 7th.

Attribution 1 Publication: KOMO- TV SeattleAuthor: Joe Furia Date Published: 3/24/2007 Article Title: Group Health laptops missing, 31,000 identities at risk Article URL: http://www.komotv.com/news/6681342.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070329-01 Swedish Urology Group WA 3/22/2007Electronic Medical/Healthcare Yes - 0 Unknown #

The Swedish Urology Group located in Seattle WA is notifying hundreds of current and former patients about 3 stolen external computer hard drives that contained personal information dating back at least 3 or 4 years. The hard drives contained medical staff info as well. Identity Theft Resource Center Report Date: 12/31/2007 Page 116 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: KOMO TV- SeattleAuthor: Connie Thompson Date Published: 3/23/2007 Article Title: Hard drives containing hundreds of patient files stolen Article URL: http://www.komotv.com/news/consumer/6678947.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070323-01 California Secretary of State CA 1/1/2004Electronic Government/Military Yes - 0 Website Unknown #

Businesses and consumers exposed: "Hundreds of thousands of Californians' Social Security numbers were vulnerable to abuse by identity thieves because they were made publicly available through the Secretary of State's Web site over the last three years, officials said Thursday.

The personal data was removed from Secretary of State Debra Bowen's Web site earlier this week after a state legislator notified her office of the possible vulnerability. The data was available in Uniform Commercial Code filings - documents lenders file relating to collateral securing a loan. About one-third of the 2 million UCC documents on file had the borrower's name, address, Social Security number and signature. The other two-thirds of the documents were for loans to businesses, rather than individuals. The documents were only available to account users, which are mostly financial institutions though there are no restrictions on who can open an account

Attribution 1 Publication: Author: Secretary of State De Date Published: 3/22/2007 Article Title: Press Release from the CA Secretary of State Article URL: Contact info: Nicole Winger- 916-653-6575

Attribution 2 Publication: Long Beach Press TelegramAuthor: Harrison Sheppard, S Date Published: 3/22/2007 Article Title: California exposed SSNs to theft Article URL: http://www.presstelegram.com/search/ci_5501299

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070322-02 Indiana State Nursing IN 1/19/2007Electronic Government/Military Yes - 71,000 Database Published #

A hacker accessed the personal info of 71,000 Indiana nursing assistants and home health aides from the state database. This is the second breach of the state's website this year. It is believed the same hacker got both sets of information. According to the IN Office of Technology this breach was discovered as a part of the audit process from the original breach in February. Anyone concerned may call them (877) 249-1146 for more information.

Attribution 1 Publication: WSBT -TV and South Bend TribuneAuthor: Samuel King Date Published: 3/19/2007 Article Title: 71,000 people have personal information hacked in Indiana Article URL: http://www.southbendtribune.com/apps/pbcs.dll/article?AID=/20070319/News01/70320010

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070322-01 Tax Service Plus CA 3/7/2007Electronic Business Yes - 4,000 Published #

Three years of unencrypted private financial records of 4,000 clients of Tax Service Plus were stolen from a Santa Rosa accounting firm. The records included SSNs, addresses, credit card info and documents with signatures. On March 7th someone used a sledgehammer to break through the steel back door of the company's office. They stole the backup computer.

Attribution 1 Publication: CBS - 5 KPIX TV San FranciscoAuthor: Jeffrey Schaub Date Published: 3/20/2007 Article Title: Private Tax Files Stolen From SoCo Accounting Firm Article URL: http://cbs5.com/business/local_story_079213034.html Identity Theft Resource Center Report Date: 12/31/2007 Page 117 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070320-08 Springfield City Schools OH 2/22/2007Electronic Educational Yes - 2,000 (Password) **ITRC does not consider a password adequate protection for breached data. While nearly 2,000 current and former employees of the Springfield City Schools are being notified that their names and SSNs was taken, there may little cause for concern since the information was name and password protected. The laptop was stolen from a state auditor's office and includes records from 2003 and 2004. The laptop was stolen on Feb 22nd from the employee's vehicle parked at home in a garage.

Attribution 1 Publication: Springfield News SunAuthor: Andrew McGinn Date Published: 3/16/2007 Article Title: Laptop with city school employees' information stolen Article URL: http://www.springfieldnewssun.com/hp/content/oh/story/news/local/2007/03/16/sns031707laptop.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070320-07 Empire Blue Cross and Blue NY 1/9/2007Electronic Medical/Healthcare Yes - 75,000 Shield/Wellpoint Published #

WellPoint, one of the nation's health insurers, is notifying members of its Empire Blue Cross and Blue Shield unit in New York that an unencrypted compact disk containing medical records, health plan id numbers and SSNs has disappeared. The company had removed coding and passwords prior to sending it to a subcontractor. It is the second breach involving WellPoint which is also linked via Concentra to the Anthem Blue Cross and Blue Shield program. Update- 3/15: The CD was found, now reported missing since January. Apparently it was delivered to a residence in the Philadelphia area. The people have been interviewed and, “We have no reason to believe, based on our interviews, that there was any improper access to the evidence,” Ms. Sommers, a spokesperson for the company that monitors payments for this program said.

Attribution 1 Publication: New York TimesAuthor: Milt Freudenheim Date Published: 3/15/2007 Article Title: CD Holding Medical Data of 75,000 Is Retrieved Article URL: http://www.nytimes.com/2007/03/15/business/15insure.html?_r=1&oref=slogin

Attribution 2 Publication: New York TimesAuthor: Milt Freudenheim Date Published: 3/14/2007 Article Title: Medical Data on Empire Blue Cross Members May Be Lost Article URL: http://www.nytimes.com/2007/03/14/business/14insure.html?_r=1&oref=slogin

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070320-06 University of Idaho-2 ID 2/8/2007Electronic Educational None - 0 Other Protection The Univ. of Idaho reports a third data breach that may have risked about 2,700 university employees' SSNs , birthdates and names but did not include financial account numbers. The file is in a proprietary binary format readable only with compatible software but was posted to the school's website for about 19 days in February. The file was removed on Feb. 27th.

Attribution 1 Publication: KLEWAuthor: Associated Press and Date Published: 3/10/2007 Article Title: Another computer security breach at UI Article URL: http://www.klewtv.com/news/6411372.html Identity Theft Resource Center Report Date: 12/31/2007 Page 118 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

"The Census Bureau inadvertently posted personal information from 302 households on a public Internet site multiple times over a five-month period, the bureau said Wednesday, while it tested new software. The information included names, addresses, phone numbers, birth dates and family income ranges, said Ruth Cymber, the agency's director of communications. No Social Security numbers were posted, and there is no evidence that the data was misused, Cymber said. But, she added, posting the information violated bureau policies and federal law." The affected households were located in Alabama, Alaska, Arkansas, Arizona, California, Colorado, Delaware, Florida, Connecticut and Washington, D.C.

The bureau is in the process of contacting the households, located in nine states and the District of Columbia, to offer free credit-monitoring services.

Attribution 1 Publication: Seattlepi.comAuthor: Stephen Ohlemacher, Date Published: 3/7/2007 Article Title: Census Bureau admits privacy breach Article URL: http://seattlepi.nwsource.com/national/1155AP_Census_Data_Mix_up.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070320-04 Los Rios Community College CA 1/1/2007Electronic Educational Yes - 2,000 Published #

A community college student found his name, birth date and SSN when he Goggled himself in February. It tracked back to the Los Rios Community College District database and contained about 2,000 other students. The site has since been taken down. In the case of Los Rios, staff members were testing a new online application system and "just grabbed some files" to upload, said Williams, the college spokeswoman.

Attribution 1 Publication: Sacramento BeeAuthor: Eric Stern and Doroth Date Published: 3/7/2007 Article Title: Google shock for Los Rios Article URL: http://www.sacbee.com/101/story/133870.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070320-03 Johnny's Selected Seeds ME 2/4/2007Electronic Business Yes - 11,500 Published #

A hacker has stolen thousands of private records and credit card numbers from the Johnny's Selected Seeds company, a company official reported. The FBI is investigating. As of March 3, 2007 about 20 credit cards had been used already.

Attribution 1 Publication: Kennebec Journal, Maine TodayAuthor: Doug Harlow Date Published: 3/3/2007 Article Title: Hackers swipe seed company's customers' data Article URL: http://kennebecjournal.mainetoday.com/news/local/3676190.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070320-02 Metropolitan State College of CO 2/28/2007Electronic Educational Yes - 988 Denver (Password) **ITRC does not consider a password adequate protection for breached data. A stolen laptop is a cause of concern for 988 former College of Denver students whose names and SSNs have been put at risk. The stolen computer contained the roster info of students enrolled in one teacher's classes from the beginning of Fall 1999 to the end of Fall 2002. The computer was password protected but the school is still notifying those on the list. Identity Theft Resource Center Report Date: 12/31/2007 Page 119 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: CBS 4 DenverAuthor: Matthew Buettner Date Published: 3/2/2007 Article Title: Metro State Computer With SS Numbers Stolen Article URL: http://cbs4denver.com/consumer/local_story_061205155.html

Attribution 2 Publication: Channel 9 NewsAuthor: Jeffrey Wolf Date Published: 3/2/2007 Article Title: Metro says 988 students at risk of identity theft Article URL: http://www.9news.com/news/article.aspx?storyid=65718

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070320-01 Westerly Hospital RI 1/4/2007Electronic Medical/Healthcare Yes - 2,242 Published #

2,000 patients at Westerly Hospital in Rhode Island had their names, medical records and SSNs posted on a publicly accessible web site. They believe the only patients at risk were those who came in during certain days in January. The site is now down and offline but it is unclear as to how long it was up or how many people viewed it. UPDATE: The hospital has now confirmed the identity of the thief.

Attribution 1 Publication: The DayAuthor: Lee Howard Date Published: 10/11/2007 Article Title: Westerly Hospital Patient Information Released Article URL: http://www.theday.com/re.aspx?re=f4ddecbd-3871-4146-9dc4-01f055ab4429

Attribution 2 Publication: 10 NBCAuthor: staff Date Published: 10/10/2007 Article Title: Hospital In 'Talks' With Firm Tied To Data Breach Article URL: http://www.turnto10.com/northeast/jar/news.apx.-content-articles-JAR-2007-10-10-0007.html

Attribution 3 Publication: Channel 12 Eyewitness newsAuthor: staff Date Published: 3/5/2007 Article Title: Rhode Island Ag to probe hospital security lapse Article URL: http://www.eyewitnessnewstv.com/Global/story.asp?S=6176951

Attribution 4 Publication: Boston GlobeAuthor: staff Date Published: 3/1/2007 Article Title: Records of 2,000 Westerly Hospital patients posted online Article URL: http://www.boston.com/news/local/rhode_island/articles/2007/03/01/records_of_2000_westerly_hospital_patients_p

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070319-10 Gulf Coast Medical Center TX 2/28/2007Electronic Medical/Healthcare Yes - 1,900 (Password) **ITRC does not consider a password adequate protection for breached data. Gulf Coast Medical Center announced that the personal info of about 1900 patients was stolen in November and 8,086 in February, in two separate incidents totaling nearly 10,000 patients. The information was in a computer that went missing in November was stolen from a car in Texas. The more recent theft was in Tallahassee. The computers were password protected and came equipped with a lock to secure the laptop.

Attribution 2 Publication: News 13 on your side- WMBBAuthor: Jennifer Turk Date Published: 2/28/2007 Article Title: Gulf Coast Med. Computer Theft Article URL: http://www.wmbb.com/servlet/Satellite?pagename=WMBB%2FMGArticle%2FMBB_BasicArticle&c=MGArticle&cid=1 Identity Theft Resource Center Report Date: 12/31/2007 Page 120 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Information about former employees was apparently posted on the Internet, including names and SSNs by former Rabun Apparel Inc, a department of Fruit of the Loom which closed last year. The site also included 1500 other former or current Fruit employees from four other plants.

Attribution 1 Publication: CNI News ServiceAuthor: Blake Spurney Date Published: 3/6/2007 Article Title: Fruit of the Loom security probe ongoing Article URL: http://www.thenortheastgeorgian.com/articles/2007/03/06/news/business/01business.txt

Attribution 2 Publication: WBKOAuthor: Sarah Goebel Date Published: 2/28/2007 Article Title: Fruit of the Loom Security Breach Article URL: http://www.wbko.com/news/headlines/6171276.html

Attribution 3 Publication: CNI News ServiceAuthor: Blake Spurney Date Published: 2/23/2007 Article Title: Former Fruit of the Loom workers' identities compromis Article URL: http://www.thenortheastgeorgian.com/articles/2007/02/23/news/business/01business.txt

Attribution 4 Publication: Fruit of Loom press releaseAuthor: Date Published: Article Title: Fruit of the Loom press statement Article URL: http://media.graytvinc.com/documents/frootloombreech.pdf

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070319-08 Speedmark TX 12/15/2006Electronic Business Yes - 0 (Password) **ITRC does not consider a password adequate protection for breached data. Speedmark, a company that employs mystery shoppers, had several computers stolen including one with the names, addresses, email accounts and SSNs of Speedmark employees and contractors. The theft was discovered in December but many shoppers did not receive notification until mid February. Company Scott Hiller said the information was password protected and that the delay in notification was due to the need to reconstruct the database.

Attribution 1 Publication: Consumer Affairs.comAuthor: Martin Bosworth Date Published: 2/22/2007 Article Title: Mysterious Computer Theft Hits Mystery Shopping Company Article URL: http://www.consumeraffairs.com/news04/2007/02/speedmark.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070319-07 Georgia Tech University GA 2/21/2007Electronic Educational Yes - 3,000 Published #

An unauthorized access to a Georgia Tech computer may have compromised about 3,000 current and former employees. The stolen info includes names, addresses, SSN, and other sensitive information including about 400 state purchasing card numbers.

Attribution 1 Publication: Atlanta Business ChronicleAuthor: staff Date Published: 2/21/2007 Article Title: Hackers hit Gerogia Tech and steal personal info Article URL: http://atlanta.bizjournals.com/atlanta/stories/2007/02/19/daily20.html Identity Theft Resource Center Report Date: 12/31/2007 Page 121 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Data thieves tampered with check-out line credit card readers at a chain of stores in Massachusetts called Stop and Shop. Stop & Shop executives investigated and found that the keypads shoppers use to submit PIN-based transactions had been broken into, tampered with, and then reinstalled. The stolen information included customer PINS, credit card and debit card information. http://www.stopandshop.com/about/security_faq.htm?linkid=2

Attribution 1 Publication: Boster Herald Business SectionAuthor: Jesse Noyes Date Published: 2/20/2007 Article Title: Shoppers fearful after Stop & Shop data theft Article URL: http://business.bostonherald.com/businessNews/view.bg?articleid=183859

Attribution 2 Publication: ConsumerAffairs.comAuthor: Martin Bosworth Date Published: 2/19/2007 Article Title: Data Thieves Hit Stop & Shop Article URL: http://www.consumeraffairs.com/news04/2007/02/stop_n_shop.html

Attribution 3 Publication: Author: Date Published: Article Title: From Stop and Shop website Article URL: http://www.stopandshop.com/about/security_faq.htm?linkid=2

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070319-05 Seton Family of Hospitals TX 2/16/2007Electronic Medical/Healthcare Yes - 7,800 (Password) **ITRC does not consider a password adequate protection for breached data. A laptop with 7,800 patient names, SSNs, and birthdays was stolen from the Seton hospital system's information services department on Chevy Chase Dr in North Austin. Update: As of 2/26, the hospital group reported that a security camera taped the thief which is now confirmed as containing SSNs, and insurance program numbers. The data covers patients who sought care since July 1, 2005 and who did not have health insurance. The computer was part of a shared database and is password protected. However, the hospital group is still going to notify affected patients.

Attribution 1 Publication: Information WeekAuthor: Sharon Gaudin Date Published: 2/26/2007 Article Title: Hospital Laptop Stolen; Info On 7,800 Patients At Risk Article URL: http://www.informationweek.com/news/showArticle.jhtml?articleID=197008711

Attribution 2 Publication: American-StatesmanAuthor: Andrea Ball Date Published: 2/19/2007 Article Title: Seton laptop stolen Article URL: http://www.statesman.com/news/content/news/stories/local/02/20/20laptop.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070319-04 Clarksville-Montgomery TN 2/15/2007Electronic Educational Yes - 633 County Schools Published #

633 SSNs of middle and high school staff and faculty have been discovered on the school system's website. Apparently they had been there since June 2006 embedded in file photos given by the company that took yearbook pictures.

Attribution 1 Publication: Leaf ChronicleAuthor: Nate Karlin Date Published: 2/17/2007 Article Title: School system removes employees' personal information from Web site Article URL: http://www.theleafchronicle.com/apps/pbcs.dll/article?AID=/20070219/NEWS01/70219006 Identity Theft Resource Center Report Date: 12/31/2007 Page 122 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Hundreds of state employees names and SSNs were posted on the Internet for more than 3 years according to the state comptroller's office in Connecticut. The information was included in a spreadsheet of vendors used by the state and accessible to the public. According to authorities you had to search by name to find the information. The state's entire employee group was not affected and they are not revealing why these particular individuals ended up on the list.

Attribution 1 Publication: CourantAuthor: Colin Poitras Date Published: 2/17/2007 Article Title: Worker data was on web Article URL: http://www.courant.com/news/politics/hc-stateinfo0217.artfeb17,0,7667978.story?coll=hc-headlines-politics-state

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070319-02 City College of San Francisco CA 2/8/2007Electronic Educational Yes - 11,000 Published #

11,000 past and possibly current students at City College of San Francisco have had their names and SSNs posted on the internet for the last 7 years. A former student discovered the problem when she Goggled her name and discovered her SSN was online and where.

Attribution 1 Publication: ABC local- KGOAuthor: staff Date Published: 2/15/2007 Article Title: 11,000 CCSF Students At Risk For ID Theft Article URL: http://abclocal.go.com/kgo/story?section=local&id=5038107

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070319-01 Iowa Department of Education IA 2/15/2007Electronic Government/Military Yes - 160,000 Published #

Someone hacked into what was supposed to be a protected area of the Iowa Department of Education's website, potentially exposing 160,000 people's records containing SSN, names, birthdays, and addresses. This affects anyone who obtained a GED from Iowa between 1965-2002.

Attribution 1 Publication: Radio IowaAuthor: Darwin Danielson Date Published: 2/15/2007 Article Title: Department of Education records hacked Article URL: http://www.radioiowa.com/gestalt/go.cfm?objectid=C62EC2FD-D6CA-6148-ECA10EFC215AB72D

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070316-12 State of Indiana IN 1/25/2007Electronic Government/Military Yes - 5,600 Published #

Approximately 5600 people and businesses were affected when a hacker obtained thousands of credit card numbers from a state web site. Although numbers are usually encrypted or shortened to the last four digits, the Office of Technology conceded a technical error allowed the full credit card numbers to remain on the system and be viewed by the intruder. Chris Cotterill, director of the site, www.IN.gov, said the hacking occurred in early January but wasn't discovered until Jan. 25. The people whose numbers were exposed included Bureau of Motor Vehicle customers and hunters renewing licenses. Identity Theft Resource Center Report Date: 12/31/2007 Page 123 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: The Journal GazetteAuthor: Niki Kelly Date Published: 2/10/2007 Article Title: Hacker gets state credit card info Article URL: http://www.fortwayne.com/mld/journalgazette/16667910.htm

Attribution 2 Publication: The IndyChannelAuthor: staff Date Published: 2/9/2007 Article Title: Hacker accesses credit card info on state web site Article URL: http://www.theindychannel.com/news/10973406/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070316-11 Kaiser Permanente CA 11/15/2006Electronic Medical/Healthcare Yes - 22,000 Published #

A stolen doctor's laptop has potentially breached 22,000 patients and their private medical information. About 500 of the records also included SSNs.

Attribution 1 Publication: CBS-5Author: Sherry Hu Date Published: 2/14/2007 Article Title: Laptop Stolen With 22,000 Kaiser Patients' Data Article URL: http://cbs5.com/consumer/local_story_045212622.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070316-10 Radford University- Health VA Electronic Educational Yes - 2,400 and Human Services Published #

Local parents have started to receive letters about their young children warning them of a breach of a computer containing SSN and birthdates from Radford University's Waldron School of Health and Human Services. A Radford spokesman said a virus put the information at risk. News Channel 10 found out that all the affected children had been part of "FAMIS": Family Access to Medical Insurance Security.

Attribution 1 Publication: WSLS News Channel 10Author: Denise Eck Date Published: 2/9/2007 Article Title: RU security breach info linked to child health care Article URL: http://www.wsls.com/servlet/Satellite?pagename=WSLS%2FMGArticle%2FSLS_BasicArticle&c=MGArticle&cid=114

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070316-09 East Carolina University NC 1/29/2007Electronic Educational Yes - 65,000 Published #

East Carolina University is notifying about 65,000 students, alumni and staff about a programming error that created files that anyone could view online. The info included names, addresses, SSNs and in some cases credit card numbers. Officials say that it probably was not online for more than a week. At least 21 credit card numbers were viewed, however.

Attribution 1 Publication: WRAL NewsAuthor: Mike Charbonneau an Date Published: 2/9/2007 Article Title: ECU Mistakenly Posts Personal Info Online Article URL: http://www.wral.com/news/local/story/1198897/ Identity Theft Resource Center Report Date: 12/31/2007 Page 124 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

A laptop containing the names, SSNs and birthdays for many of the hospital's patients was stolen recently, potentially 130,000 individuals. The hospital is currently looking into encrypting information on laptops. The laptop has now been locked out of all hospital systems to avoid further exposure. Update: The computer was last seen on Dec. 5th in the emergency care center. It included information dating back to 1989.

Attribution 1 Publication: Baltimore SunAuthor: Dennis O'Brien Date Published: 2/13/2007 Article Title: St. Mary's notifies 130,000, days after Hopkins' notice Article URL: http://www.baltimoresun.com/news/local/bal-te.md.identity13feb13,0,5907611.story?coll=bal-home-headlines

Attribution 2 Publication: Daily TimesAuthor: Associated Press Date Published: 2/13/2007 Article Title: St. Mary's Hospital loses patients' information Article URL: http://www.delmarvanow.com/apps/pbcs.dll/article?AID=/20070213/NEWS01/70213003/1002

Attribution 3 Publication: NBC4Author: staff Date Published: 2/8/2007 Article Title: Laptop Stolen From Hospital Contains Sensitive Information Article URL: http://www.nbc4.com/news/10962978/detail.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070316-07 University of Nebraska NE 2/5/2007Electronic Educational Yes - 72 Published #

A University of Nebraska-Lincoln employee accidentally posted the SSNs of 72 students, professors and staff members on the university's public website where they remained for more they 2 years before discovery. It is the 2nd such security breach at the UNL in the last 12 months.

Attribution 1 Publication: World Herald BureauAuthor: Matthew Hansen Date Published: 2/7/2007 Article Title: Social Security numbers found on UNL web site Article URL: http://www.omaha.com/index.php?u_page=1000&u_sid=2326625

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070316-06 Johns Hopkins Hospital DC 1/18/2007Electronic Medical/Healthcare Yes - 52,000 Published #

Johns Hopkins University and Hospital are reporting the disappearance of nine (9) computer tapes that contained personal information about hospital employees and patients, past and present. The data included SSN, and in some cases, employee bank account numbers. During the investigation, officials learned about the ninth tape- containing less sensitive data of about 83,000 patients seen between July and December 2006. That information included medical record numbers that can be also used for identity theft. They think the tapes were mistakenly left at another stop by a courier or trashed. Update- see second article on St. Mary's Hospital for additional information

Attribution 1 Publication: WMDT WiresAuthor: Associated Press Date Published: 2/7/2007 Article Title: Tapes with data about Hopkins' workers, patients, missing Article URL: http://www.wmdt.com/wires/displaystory.asp?id=58386284 Identity Theft Resource Center Report Date: 12/31/2007 Page 125 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

500 people who worked at 13 Capital Region had their information stolen from a laptop in a state tax auditor's apartment. The computer had little personal information on it according to spokesman Robert Lillpop and had security features that "should lessen the chance of it being accessed." However, the involved people are being advised to take steps to monitor their credit lines. There were also documents that had information on them which puts people at greater risk

Attribution 1 Publication: PostStarAuthor: Don Lehman Date Published: 1/6/2007 Article Title: Burglary lead to Id theft concerns Article URL: http://poststar.com/articles/2007/02/06/news/doc45c8abf57b7ae609243186.txt

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070316-04 CTS Tax Service MI 2/2/2007Electronic Business Yes - 800 Published #

A computer with personal tax information of about 800 people, including SSNs, bank account information and other identifying information, was stolen from a Cassopolis tax preparer, the owner of CTS tax service. It appeared the computer was the target of the break-in since money and checks were not taken.

Attribution 1 Publication: wndu TV news, South Bend IndianaAuthor: Kari Huston Date Published: 2/3/2007 Article Title: Thief steals tax records for identity fraud Article URL: http://www.wndu.com/news/headlines/5530966.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070316-03 Department of Veterans AL 1/22/2007Electronic Government/Military Yes - 2,000,000 Affairs Published #

The Department of Veterans Affairs release announced that an employee reported an external portable hard drive used at VA facility in the Birmingham VA Medical Center was missing. The hard drive is used to back up information that included the personal identifying information on vets. An investigation is underway by the VA's IG, OIG and FBI. Update: The latest count now is: 535,000 VA patients and nearly all non-VA US physicians, living and deceased, who billed Medicaid and Medicare (about 1.3 million). The use of their physician id numbers could be used to commit fraud. “One thing that is clear is that the information was not encrypted, although that is supposed to be the VA’s policy since last year,” said a House aide. “There have been a lot of problems, particularly in medical situations, in encrypting files so that they cannot be accessed.”

Attribution 1 Publication: Gov Exec.comAuthor: Daniel Pulliam Date Published: 2/12/2007 Article Title: VA loses sensitive information on 1.3 million doctors Article URL: http://www.govexec.com/dailyfed/0207/021207p1.htm

Attribution 2 Publication: Navy TimesAuthor: Rick Maze Date Published: 2/12/2007 Article Title: Lost VA data could be exploited by criminals Article URL: http://www.navytimes.com/news/2007/02/TNSvadataloss070212/

Attribution 3 Publication: Media General News ServiceAuthor: James Crawley Date Published: 2/2/2007 Article Title: Misssing Veterans Affairs hard drive sparks identity theft fears Article URL: http://www.wsls.com/servlet/Satellite?pagename=WSLS%2FMGArticle%2FSLS_BasicArticle&c=MGArticle&cid=114 Identity Theft Resource Center Report Date: 12/31/2007 Page 126 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

The New York Department of State has frozen parts of its website that lists commercial records that identity thieves could use to access SSN of some New Yorkers. The Associated Press alerted officials to the problem. The web site had posted commercial loan documents including SSNs that could be viewed with a simple name search. It is unclear how long the information was on the site.

Attribution 1 Publication: WCBS TVAuthor: Associated Press Date Published: 2/2/2007 Article Title: Quick thinking prevents massive id theft heist Article URL: http://wcbstv.com/topstories/local_story_033212750.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070316-01 University of Missouri MO 1/16/2007Electronic Educational Yes - 2,500 Published #

A hacker broke into the University of Missouri's Research Board Grant Application System and gained access to the SSNs of at least 1,220 researchers. The passwords for more than 2,500 people may well have been compromised, according to a college spokesperson, which could lead to exposure of information.

Attribution 1 Publication: Columbia TribuneAuthor: Terry Ganey Date Published: 2/2/2007 Article Title: Hacker hits MU database Article URL: http://www.columbiatribune.com/2007/Feb/20070202News009.asp

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070312-02 Wisconsin Legislative staff WI 1/31/2007Electronic Government/Military Yes - 150 Published #

SSNs and other information of state representatives and their employees have been put at risk when a state legislative HR worker's laptop was stolen from her car at a health club. The health club locker was broken into and her car keys were taken according to a State Senate clerk.

Attribution 1 Publication: Daily CardinalAuthor: Ashley Spencer Date Published: 2/4/2007 Article Title: 150 lawmakers fall victim to identity theft, call for audit Article URL: http://www.dailycardinal.com/news/150-lawmakers-fall-victim-to-identity-theft,-call-for-audit.html

Attribution 2 Publication: Channel 3000Author: staff Date Published: 2/3/2007 Article Title: Thief steals lawmakers' social security numbers - updates Article URL: http://www.channel3000.com/politics/10912171/detail.html

Attribution 3 Publication: Channel 3000Author: Associated Press Date Published: 2/2/2007 Article Title: Thief takes lawmakers' Social Security numbers Article URL: http://www.channel3000.com/politics/10912171/detail.html Identity Theft Resource Center Report Date: 12/31/2007 Page 127 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details. Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070312-01 Massachusetts Dept of MA 2/1/2007Electronic Government/Military Yes - 1,200 Industrial Accidents Published #

A former state contractor allegedly accessed a workers' comp database to steal personal information including SSN the department announced today. The worker has been arrested and charged with identity fraud.

Attribution 1 Publication: Boston GlobeAuthor: Associated Press Date Published: 2/1/2007 Article Title: Workers comp data stolen Article URL: http://www.boston.com/business/ticker/2007/02/workers_comp_da.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070309-11 Vermont Agency of Human VT 1/27/2007Electronic Government/Military Yes - 70,000 Services Published #

A state computer with names, SSNs and bank information for about 70,000 Vermonters was hacked into via an automated computer attack according to the state. The computer was used to track noncustodial parents who owe back child support. The rest of the names were supplied to the state by the New England Federal Credit Union which shares customer info with the understanding that only data on child support debtors would be used.

UPDATE: a Microsoft security patch was downloaded on the computer but not installed according to an internal state report. The patches were released in August 2006.

Attribution 1 Publication: New York Times, Boston GlobeAuthor: David Gram, Assoc P Date Published: 1/30/2007 Article Title: State was warned of potential computer security breach Article URL: http://www.boston.com/news/local/vermont/articles/2007/01/30/state_was_warned_of_potential_computer_security

Attribution 2 Publication: Free PressAuthor: Dan McLean Date Published: 1/30/2007 Article Title: State computer server compromised Article URL: http://www.burlingtonfreepress.com/apps/pbcs.dll/article?AID=/20070130/NEWS01/701300315/1009/NEWS05

Attribution 3 Publication: WCAX- TV 3Author: Associated Press Date Published: 1/27/2007 Article Title: State Computer hacked, thousands at risk Article URL: http://www.wcax.com/Global/story.asp?S=6006557&nav=4QcS

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070309-10 Salina Regional Health Center KS 1/25/2007Electronic Medical/Healthcare Yes - 1,100 (Password) **ITRC does not consider a password adequate protection for breached data. A laptop containing the names, SSNs and medical histories of up to 1100 patients is missing and assumed stolen along with a docking station, printer, and other computer equipment from Veridian Behavioral Health. Beth Vinson, the marketing supervisor, said that at the time of the theft the laptop was off and the patient information is double password protected.

Attribution 1 Publication: Wichita EagleAuthor: Associated Press Date Published: 1/29/2007 Article Title: Patient's personal information threatened with computer theft Article URL: http://www.kansas.com/mld/kansas/news/state/16572693.htm

Attribution 2 Publication: Salina JournalAuthor: David Clouston Date Published: 1/28/2007 Article Title: Patients' personal information threatened with computer theft Article URL: http://www.saljournal.com/?module=displaystory&story_id=9386&format=html Identity Theft Resource Center Report Date: 12/31/2007 Page 128 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

Attribution 1 Publication: Journal-Gazette, Times-CourierAuthor: staff Date Published: 1/26/2007 Article Title: EIU computer, IDs stolen Article URL: http://www.jg-tc.com/articles/2007/01/28/news/news001.txt

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070309-08 Anthem Blue Cross/Blue VA 1/27/2007Electronic Medical/Healthcare Yes - 50,000 Shield Published #

Anthem Blue Cross Blue Shield said that 50,000 Virginia customers' information was stolen including names and SSN when cassette tapes, in a lock box, was stolen.

Attribution 1 Publication: Eastern ProgressAuthor: Jenna Mink Date Published: 3/1/2007 Article Title: Eastern professor hit by identity theft Article URL: http://media.www.easternprogress.com/media/storage/paper419/news/2007/03/01/News/Eastern.Professor.Hit.By.Id

Attribution 2 Publication: WSLS News Channel 10Author: Date Published: 1/26/2007 Article Title: Anthem Blue Cross Blue Shield customer information stolen Article URL: http://www.wsls.com/servlet/Satellite?pagename=WSLS%2FMGArticle%2FSLS_BasicArticle&c=MGArticle&cid=114

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070309-07 Vanguard University CA 1/16/2007Electronic Educational Yes - 5,105 Published #

Two computers stolen from Vanguard University earlier in January have put more than 5,000 financial aid applicants at risk. On Jan. 16, school employees discovered the theft from the school's financial aid office. The data included names, dates of birth, phone numbers, driver license numbers, SSNs, and list of assets.

Attribution 1 Publication: Orange County RegisterAuthor: Kimberly Edds Date Published: 1/26/2007 Article Title: Computer taken from Costa Mesa's Vanguard University- School theft imperils data Article URL: http://www.ocregister.com/ocregister/homepage/abox/article_1556073.php

Attribution 2 Publication: Daily PilotAuthor: Michael Alexander Date Published: 1/26/2007 Article Title: Computers stolen from college financial aid office Article URL: http://www.dailypilot.com/articles/2007/01/26/front/doc45ba618886459435458713.txt Identity Theft Resource Center Report Date: 12/31/2007 Page 129 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details. Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070309-06 Indiana Department of IN 2/4/2006Electronic Government/Military Yes - 4,000 Transportation Published #

The names and SSN of about 4,000 employees of the Indiana Dept. of Transportation were posted on an internal network computer drive according to a letter sent to workers. The files were available to any employee with computer access and could be viewed by some third-party contractors as well. The file was posted on the drive between Sept 6- Dec 4, 2006 but employees have just been advised of the problem.

Attribution 1 Publication: Fort Wayne News SentinelAuthor: Mike Smith- Associat Date Published: 1/26/2007 Article Title: INDOT employee info posted on internal computer drive Article URL: http://www.fortwayne.com/mld/newssentinel/16554895.htm

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070309-05 Wahiawa Women, Infants HI 1/1/2007Electronic Government/Military Yes - 11,500 and Children Program Published #

The Wahiawa WIC office is notifying up to 11,500 current and former clients of the program following the discovery of an identity theft case. At least 3 families have reported illegal use of information and 2 more are being investigated. The Dept. of Health has put an employee of this WIC office on leave during the investigation. In the future they plan to use client numbers instead of SSNs. The investigation started in mid to late December but the director of the Health Dept was not notified until Jan. 12th. Letters have just been sent out.

Attribution 1 Publication: Honolulu AdvertiserAuthor: Mary Vorsino Date Published: 1/26/2007 Article Title: Welfare families' data stolen, state reveals Article URL: http://www.honoluluadvertiser.com/apps/pbcs.dll/article?AID=/20070126/NEWS15/701260357/1001/NEWS

Attribution 2 Publication: The Honolulu AdvertiserAuthor: Date Published: 1/25/2007 Article Title: State employee investigated in ID theft case Article URL: http://the.honoluluadvertiser.com/article/2007/Jan/25/br/br0713982546.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070309-04 Ohio Board of Nursing OH 1/12/2007Electronic Government/Military Yes - 3,031 Published #

The names and SSN of 3,031 newly licenses nursed were posted online twice during November 2006 and January 2007 according to Betsy Hochen, the board's executive director. A nurse found the list on the agency's website.

Attribution 1 Publication: Columbus DispatchAuthor: Suzanne Hoholik Date Published: 1/25/2007 Article Title: Error puts nurses' personal data online Article URL: http://www.columbusdispatch.com/news-story.php?story=dispatch/2007/01/25/20070125-D1-05.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070309-03 Rutgers-Newark University NJ 9/5/2006Electronic Educational Yes - 200 Published #

An associate professor of political science reported her laptop stolen to Rutgers police on Sept. 5, 2006. It contained the SSN of 200 R-N students. It was removed from a locked office. The professor seemed more worried about her lost computer, teaching material and letters of recommendation than the student information. Identity Theft Resource Center Report Date: 12/31/2007 Page 130 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: The Observer- campus newspaperAuthor: Helen Schamrai Date Published: 1/24/2007 Article Title: Stolen PC had students SSNs Article URL: http://media.www.rutgersobserver.com/media/storage/paper822/news/2007/01/23/News/Stolen.Pc.Had.Student.Ssn

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070309-02 Clay High School OR 1/12/2007Electronic Educational Yes - 0 Unknown #

A Clay High School student transferred confidential district-wide student and staff information by transferring the information to a portable 30 GB storage device. It has been confiscated and letters about the breach have been sent out to the community. The information included names, birthdays, SSN and info on the faculty and staff

Attribution 1 Publication: Author: Autumn Lee Date Published: 1/22/2007 Article Title: Clay High School student hacks into Oregon schools data Article URL: http://www.toledofreepress.com/?id=4718

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070309-01 National Guard CA 2/23/2007Electronic Government/Military Yes - 2,000 Published #

2000 California National Guardsmen who have served as part of the US-Mexico border patrol task force had their personal info stolen when a hard drive was stolen from a locked closet inaccessible to civilians. Agents from the Guard's Criminal Investigative Division think a soldier took it.

Attribution 1 Publication: Associated PressAuthor: Associated Press Date Published: 3/9/2007 Article Title: Data on Border Soldiers Stolen Article URL: http://www.tuscaloosanews.com/article/20070309/APA/703092833

Attribution 2 Publication: San Diego Union Tribune- Public Safety Author: Steve Liewer- Crime Date Published: 3/7/2007 Article Title: Soldiers' personal info missing Article URL: http://weblog.signonsandiego.com/news/breaking/2007/03/soldiers_personal_info_missing.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070308-08 Xerox OR 8/23/2006Electronic Business Yes - 297 Published #

Last August a computer containing employees personal info was stolen from a HR manager's car. Letters were sent out 4 months later! “One person had multiple cell phone accounts taken out in his name a month and a half after the theft,” said Brian Wood, Xerox employee.

Attribution 1 Publication: KGW news- News 8Author: staff Date Published: 1/23/2007 Article Title: Xerox employees fear id theft after laptop stolen Article URL: http://www.kgw.com/news-local/stories/kgw_012207_news_xerox_theft.cde8339.html Identity Theft Resource Center Report Date: 12/31/2007 Page 131 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details. Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070308-07 Chicago Board of Elections IL 1/22/2007Electronic Government/Military Yes - 1,300,000 Published #

About 100 computer discs with 1.3 million Chicago voters' Social Security numbers have been distributed to aldermen and ward committeemen, and the whereabouts of at least an additional six CDs with the same information are unknown, according to the Chicago Board of Elections. The discs also contain birthdates and addresses. This is the second security lapse- in Oct 2006 voter's information was posted on the board's web site. The CDs actually contain 2.2 million active and inactive voters but only 1.3 million of them included the SSN. UPDATE- a class action lawsuit started by 43d Ward alderman candidate Peter Zelchenko who discovered the breach, has been filed.

Attribution 1 Publication: Chicago Sun TimesAuthor: Art Golab Date Published: 1/22/2007 Article Title: City loses voters' vital info Article URL: http://www.suntimes.com/news/politics/222892,CST-NWS-data22.article

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070308-06 IRS- Kansas City Gvt MO 1/19/2007Electronic Government/Military None - 0 Other Protection 26 IRS computer tapes containing taxpayer info "went missing" after they were delivered to City Hall months ago. It is uncertain what the tapes included but they might include: names, SSNs and bank account info as well as employer information. The tapes require special equipment to read and software that is not commonly used, so the average person could not access the information, said Assistant City Manager Rich Noll. The IRS knows what was on the tape but is keeping that information confidential. According to city spokeswoman Mary Charles, there is no documentation to show that the tapes ever reached the Finance Dept, the final destination.

Attribution 1 Publication: Kansas City StarAuthor: Lynn Horsley Date Published: 1/19/2007 Article Title: 26 IRS tapes missing from city hall Article URL: http://www.kansascity.com/mld/kansascity/16493570.htm

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070308-05 KB Home SC 1/12/2007Electronic Business Yes - 2,700 Published #

Thousands of KB Home customers are being warned of the risk of identity theft after one of the home builder’s computers was stolen from a Charleston sales office. The company sent letters to 2,700 people Friday advising them to put a fraud alert on their credit reports and to monitor their credit for the next couple of years. The stolen computer likely had names, addresses and Social Security numbers only of people who had visited the sales office for Foxbank Plantation, a new home community in Berkeley County near Charleston

Attribution 1 Publication: The StateAuthor: Kristy Rupon Date Published: 1/18/2007 Article Title: KB Home warns of id theft risk Article URL: http://www.thestate.com/mld/thestate/business/16485189.htm Identity Theft Resource Center Report Date: 12/31/2007 Page 132 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

A criminal investigation by the FBI, the Dallas Police Computer Crimes Squad and other local law enforcement agencies is being conducted after an attempted attack on the UTD network was identified Dec. 10. The personal information of 6,000 applicants, students, faculty and staff might have been exposed through a weakness in the network. Names, Social Security numbers, addresses, email addresses and telephone numbers may have been compromised. Update as of 1/19- number now at 35,000

Attribution 1 Publication: Pegasus News WireAuthor: staff Date Published: 1/19/2007 Article Title: UT Dallas computer security breach potentially exposed 35,000 Article URL: http://www.pegasusnews.com/news/2007/jan/19/ut-dallas-computer-security-breach-potentially-exp/

Attribution 2 Publication: Univ of Texas Dallas student paper- MeAuthor: James Kosterman Date Published: 1/15/2007 Article Title: Network breach under FBI scrutiny Article URL: http://media.www.utdmercury.com/media/storage/paper691/news/2007/01/15/TopStories/Network.Breach.Under.Fbi.

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070308-02 TJX US 12/20/2006Electronic Business Yes - 94,000,000 Published #

TJX Cos reporter that intruders broke into computers sometime in mid December and stolen an unknown amount of customer data including credit card, debit card, check and merchandise return transactions for TJ Maxx, Marshalls, HomeGoods and AJ Wright stores in the US. TJX's Bob's Stores and TK MAX stores are also involved. In addition, Bruce Spitzer, a spokesman for the Massachusetts Bankers Association, said at least eight banks have been affected by a similar breach of information, related to debit cards they issued. Sources since the breach have reported significantly higher affected record numbers. UPDATE: The intruder may have started as early as 2003. UPDATE- multi-state probe being led by Massachusetts AG. UPDATE- Banks have reported card usage. UPDATE: FTC investigating breach; may have exposed millions of customers. March 29, 2007- Update- number of affected consumers revealed in a filing with the SEC- 45.7 million customer records. TJX also reported in the filing that another 455,000 customers who returned merchandise without receipts had their personal data stolen, including drivers' license numbers. (45.7+455k= 46,155,000) Update - according to Newsday (3/29/07), 10 people of been arrested. They bought data from the hackers, purchased gift cards and then used them to buy $1 million worth of electronics and jewelry. Update: 12/5/07 Actual number of records may be 47.5 million Update: articles 12 and 13- a settlement has been reached based on info from VISA and Mastercard. Total records updated to 94 million.

Attribution 1 Publication: ReutersAuthor: staff Date Published: 12/20/2007 Article Title: UPDATE 1-TJX, Visa account holders in agreement over breach Article URL: http://www.reuters.com/article/rbssConsumerGoodsAndRetailNews/idUSN2021626320071220

Attribution 2 Publication: Search SecurityAuthor: Search Security staff Date Published: 12/13/2007 Article Title: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1286055,00.html Article URL: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1286055,00.html

Attribution 3 Publication: Boston GlobeAuthor: Ross Kerber Date Published: 12/7/2007 Article Title: TJX subpoenas documents from MasterCard on breach Article URL: http://www.boston.com/business/globe/articles/2007/12/07/tjx_subpoenas_documents_from_mastercard_on_breac

Attribution 4 Publication: Internet NewsAuthor: Andy Patrizio Date Published: 12/5/2007 Article Title: How TJX Became a Lesson In Proper Security Article URL: http://www.internetnews.com/ent-news/article.php/3714611

Attribution 5 Publication: Boston GlobeAuthor: Ross Kerber Date Published: 10/24/2007 Article Title: Court filing in TJX breach doubles toll-94 million accounts were affected, banks say Article URL: http://www.boston.com/business/globe/articles/2007/10/24/court_filing_in_tjx_breach_doubles_toll/?page=1 Identity Theft Resource Center Report Date: 12/31/2007 Page 133 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 6 Publication: Newsday.comAuthor: Mark Jewell- AP Busi Date Published: 3/29/2007 Article Title: Data theft believed to be biggest hack Article URL: http://www.newsday.com/technology/ats-ap_technology19mar29,0,7075863.story?coll=ny-technology-headlines

Attribution 7 Publication: CNET NewsAuthor: Dawn Kawamoto Date Published: 3/29/2007 Article Title: TJX says 45.7 million customer records were compromised Article URL: http://news.com.com/TJX+says+45.7+million+customer+records+were+compromised/2100-1029_3-6171671.html

Attribution 8 Publication: Boston GlobeAuthor: Jenn Abelson Date Published: 3/28/2007 Article Title: TJX breach involved 45.7m cards, company reports Article URL: http://www.boston.com/business/ticker/2007/03/tjx_breach_invo.html

Attribution 9 Publication: Search Security.comAuthor: Staff Date Published: 3/13/2007 Article Title: TJX data breach faces FTC probe Article URL: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1247204,00.html

Attribution 10 Publication: Boston Globe via Asoociated PressAuthor: Mark Jewell- Assoc Pr Date Published: 2/7/2007 Article Title: Massachusetts leads multi-state probe into TJX breach Article URL:

Attribution 11 Publication: New York Times via Your Hampton RoaAuthor: Date Published: 1/20/2007 Article Title: TJ Maxx Credit Card Customers' Information Hacked Article URL: http://www.wtkr.com/Global/story.asp?S=5956623&nav=ZolHbyvj

Attribution 12 Publication: ComputerworldAuthor: Jaikumar Vijayan Date Published: 1/17/2007 Article Title: Retail branch may have exposed card data in four countries Article URL: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9008418&intsrc=hm_list

Attribution 13 Publication: Boston GlobeAuthor: Ross Kerber Date Published: 1/17/2007 Article Title: Intruders stole customer data Article URL: http://www.boston.com/business/ticker/2007/01/tjx_intruders_s.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070308-01 Rincon del Diablo Municipal CA 1/16/2007Electronic Government/Military Yes - 500 Water District Published #

The names and credit card numbers of about 500 customers of the Rincon del Diablo Municipal Water District in northern San Diego were stolen in a break-in of the district offices on North Iris Lane. Two computers were stolen, one from customer services and the other from engineering according to the interim general manager. SSNs were not on the databases.

Attribution 1 Publication: San Diego Union TribuneAuthor: Linda Lou Date Published: 1/17/2007 Article Title: Customer data stolen from water district Article URL: http://www.signonsandiego.com/news/northcounty/20070117-9999-1mi17rincon.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070306-02 University of New Mexico NM 1/2/2007Electronic Educational Yes - 0 Unknown #

Between Jan 2 and 3, three computers were stolen from the associate provost's office according to Lt. Pat Davis, UNM Police spokesman. The computers may have contained faculty names and SSNs. Warnings have been sent to all faculty members. Identity Theft Resource Center Report Date: 12/31/2007 Page 134 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Daily Lobo- school paperAuthor: Jeremy Hunt Date Published: 1/16/2007 Article Title: Personal info may be at risk after burglary- campus computers stolen over break Article URL: http://media.www.dailylobo.com/media/storage/paper344/news/2007/01/16/News/Personal.Info.May.Be.At.Risk.After.

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070306-01 NC Department of Revenue NC 12/20/2006Electronic Government/Military Yes - 30,000 Published #

A laptop containing files on 30,000 taxpayers was stolen from a car of an employee while attending a meeting at a hotel according to a letter sent by the Revenue Department on January 10th. It contained data including SSNs, employer identification numbers and tax debt owed to the state. Department officials said the computer contained security features (unknown as to type) but are examining additional software safeguards.

Attribution 1 Publication: Charlotte ObserverAuthor: Mark Johson Date Published: 1/13/2007 Article Title: Laptop theft puts residents at risk Article URL: http://www.charlotte.com/mld/charlotte/16451423.htm

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070305-06 Money Gram International US 12/12/2006Electronic Banking/Credit/Financial Yes - 79,000 Published #

MoneyGram, a global payment service provider, announced that a company server with consumer information for about 79,000 bill payment customers was accessed over the Internet last month. The information did not include SSN but in some cases did include bank account information.

Attribution 1 Publication: Business Week via Assoc PressAuthor: Date Published: 1/12/2007 Article Title: MoneyGram says consumer info accessed Article URL: http://www.businessweek.com/ap/financialnews/D8MJSR0O1.htm

Attribution 2 Publication: ReutersAuthor: staff Date Published: 1/12/2007 Article Title: MoneyGRam Security Breach Affects 79,000 Customers Article URL: http://today.reuters.co.uk/news/articlenews.aspx?type=bankingFinancial&storyid=2007-01-12T230125Z_01_N122762

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070305-05 University of Idaho-1 ID 11/25/2006Electronic Educational Yes - 331,000 Published #

Three desktop computers disappeared from the University of Idaho's Advancement Services office containing personal data of alumni, donors, employees and students. While an internal investigation shows that as many as 70,000 SSNs, names and addresses may have been on the hard drive, the school is notifying 331,000 people who may have been exposed. The computers "went missing" over Thanksgiving. Police asked the school to delay notice for investigative purposes.

Attribution 1 Publication: KTVB - Idaho NewsAuthor: staff Date Published: 1/11/2007 Article Title: Stolen UI Computers contain personal data for 70,000 Article URL: http://www.ktvb.com/news/localnews/stories/ktvbn-jan1107-stolen_data.2df71504.html Identity Theft Resource Center Report Date: 12/31/2007 Page 135 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details. Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070305-04 Altria/United Tech/Towers NY 12/7/2006Electronic Banking/Credit/Financial Yes - 0 Perrin/ Prudential Financial Unknown #

Five laptops containing data about tens of thousands of retirement-plan participants at multiple companies were reported stolen by Towers Perrin. The NY City police made an arrest on Dec. 28 but the computers were never recovered. Others said that the laptops were stolen on Nov. 27th and not on the date they were reported missing

Attribution 1 Publication: Post-Standard, SyracuseAuthor: Charley Hannagan Date Published: 1/11/2007 Article Title: Carrier retireee's info at risk after theft Article URL: http://www.syracuse.com/business/poststandard/index.ssf?/base/business-7/1168509951278640.xml&coll=1

Attribution 2 Publication: Times DispatchAuthor: Chip Jones Date Published: 1/11/2007 Article Title: Arrest made in Altria laptop case (Towers Perrin) Article URL: http://www.timesdispatch.com/servlet/Satellite?pagename=RTD/MGArticle/RTD_BasicArticle&c=MGArticle&cid=114

Attribution 3 Publication: Wall Street JournalAuthor: Date Published: 1/9/2007 Article Title: Towers Perrin Laptops, Client Data Stolen Article URL:

Attribution 4 Publication: Wall Street Journal onlineAuthor: Theo Francis Date Published: 1/8/2007 Article Title: Towers Perrin Laptops, Client Data Stolen Article URL: http://online.wsj.com/google_login.html?url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB11682961193587067

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070305-03 University of Notre Dame IN 12/24/2006Electronic Educational Yes - 0 (Password) **ITRC does not consider a password adequate protection for breached data. Notre Dame employees received a letter on January 2nd stating that a computer storing SSN and salary information had been stolen before Christmas. Sgt. Dominic Zultanski of the South Bend Police Dept is investigating and the letter points out the computer is password protected.

Attribution 1 Publication: wndu - South BendAuthor: Stephanie Stang Date Published: 1/8/2007 Article Title: Notre Dame Security Breach Article URL: http://www.wndu.com/news/headlines/5123266.html

Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070305-02 Johnston County Firemen NC 1/1/2007Electronic Government/Military Yes - 0 (Password) **ITRC does not consider a password adequate protection for breached data. A laptop stolen from Selma's Water Treatment Plant has endangered the SSNs of Selma's volunteer firefighters. The volunteer chief is also the water superintendent, which is why it was there. According to Fire Chief Joe Price, the computer is password protected but the No. Carolina Attorney General says the firemen should be concerned about identity theft.

Attribution 1 Publication: rdu news 14, cnn.com, Time WarnerAuthor: Heather Moore Date Published: 1/4/2007 Article Title: Stolen Laptop Contains Firemen's SSNs Article URL: http://rdu.news14.com/content/headlines/Default.asp?ArID=97605&SecID=2& Identity Theft Resource Center Report Date: 12/31/2007 Page 136 of 136 2007 Breach List: Breaches:446 Exposed: 127,717,24

How is this report produced? What are the rules? See last page of report for details. Records Exposed # of ITRC Breach ID Company or Agency Location Est. Date Breach Type Breach Category Exposed? Records Rptd ITRC20070305-01 Academic Magnet High SC 12/25/2006Electronic Educational None - 0 School Encrypted Data This is the 3rd time someone has stolen computers from this the same school: Nov. 17, Nov. 30th and over the holidays. The computer contains personal info about students but school rep Jerry Adams said the computers are password-protected and encrypted.

Attribution 1 Publication: WCBD-TV, NBC affiliate -Charleston SCAuthor: Tara Lynn Date Published: 1/3/2007 Article Title: Third Case of Computer Theft at High School Article URL: http://www.wcbd.com/midatlantic/cbd/news.apx.-content-articles-CBD-2007-01-03-0015.html

2007 Breaches Identified by the ITRC as of: 12/31/2007 Total Breaches: 446 Records Exposed: 127,717,243

The ITRC Breach database is updated on a daily basis, and published to our website on each Tuesday. These reports only cover breachs that occurred in 2007, or became public in 2007, but were not public in 2006. Each item must be previously published by a solid media source, such as TV, radio, press, etc. The item will not be included at all if ITRC is not certain that the source is real and credible. We include in each item a link or source of the article, and the information presented by that article. Many times, we have attributions from a multitude of media sources and media outlets. ITRC sticks to the facts as reported, and does not add or subtract from the previously published information. When the number of exposed records is not reported, we note that fact. When records are encrypted, we state that we do not (at this time) consider that to be a data exposure. The ITRC Breach Report presents individual information about data exposure events and running totals for the year. The ITRC Breach Stats Report develops some statistics based upon the type of entity involved in the data exposure.

This project was supported by Grant No. 2007-VF-GX-K038 awarded by the Office for Victims of Crime, Office of Justice Programs, U.S. Department of Justice. Points of view in this document are those of the ITRC and do not necessarily represent the official position or policies of the U.S. Department of Justice.