Use our reverse-chronological list to find the data breach of interest. Note: this list provides resources and information related to data breaches associated with information stored in/accessed from databases. There are links at the end of each data breach to bring you back to the top of the page.

• Citibank (New York City, NY) (6/19/2008)
• 1st Source Bank (South Bend, IN) (6/10/2008)
• Oregon State University (Corvallis, OR) (6/3/2008)
• Walter Reed Army Medical Center (Washington, DC) (6/2/2008)
• Pocono Mountain School District (Swiftwater, PA) (5/31/2008)
• University of California at San Francisco (San Francisco, CA) (5/28/2008)
• LPL Financial (Boston, MA) (5/20/2008)
• Downingtown Area School District (Downingtown, PA) (5/16/2008)
• Oklahoma State University (Stillwater, OK) (5/14/2008)
• University of Colorado (Boulder, CO) (4/25/2008)
• Baltimore Highway Administration (Baltimore, MD) (4/25/2008)
• WiseBuys Stores, Inc. (Canton, NY) (4/25/2008)
• Fishback Financial Corp. (Brookings, SD) (4/22/2008)
• LendingTree, LLC (Charlotte, NC) (4/21/2008)
• University of Massachusetts (Amherst, MA) (4/18/2008)
• Swimwear Boutique (Blanco, TX) (4/16/2008)
• Stryker Corporation (Kalamazoo, MI) (4/17/2008)
• First Federal Bank of California (Los Angeles, CA) /
  Fiserv, Inc. (Brookfield, WI) (4/15/2008)
• Williamsville Central School District (Williamsville, NY) (4/12/2008)
• New York Presbyterian Hospital /
  Weill Cornell Medical Center (New York, NY) (4/11/2008)
• Joliet West High School (Joliet, IL) (4/1/2008)
• Okemo Mountain Resort (Ludlow, VT) (3/31/2008)
• Advance Auto Parts, Inc. (Roanoke, VA) (3/31/2008)
• Illinois Eye Center (Peoria, IL) (3/28/2008)
• Antioch University (Yellow Springs, OH) (3/28/2008)
• Broward County Public Schools (Coconut Creek, FL) (3/26/2008)
• Western Carolina University (Cullowhee, NC) (3/22/2008)
• U.S. Department of State (3/22/2008)
• Wolters Kluwer (New Hampshire) (3/22/2008)
• Lasell College (Newton, MA) (3/20/2008)
• The Dental Network (New Hampshire) (3/19/2008)
• Hannaford (Portland, ME) (3/17/2008)
• Utah Division of Finance (Salt Lake City, UT) (3/15/2008)
• Harvard University (Cambridge, MA) (3/12/2008)
• MTV Networks (Los Angeles, CA) (3/8/2008)
• Tenet Healthcare Corporation (Dallas, TX) (2/14/2008)
• Davidson Companies (Great Falls, MT) (1/30/2008)
• OmniAmerican Bank (Fort Worth, TX) (1/24/2008)
• Baylor University (Waco, TX) (1/23/2008)
• California State University, Stanislaus (Turlock, CA) (1/12/2008)
• University of Georgia (Athens, GA) (1/8/2008)
• Geeks.com (Oceanside, CA) (1/7/2008)
• Robotics Industries Association (Ann Arbor, MI) (1/3/2008)
• Franklin County Municipal Court (Columbus, OH) (12/21/2007)
• KimsCrafts (Topsham, ME) (12/14/2007)
• Dixie State College (St George, UT) (10/23/2007)
• Bates College (Lewiston, ME) (10/23/2007)
• Montana State University (Bozeman, MT) (10/13/2007)
• Pembroke Schools (Pembroke, MA) (10/9/2007)
• The Nature Conservancy (10/2/2007)
• TD Ameritrade Holding Corp. (Omaha, NE) (9/14/2007)
• University of South Carolina (Columbia, SC) (9/6/2007)
• Monster.com (8/23/2007)
• Sky Lakes Medical Center / Verus Inc. (Klamath Falls, OR.) (8/15/2007)
• Wabash Valley Correctional Facility (Indianapolis, IN) (8/3/2007)
• City Harvest (New York, NY) (7/27/2007)
• Fox News (7/23/2007)
• University of Michigan (7/21/2007)
• Western Union (7/17/2007)
• University of California, Davis (6/27/2007)
• University of Iowa (6/8/2007)
• University of Virginia (6/8/2007)
• University of Colorado, Boulder (5/22/2007)
• Illinois Dept of Financial and Professional Regulation (5/19/2007)
• Goshen College (5/12/2007)
• University of Missouri (5/8/2007)
• Georgia Institute of Technology (2/21/2007)
• Iowa Dept. of Education (2/14/2007)
• Radford University, Waldron School of Health and Human Services (2/9/2007)
• University of Missouri, Research Board Grant Application System (2/2/2007)
• TJ Stores (TJX) (1/17/2007)

Citibank (New York City, NY)

Description of Data Breach - A Citibank server that processes ATM withdrawals at 7-Eleven convenience stores had been breached. The computer intrusion into the Citibank server led to two Brooklyn men making hundreds of fraudeulent withdrawals from New York City cash machines, pocketing at least $750,000 in cash.

Return To The Top

1st Source Bank (South Bend, IN)

Description of Data Breach - 1st Source Bank is reissuing its entire portfolio of debit cards after a hacker or hackers broke into a bank server containing debit card data. No fraud has been discovered as a result of the intrusion.

• More Information:
  Digital Transactions News
  The Journal Gazette
  

Return To The Top

Oregon State University (Corvallis, OR)

Description of Data Breach - The Oregon State Police are investigating the theft of personal information from online customers of the OSU Bookstore who used credit cards to purchase items. Officials say credit card scanners may have defrauded online customers of the school's bookstore.

• More Information:
  KVAL Channel 13 News
  

Return To The Top

Walter Reed Army Medical Center (Washington, DC)

Description of Data Breach - Sensitive information on about 1,000 patients at Walter Reed Army Medical Center and other military hospitals was exposed in a security breach. Names, Social Security numbers, birth dates and other information was released. Preliminary results of an on-going investigation have identified a computer from which the data was apparently compromised. Walter Reed officials decline to explain exactly how the information was compromised.

• If you, or a member of your family, were affected:
  Phone: (877) 854-8542 ext. 9
  

Return To The Top

Pocono Mountain School District (Swiftwater, PA)

Description of Data Breach - A hacker apparently broke into the computers at Pocono Mountain School District and may have tapped into confidential information concerning students and their parents. The information that may have been compromised includes: Student ID, network password, SSN if provided, ethnicity, gender, birthdate, grade, grade year, building number, building name, homeroom number, homeroom teacher, attendance code (if absent), dietary allergies (for food services), bus assignment, free/reduced lunch status, home phone, primary home mailing address, secondary mailing address, parent names, parent home phone numbers, emergency contact names, and emergency contact phone numbers.

• If you, or a member of your family, were affected:
  Phone: (570) 873-7121 ext. 10151
• More Information:
  Pocono Mountain School District - Letter to Parents
  Pocono Record
  

Return To The Top

University of California at San Francisco (San Francisco, CA)

Description of Data Breach - The University of California San Francisco had discovered a security breach involving a computer that held personal patient information such as patient names, dates of pathology service, health information and, in some cases, social security numbers. On January 11, 2008, UCSF discovered unusual data traffic on one of its computers during routine monitoring of the campus computer network. There is no indication that any patient files were accessed.

• If you, or a member of your family, were affected:
  Phone: (415) 353-7427
  Email: PathHotline@ucsf.edu
• More Information:
  UCSF News Release
  

Return To The Top

LPL Financial (Boston, MA)

• Date of Occurrence: 7/16/2007
• Number of People Potentially Affected: 10,219

Description of Data Breach - Hackers compromised the logins of fourteen financial advisors and four assistants of LPL Financial in branches located in New Jersey, Illinois, Rhode Island, Pennsylvania, Colorado, Texas, California, Georgia and Connecticut over the course of several months. These incidents affected approximately 10,219 individuals. The information that was potentially accessible included unencrypted names, addresses and Social Security numbers of customers and non-customer beneficiaries.

• More Information:
  Maryland State Attorney General breach notification
  

Return To The Top

Downingtown Area School District (Downingtown, PA)

• Date of Occurrence: 5/9/2008
• Number of People Potentially Affected: 50,000

Description of Data Breach - A 15-year-old student gained access to files on a computer at Downingtown West High School. Numerous files containing personal information of 70 staff members and several thousand tax payers were apparently copied and distributed to other students. The files contained salary information and Social Security numbers.

• More Information:
  CBS Channel 3 News
  The Philadelphia Inquirer
  

Return To The Top

Oklahoma State University (Stillwater, OK)

• Date of Occurrence: 11/23/2007
• Number of People Potentially Affected: 70,000

Description of Data Breach - A breach in an Oklahoma State University computer server exposed names, addresses and Social Security numbers of students, staff and faculty who bought parking and trasit services permits in the past six years.

• More Information:
  Oklahoma State University
  The Oklahoman
  

Return To The Top

University of Colorado (Boulder, CO)

• Date of Occurrence: between 1997 and 2003
• Number of People Potentially Affected: 9,500 approx.

Description of Data Breach - The University of Colorado at Boulder announced that three computers in the Division of Continuing Education and Professional Studies were compromised, leaving nearly 10,000 people open to potential identity theft. Officials say students and instructors who were involved in these departments between 1997 and 2003 were affected.

• More Information:
  University of Colorado at Boulder
  KUSA Channel 9 News
  

Return To The Top

Baltimore Highway Administration (Baltimore, MD)

• Date of Occurrence: 4/25/2008
• Number of People Potentially Affected: 1,800

Description of Data Breach - An employee transferred personnel transaction data from a secure drive to a SHA shared drive. Sensitive personal imformation concerning employees included names and Social Security numbers.

Return To The Top

WiseBuys Stores, Inc. (Canton, NY)

• Date of Occurrence: between December 5, 2007 and December 20, 2007
• Number of People Potentially Affected: Unknown

Description of Data Breach - Someone apparently hacked into the Canton WiseBuys store computer system during a changeover between December 5 and December 20. The hacker obtained credit and debit card numbers of hundreds of customers.

• More Information:
  WWTI Channel 50 News
  Watertown Daily Times
  

Return To The Top

Fishback Financial Corp. (Brookings, SD)

• Date of Occurrence: 4/22/2008
• Number of People Potentially Affected: Unknown

Description of Data Breach - There has been an unauthorized access to one of the database servers by a third party. The database includes names, addresses and Social Security numbers.

Return To The Top

LendingTree, LLC (Charlotte, NC)

• Date of Occurrence: between October 2006 and early 2008
• Number of People Potentially Affected: Unknown

Description of Data Breach - LendingTree has told its customers that former employees helped unauthorized mortgage lenders hack into its systems and steal customer information from 2006 to 2008. Several former employees may have taken company passwords and given them to a handful of lenders. These lenders then used the passwords to access LendingTree customer information files, normally available only to LendingTree-approved lenders, to market loans to LendingTree's customers. The files contained loan request data such as name, address, email address, telephone number, Social Security number, income and employment.

• If you, or a member of your family, were affected:
  Phone: (866) 505-8874
  Customer Service Representatives are available from 9AM to 9PM, seven days a week (Eastern Time)
• More Information:
  LendingTree FAQs
  NetworkWorld
  

Return To The Top

University of Massachusetts (Amherst, MA)

• Date of Occurrence: 4/11/2008
• Number of People Potentially Affected: Unknown

Description of Data Breach - Hackers breached the computer system used by UMass Amherst's Health Services, potentially gaining access to thousands of medical records. More than half of the student population at UMass Amherst are patients on record at the University Health Services. The workstations in question contained limited patient information.

• If you, or a member of your family, were affected:
  Phone: (413) 545-0444
  
• More Information:
  UMass Amherst Press Release
  CBS Channel 3 News (Springfield)
  

Return To The Top

Swimwear Boutique (Blanco, TX)

• Date of Occurrence: 3/28/2008
• Number of People Potentially Affected: Unknown

Description of Data Breach - SwimwearBoutique.com has determined on March 28, 2008 that it was the victim of an illegal intrusion into its systems. Criminals unlawfully obtained access to certain databases containing various information, which could have included names, addresses, and credit card information of approximately 37 residents of New Hampshire, who were SWB customers.

• If you, or a member of your family, were affected:
  Phone: (866) SWIMWEAR
• More Information:
  The New Hampshire State Attorney General breach notification
  

Return To The Top

Stryker Corporation (Kalamazoo, MI)

• Date of Occurrence: 2/18/2008
• Number of People Potentially Affected: Unknown

Description of Data Breach - On February 18, 2008, Stryker Instruments, a division of Stryker Corporation (collectively, "Stryker"), discovered that an unauthorized user recently gained access to its virtual private network (VPN) multiple times over a period of several months. Investigation revealed that the unauthorized user accessed several Stryker servers and applications. One of the servers accessed by the unauthorized user contained a database of Social Security numbers of certain employees in 48 different states and Puerto Rico.

• If you, or a member of your family, were affected:
  ID TheftSmart Member Services: (800) 588-9839
  Between 9AM and 6PM (Eastern Time)

• More Information:
  The New Hampshire State Attorney General breach notification
  

Return To The Top

First Federal Bank of California (Los Angeles, CA)
Fiserv, Inc. (Brookfield, WI)

• Date of Occurrence: 3/22/2008
• Number of People Potentially Affected: Unknown

Description of Data Breach - Customers were informed by letter from First Federal Bank of California that their "non-public private account" information might be at risk. First Federal Bank of California was not the only financial institution impacted by the security breach that occured in a "subsystem of financial data processor", Fiserv, Inc. of Wisconsin. Fiserv, Inc. says that both local and federal law enforcement are involved in the investigation. The details about the breach including the number of banks involved, how many customers were impacted, the depth of information breached, how extensive the breach was geographically or even which federal agencies were involved in the investigation could not be disclosed due to Fiserv "company policy".

• More Information:
  The Orange County Register
  

Return To The Top

Williamsville North High School (Williamsville, NY)

• Date of Occurrence: March 2008
• Number of People Potentially Affected: 1,800

Description of Data Breach - Several current and former students broke into a school district's computer system in western New York last month and copied secure files that included the personal information and Social Security numbers of school employees. The students had gained unauthorized access to the sensitive information three times. Officials say they have no evidence that any of the accessed data has been distributed or used to commit crimes.

• If you, or a member of your family, were affected:
  Phone Local Police: (716) 689-1311
• More Information:
  WCAX-TV News
  

Return To The Top

New York Presbyterian Hospital / Weill Cornell Medical Center (New York, NY)

• Date of Occurrence: January 2008
• Number of People Potentially Affected: 50,000

Description of Data Breach - In January, the hospital was made aware of a theft which involved a former employee of the New York Presbyterian Hospital/Weill Cornell Medical Center. The former employee pleaded guilty to selling information since 2006 from the personal records including names, phone numbers and social security numbers of over 50,000 male patients between 58 and 78 years old. Those whose identities have been stolen will receive a letter detailing what happened, and have access to a hotline with credit-monitoring services.

• More Information:
  New York Post
  The Cornell Daily Sun
  

Return To The Top

Joliet West High School (Joliet, IL)

• Date of Occurrence: 3/7/2008
• Number of People Potentially Affected: Unknown

Description of Data Breach - A student using a school computer was able to access personal information about every student enrolled. The student allegedly downloaded a list of names and Social Security numbers to his iPod.

• More Information:
  The Herald News
  

Return To The Top

Okemo Mountain Resort (Ludlow, VT)

• Date of Occurrence: 2/7/2008 through 2/22/2008
• Number of People Potentially Affected: 46,569

Description of Data Breach - Okemo Mountain Resort announced that it has been a recent target of criminal effots to gain access to credit data by infiltration of its computer network at Okemo Mountain Ski Area. Okemo believes the intruder gained potential access to credit card data including cardholder names, account numbers and expiration dates for a 16 day period between February 7, 2008 and February 22, 2008.

• If you, or a member of your family, were affected:
  Toll Free Hotline: (866) 756-5366
• More Information:
  Okemo Mountain Resort News Release
  WTNH Channel 8 News
  

Return To The Top

Advance Auto Parts, Inc. (Roanoke, VA)

• Date of Occurrence: 3/31/2008
• Number of People Potentially Affected: 56,000

Description of Data Breach - Advance Auto Parts, Inc. released information regarding the Company becoming the victim of a network intrusion. The investigation by Advance Auto Parts revealed that data from 14 of its stores may have been impacted, potentially compromising customer financial information including credit card, debit card and checking account information of up to 56,000 customers.

• If you, or a member of your family, were affected:
  Toll Free Hotline: (800) 704-1154
  Available through May 31, 2008 from 8AM-12PM EDT
• More Information:
  Advance Auto Parts News Release
  eWeek.com
  

Return To The Top

Illinois Eye Center (Peoria, IL)

• Date of Occurrence: June to November 2007
• Number of People Potentially Affected: Unknown

Description of Data Breach - Peoria's Illinois Eye Center has warned its clients that a former employee allegedly accessed confidential patient records for potential identity theft usage. According to a letter the eye center sent to affected patients, the records obtained include patient names, Social Security numbers and birth dates. It is believed females between ages 18 and 25 were targeted.

• More Information:
  WEEK NBC News
  

Return To The Top

Anitoch University (Yellow Springs, OH)

• Date of Occurrence: 2/13/2008
• Number of People Potentially Affected: 70,000

Description of Data Breach - On February 13, 2008, a security incident occurred on one of the Anitoch University's computer systems which contained personal information on about 70,000 people. Investigators determined that an unauthorized intruder breached one of Antioch's computer systems on three different occasions: June 9, 2007, June 10, 2007 and October 11, 2007. The system contains files with Social Security numbers, names, academic records for students and former students, and payroll records for Antioch's employees and former employees. It also contains names and Social Security numbers for student applicants.

• If you, or a member of your family, were affected:
  Toll Free Hotline: (866) 905-2288
  Available April 1 through May 30, 2008 from 9AM-5PM EDT
• More Information:
  Antioch University FAQs
  Antioch University Security Letter
  The Associated Press
  

Return To The Top

Broward County Public Schools (Coconut Creek, FL)

• Date of Occurrence: 3/23/2008
• Number of People Potentially Affected: 38,000

Description of Data Breach - A high school senior hacked into a district computer and collected Social Security numbers and addresses of district employees. Investigators also found information about students at the high school the senior attended, a host of password hacker programs and credit card generators - or software that can falsify credit card information - in a school computer used by the student.

• More Information:
  South Florida Sun-Sentinel
  

Return To The Top

Western Carolina University (Cullowhee, NC)

• Date of Occurrence: 3/22/2008
• Number of People Potentially Affected: 555

Description of Data Breach - Somene had hacked into a computer server and had access to the Social Security numbers of 555 graduates of the university who had signed up for a newsletter.

• More Information:
  Asheville Citizen-Times
  

Return To The Top

U.S. Department of State

• Date of Occurrence: 3/20/2008
• Number of People Potentially Affected: Unknown

Description of Data Breach - The passport files of all three major presidential candidates were breached by unauthorized searches by four employees. It is expected and assumed that there are more affected individuals, but due to the sensational nature of events, the full extent of the breach is not known. It is not clear whether the employees saw anything other than basic personal data such as name, citizenship, age, Social Security number and place of birth, which is required when a person fills out a passport application.

• More Information:
  MSNBC News Story
  Associated Press Story
  Stanley, Inc. Official Company Statement
  Statement from The Analysis Corporation
  

Return To The Top

Wolters Kluwer (New Hampshire)

• Date of Occurrence: 3/10/2008
• Number of People Potentially Affected: Unknown

Description of Data Breach - On February 27, 2008, Lippincott Williams & Wilkins, a Wolters Kluwer business was informed by the company that hosts one of their websites, www.stedmans.com, that personal information collected from consumers through the website may have been compromised through an unauthorized intrusion into the server that stores information from individuals who purchased products at their website. The personal information that may have been compromised may include names, addresses, telephone numbers, email addresses, credit card numbers, expiration dates, and card verification numbers of individuals who made purchases at the site from apporximately August 30, 2007 to February 27, 2008.

• If you, or a member of your family, were affected:
  Phone: (800) 621-7500
• More Information:
  The New Hampshire State Attorney General breach notification
  

Return To The Top

Lasell College (Newton, MA)

• Date of Occurrence: 2/6/2008
• Number of People Potentially Affected: 20,500

Description of Data Breach - Lasell College recently learned that on or about February 6, 2008, an employee without proper authority accessed the College's computer network. The hacker accessed data containing personal information about current and former students, faculty, staff and alumni. Information included names and Social Security numbers.

• If you, or a member of your family, were affected contact Ruth Shuman, Dean for Institutional Advancement:
  Phone: (617) 243-2140
• More Information:
  Lasell College News Advisory
  The Boston Globe
  The New Hampshire Attorney General breach notification
  

Return To The Top

The Dental Network (New Hampshire)

• Date of Occurrence: 3/10/2008
• Number of People Potentially Affected: Unknown

Description of Data Breach - A security breach of the Dental Network web site left access to member personal data, including names, Social Security numbers, addresses and dates of birth unprotected for approximately two weeks. The Dental Network is and independent licensee of the Blue Cross and Blue Shield Association.

• If you, or a member of your family, were affected:
  Phone: (866) 879-7402
  Website: ids.thedentalnet.org
• More Information:
  The New Hampshire Attorney General breach notification
  

Return To The Top

Hannaford (Portland, ME)

• Date of Occurrence: 3/17/2008
• Number of People Potentially Affected: 4,200,000

Description of Data Breach - This security breach affects all of its 165 stores in the Northeast, 106 Sweetbay stores in Florida and a smaller number of independent groceries that sell Hannaford products. The company is currently aware of abut 1,800 cases of reported fraud related to the security breach. Credit and debit card numbers were stolen during the card authorization transmission process, but no personal information was divulged.

• If you, or a member of your family, were affected:
  Customer Information Center: (866) 591-4580
• More Information:
  Hannaford CEO Message
  The Boston Globe
  PC World
  

Return To The Top

Utah Division of Finance (Salt Lake City, UT)

• Date of Occurrence: 3/15/2008
• Number of People Potentially Affected: 500

Description of Data Breach - Computer files containing the personal information of approximately 500 individuals may have been accessed by unauthorized persons during a security breach. An initial investigation indicates it is highly unlikely the person who breached the computer system was able to access any personal information.

• More Information:
  The Salt Lake Tribune
  

Return To The Top

Harvard University (Cambridge, MA)

• Date of Occurrence: 3/12/2008
• Number of People Potentially Affected: 6,600

Description of Data Breach - Harvard University notified students at the Graduate School of Arts and Sciences that their personal information may have been compromised when a hacker hijacked the school's web server. The server contained approximately 6,600 summaries from admissions candidates consisting of each applicant's name, Social Security number, date of birth, address, e-mail address, phone numbers, test scores, previous school attended, and school records. The remainder of the admissions data did not involve Social Security numbers. There were approximately 500 summaries that included Harvard University ID numbers.

• More Information:
  Harvard University Gazette
  The Boston Globe
  The Boston Herald
  

Return To The Top

MTV Networks (Los Angeles, CA)

• Date of Occurrence: 2/7/2008
• Number of People Potentially Affected: 5,000

Description of Data Breach - Computer files with confidential data on employees at MTV Networks were breached by someone outside the company. Personal information in the files included names, birth dates, Social Security numbers and compensation data.

• More Information:
  Reuters
  Rocky Mountain News
  

Return To The Top

Tenet Healthcare (Dallas, TX)

• Date of Occurrence: 2/13/2008
• Number of People Potentially Affected: 37,000

Description of Data Breach - A former employee working in the Tenet Healthcare Corporation billing center in Frisco, Texas is confirmed to have stolen the names, Social Security numbers and other personal information belonging to at least 90 patients, but also had access to 37,000 other accounts.

• If you, or a member of your family, were affected:
  Phone: (800) 553-6101 between 8 AM and 6 PM weekdays
• More Information:
  The Beaufort Gazette online story
  

Return To The Top

• Date of Occurrence: 1/30/2008
• Number of People Potentially Affected: 226,000

Description of Data Breach - Davidson Companies announced that a database containing sensitive personal information belonging to clients and former clients was accessed via an "illegal network intrusion". A computer hacker broke into a database and obtained the names and Social Security numbers of virtually all of the Great Falls financial services company's clients. The database also included information such as account numbers and balances.

• If you, or a member of your family, were affected:
  Current clients should call: (800) 909-6485
  Former clients should call: (800) 736-6153
• More Information:
  Davidson Companies "Important Client Announcement"
  Great Falls Tribune online story
  InformationWeek news story
  

Return To The Top

OmniAmerican Bank (Fort Worth, TX)

• Date of Occurrence: 1/23/2008
• Number of People Potentially Affected: Unknown

Description of Data Breach - An "international gang of cyber criminals" hacked into OmniAmerican bank systems. They stole account numbers, created new personal identification numbers (PINs), fabricated debit cards, then withdrew cash from ATMs in Eastern Europe, Russia, Ukraine, Britain, Canada and New York. Fewer than 100 accounts, some of them dormant, were compromised.

• More Information:
  Star-Telegram Story
  Sacramento Bee Story
  

Return To The Top

Baylor University (Waco, TX)

• Date of Occurrence: Unknown
• Number of People Potentially Affected: Unknown

Description of Data Breach - A student employee breached the security of the Baylor Information Network to access the Bear ID and passwords of those logging on to the BIN. This access didn't include sensitive information like Social Security Numbers, financial information or academic records. It was just unlawful access to Bear IDs and passwords. The information did, however, give access to Baylor e-mail and Blackboard accounts.

Return To The Top

California State University, Stanislaus (Turlock, CA)

• Date of Occurrence: Over winter break
• Number of People Potentially Affected: Unknown

Description of Data Breach - A possible data dreach occured on a food vendor's computer server. Credit card numbers, cardholder names and expiration dates were exposed, leaving hundreds, possibly thousands, of university students, staff and guests open to identity theft, with victims reporting fake charges on their cards. Social Security numbers were not accessible.

• If you, or a member of your family, were affected:
  Phone-Univesity Police: (209) 667-3114
  

Return To The Top

University of Georgia (Athens, GA)

• Date of Occurrence: Sometime between 12/29/2007 and 12/31/2007
• Number of People Potentially Affected: 4,250

Description of Data Breach - Former and perspective residents of a university housing complex affected by a hacker that was able to access a server containing personal information, including Social Security numbers. A computer with an overseas IP address was able to access the personal information—including Social Security numbers, names and addresses—of 540 current graduate students living in graduate family housing and 3,710 former students and applicants.

• More Information:
  Associated Press Report on ajc.com
  WNEG Channel 32 News
  

Return To The Top

Geeks.com - Genica Corporation (Oceanside, CA)

• Date of Occurrence: 12/5/2007
• Number of People Potentially Affected: Unknown

Description of Data Breach - Personal and financial data may have been compromised by an intrusion into the systems of the online retailer's Web site. Compromised information included the names, addresses, telephone numbers and Visa credit card numbers.

• If you, or a member of your family, were affected:
  Phone: (888) 529-6261
• More Information:
  The Consumerist Story
  Computerworld Story
  

Return To The Top

Robotic Industries Association (Ann Arbor, MI)

• Date of Occurrence: 12/20/2007
• Number of People Potentially Affected: Unknown

Description of Data Breach - A hacker accessed the administration site for Robotics Online gaining access to individual orders that contained credit card information. Seven residents of New Hampshire were affected, but national totals were not indicated.

• If you, or a member of your family, were affected:
  Phone: (734) 994-6088
• More Information:
  If you have additional questions, please call First Advantage Membership Services, who is assisting Robotic Industries Association with answering your inquiries. They can be reached toll-free at 1-888-217-0294.
  

Return To The Top

Franklin County Municipal Court(Columbus, OH)

• Number of People Potentially Affected: 270

Description of Data Breach - At least six central Ohioans are now under investigation by the U.S. Secret Service for hacking into a government Web site and stealing Social Security numbers to create false credit accounts. More than 270 people nationwide might have been victimized by a security lapse in the Franklin County Municipal Court Web site. Someone was randomly feeding Social Security numbers into a clerk's site, which contained personal information for thousands of people charged with misdemeanors, some guilty of only a speeding ticket. Once a number was hit on, the name, address, age and other information could be used to obtain credit cards and open bank accounts.

Return To The Top

KimsCrafts (Topsham, ME)

• Date of Occurrence: 12/14/2007
• Number of People Potentially Affected: 4,500

Description of Data Breach - This potential breach of security with its e-commerce website would have allowed access to consumer information from August 13, 2007 to October 1, 2007 that was limited to names, addresses and credit card numbers

• If you, or a member of your family, were affected:
  Phone: (800) 830-5480 x21
• Additionally, you may contact the Federal Trade Commission (FTC): (877) ID-THEFT
  

Return To The Top

Dixie State College (St George, UT)

• Date of Occurrence: 10/23/2007
• Number of People Potentially Affected: 11,000

Description of Data Breach - An unauthorized person reportedly gained access to a computer system and confidential files that included the Social Security numbers, birth date information and addresses for 11,000 alumni and current DSC employees who graduated from or worked at DSC from 1986 to 2005.

• If you, or a member of your family, were affected:
  Phone: (866) 295-3033 Email: idprotect@dixie.edu
  

Return To The Top

Bates College (Lewiston, ME)

• Date of Occurrence: 10/23/2007
• Number of People Potentially Affected: 500

Description of Data Breach - Two publicly accessible documents that contained the record of nearly 500 recipients of the federal Perkins Loan; along with each recipient's address, date of birth, Social Security number, legal name and loan amount; were accessible on the Bates network.

• If you, or a member of your family, were affected: You may want to contact Bates College Student Accounts or the Bates Information and Library Services Dept
• More Information:
  Potential Breach' of Confidential Student Data
  

Return To The Top

Montana State University (Bozeman, MT)

• Date of Occurrence: 10/13/2007
• Number of People Potentially Affected: 1,400

Description of Data Breach - An unknown hacker remotely accessed a computer server that housed records containing credit card numbers and Social Security numbers of students who enrolled online for MSU Extended University courses during the last two years. The data in question were encrypted, and there is no evidence that personal information was stolen.

• If you, or a member of your family, were affected: A security alert was published by Montana State University.
• Phone: (406) 994-6550 Email: ExtendedU@montana.edu
  

Return To The Top

Pembroke Schools (Pembroke, MA)

• Date of Occurrence: 10/9/2007
• Number of People Potentially Affected: Unknown

Description of Data Breach - Personal information on anyone who worked or volunteered for the Pembroke schools in the last four years was accessible via the Internet because of a weakness in the district’s computer system. The information included names, birth dates and Social Security numbers.

• If you, or a member of your family, were affected:  Call the
  Office of the Superintendent at Pembroke, MA (781) 829-1178
  

Return To The Top

The Nature Conservancy

• Date of Occurrence: 10/2/2007
• Number of People Potentially Affected: 14,000

Description of Data Breach - A hacker illegally gained access to a computer belonging to The Nature Conservancy. The computer contained personal information on current and former employees and their dependents. The stolen information included the names, home addresses, Social Security numbers and birth dates. It also included direct deposit bank account numbers for employees who were on the payroll between 2000 and 2004, as well as the Social Security numbers of those employees’ dependents. When employees accessed a particular Web site, the site planted a program on the employees’ computers that copied the contents of the hard drives and sent the information to the hacker.

• If you, or a member of your family, were affected:
  New Hampshire Attorney General notification (PDF)
• More Information:
  Breach Blog Post - Lists specific information and resources

Return To The Top

TD Ameritrade Holding Corp. (Omaha, NE)

• Date of Occurrence: 9/14/2007
• Number of People Potentially Affected:

Description of Data Breach - One of Ameritrade’s databases was hacked and contact information for its more than 6.3 million customers was stolen. A spokeswoman for the Omaha-based company said more sensitive information in the same database, including Social Security numbers and account numbers, does not appear to have been taken. "We were able to conclude that while Social Security Numbers are stored in this particular database, SSNs were not retrieved." The company said names, e-mail addresses, phone numbers, and home addresses were taken in the data breach. Company customers did received unwanted spam because of this breach.

• If you, or a member of your family, were affected: 
  Account holders should have received notification from TD Ameritrade and the official press release, which includes additional information and details, can be found online in TD Ameritrade News Section.
• More Information:
  Ameritrade Notifies Customers Of Data Breach - InformationWeek
  Ameritrade Warns Clients About Potential Data Breach - NetworkWorld
  

Return To The Top

University of South Carolina (Columbia, SC)

• Date of Occurrence: 9/6/2007
• Number of People Potentially Affected: 1,482

Description of Data Breach - A number of files containing Social Security numbers, test scores and course grades were exposed online. It appears the person responsible for the breach may not have known enough about computers to realize the information could be accessed outside the university system.

• If you, or a member of your family, were affected:
  Per Aaron Titus' blog post on this breach, individuals who have been affected by this breach can search for their names at SSNBreach.org for more information.:
  

Return To The Top

Monster.com

• Date of Occurrence: 8/23/2007
• Number of People Potentially Affected: 1.6 Million job seekers. It does not appear that SSNs or financial account numbers were exposed

Description of Data Breach - Hackers stole the names, e-mail addresses and telephone numbers of about 146,000 subscribers to USAJOBS.gov. The hackers accessed the information from the resume database run by Monster.com, which provides the technology for USAJOBS.gov. Monster Worldwide told OPM that no Social Security numbers were compromised.

• If you, or a member of your family, were affected:
  Contact information and details can be found here:
  USAJOBS News Release
  Monster.com Press Release
• More Information:
  Monster.com Admits Keeping Data Breach Under Wraps - Fox News
  WPF Consumer Alert: Monster.com Data Breach
  

Return To The Top

Sky Lakes Medical Center / Verus Inc. (Klamath Falls, OR.)

• Date of Occurrence: 8/15/2007
• Number of People Potentially Affected: 30,000

Description of Data Breach The company that maintained the hospital's online bill payment system, transferred patient information from one server to another to perform maintenance but didn't take security measures, leaving information such as names, addresses and Social Security numbers exposed.

• If you, or a member of your family, were affected: 
  The hospital terminated its contract with the vendor, shut down the system and scanned records to see if they were accessed inappropriately. No evidence of unauthorized access was discovered.
  Specific Sky Lakes Information 
• More Information:
  Blog Post from SC Magazine's Data Breach Blog
  

Return To The Top

Wabash Valley Correctional Facility (Indianapolis, IN)

• Date of Occurrence: 8/3/2007
• Number of People Potentially Affected: Unknown

Description of Data Breach - A database containing Social Security numbers, dates of birth and names of people employed at the facility between 1997 and 2002 was unintentionally moved “from a secure private drive that was accessible only by the human resources department to a shared directory that could be accessed by other employees here.”

• If you, or a member of your family, were affected:
  Wabash Valley Correctional Facility Website
• More Information:
  Computer Breach Gives Prison Staff Access to Employee Information
  

Return To The Top

City Harvest (New York, NY)

• Date of Occurrence: 7/27/2007
• Number of People Potentially Affected: 12,000

Description of Data Breach City Harvest is currently investigating a potential improper access of systems that contained credit card information of their donors.

• If you, or a member of your family, were affected:
  Phone: (917) 351-8763

Return To The Top

University of Michigan

• Date of Occurrence: 7/21/2007
• Number of People Potentially Affected: 5,500

Description of Data Breach University databases were hacked. Names, addresses, Social Security numbers, birth dates, and in some cases, the school districts where former students were teaching were exposed, however "University Spokeswoman Kelly Cunningham said the initial review indicated that the server was being used to launch an attack on a computer unaffiliated with the University, and that students' personal information was not a specific target".

• If you, or a member of your family, were affected:
  It has been indicated that letters were sent to potentially affected students and personnel, but here is a link to the University of Michigan, School of Education contact information.
• More Information (Source):
  Two 'U' Databases Hacked
  

Return To The Top

Western Union

• Date of Occurrence: 7/17/2007
• Number of People Potentially Affected: 20,000

Description of Data Breach Credit card information and names were hacked from a database. The thieves got names, addresses, phone numbers and complete credit-card information.

• More Information:
  Hackers Tap Western Union - Dark Reading
  Western Union Reveals Customer Data Theft - EarthTimes.com

Return To The Top

University of California, Davis

• Date of Occurrence: 6/27/2007
• Number of People Potentially Affected: 1,120

Description of Data Breach - Computer-security safeguards were breached and accessed information including the applicants' names, birth dates and, in most cases, Social Security numbers.

• If you, or a member of your family, were affected:
  Affected veterinary medical students, admitted students and applicants seeking more guidance will be able to access a special computer security information page at the School of Veterinary Medicine Website. Those who seek additional help are asked to contact the School of Veterinary Medicine Dean's Office at:
  Email: deansoffice@vetmed.ucdavis.edu
  Phone: (530) 752-8032.
• More Information:
  Official News Release from UC Davis

Return To The Top

University of Iowa

• Date of Occurrence: 6/8/2007
• Number of People Potentially Affected: 1,100

Description of Data Breach Social Security numbers of faculty, students and prospective students were stored on the Web database program that was compromised.

• If you, or a member of your family, were affected:
  Security Information from the University of Iowa Website
• More Information:
  University of Iowa Reports Computer Breach

Return To The Top

University of Virginia

• Date of Occurrence: 6/8/2007
• Number of People Potentially Affected: 5,735

Description of Data Breach This breach occurred in one of the computer applications that resulted in exposure of sensitive information belonging to current and former U.Va. faculty members. The information included names, Social Security numbers and dates of birth. The investigation has revealed that on 54 separate days between May 20, 2005 and April 19, 2007, hackers tapped into the records of 5,735 faculty members.

• If you, or a member of your family, were affected:
  Toll Free Hotline: (866) 621-5948
  Email: identity-assistance@virginia.edu
• More Information:
  Official Release from the University of Virginia
  

Return To The Top

University of Colorado, Boulder

• Date of Occurrence: 5/22/2007
• Number of People Potentially Affected: 45,000 Students

Description of Data Breach - A hacker launched a worm that attacked a University computer server used by the College of Arts and Sciences. Information for 45,000 students enrolled at UC-B from 2002 to the present was exposed, including SSNs. The breach was discovered May 12. Apparently anti-virus software had not been properly configured.

• If you, or a member of your family, were affected:
  University of Colorado News Release
  Students who wish to know more about how to deal with identity theft can visit a special CU Web Page (PDF)
• More Information:
  From the University of Colorado Website
  University Blames Security Breach On Unpatched Symantec Bug
  
  

Return To The Top

Illinois Dept of Financial and Professional Regulation

• Date of Occurrence: 5/19/2007
• Number of People Potentially Affected: 300,000 Licensees and Applicants

Description of Data Breach - A computer server in the office of the Illinois Dept. of Financial and Professional Regulation was breached earlier this year. SSNs, tax numbers, and addresses of banking and real estate professionals were exposed. The hacking incident was discovered May 3

• If you, or a member of your family, were affected:
  Official News Release on the State if Illinois Website
• More Information:
  Hackers Blamed For Data Breach That Compromised 300,000
  

Return To The Top

Goshen College

• Date of Occurrence: 5/12/2007
• Number of People Potentially Affected: 7,300

Description of Data Breach - A hacker accessed a college computer that contained the names, addresses, birth dates, Social Security numbers and phone numbers of students and information on some parents with the suspected motivation of using the system to send spam e-mails.

• If you, or a member of your family, were affected:
  Contact: Richard R. Aguirre
  Director of Public Relations
  Email: rraguirre@goshen.edu
  Official Press Release
• More Information:
  Computer Security Breach at Goshen College — Q & A
  

Return To The Top

University of Missouri

• Date of Occurrence: 5/8/2007
• Number of People Potentially Affected: 22,396

Description of Data Breach A hacker accessed a computer database containing the names and Social Security numbers of employees of any campus within the University system in 2004 who were also current or former students of the Columbia campus.

• If you, or a member of your family, were affected:
  Office Phone: (573) 884-7222
  Toll Free: (866) 241-5619
  (8 AM to 5 PM CST, Monday through Friday)
  Website
  Univerity of Missouri Official Press Release
• More Information:
  22,000 Hit In University Of Missouri Data Breach
  

Return To The Top

Georgia Institute of Technology

• Date of Occurrence: 2/21/2007
• Number of People Potentially Affected: 3,000

Description of Data Breach Personal information of former employees mostly in the School of Electrical and Computer Engineering including names, addresses, Social Security number, other sensitive information, and about 400 state purchasing card numbers was compromised by unauthorized access to a Georgia Tech computer account.

• If you, or a member of your family, were affected:
  Matthew Nagel, Institute Communications & Public Affairs
  Email: matthew.nagel@icpa.gatech.edu
  Phone: 404-894-7460
• More Information:
  Georgie Institute of Technology Press Release
  

Return To The Top

Iowa Department of Education

• Date of Occurrence: 2/14/2007
• Number of People Potentially Affected: 600

Description of Data Breach - Up to 600 files of G.E.D. recipients were viewed when the online database was hacked. Files included names, addresses, birthdates, and SSNs of G.E.D. graduates from 1965 to 2002.

• If you, or a member of your family, were affected:
  Official Press Release
  Contact Information:
  Elaine Watkins-Miller                                       
  Phone: 515-281-5651
• More Information:
  Privacy Breach, Hackers and Lawsuits
  

Return To The Top

Radford University, Waldron School of Health and Human Services

• Date of Occurrence: 2/9/2007
• Number of People Potentially Affected: 2,400 Children

Description of Data Breach - A computer security breach exposed the personal information, including SSNs, of children enrolled in the FAMIS program, Family Access to Medical Insurance Security.

• If you, or a member of your family, were affected:
  Waldron College of Health and Human Services
  Phone: 540.831.7600
  Email: wchs-web@radford.edu
• More Information:
  RU Security Breach Linked to Child Health Care
  

Return To The Top

University of Missouri, Research Board Grant Application System

• Date of Occurrence: 2/2/2007
• Number of People Potentially Affected: 3,799

Description of Data Breach - A hacker broke into a UM computer server mid-January and might have accessed personal information, including SSNs, of 1,220 researchers on 4 campuses. The passwords of 2,579 individuals might also have been exposed.

• If you, or a member of your family, were affected:
  UM Research Board Office - Phone: 573-882-1714
  Research Board Home Page (with contact information)
• More Information:
  Hacker hits MU database - originally found on Fergie's Tech Blog
  

Return To The Top

TJ Stores (TJX)

• Date of Occurrence: 1/17/2007
• Number of People Potentially Affected: 45,700,000 credit and debit card account numbers & 455,000 merchandise return records containing customer names and driver's license numbers

Description of Data Breach - The TJX Companies Inc. experienced an "unauthorized intrusion" into its computer systems that process and store customer transactions including credit card, debit card, check, and merchandise return transactions. It discovered the intrusion mid-December 2006. Transaction data from 2003 as well as mid-May through December 2006 may have been accessed. According to its Web site, TJX is "the leading off-price retailer of apparel and home fashions in the U.S. and worldwide."

• If you, or a member of your family, were affected:
  Important Phone Numbers:
  866-484-6978 in the United States, 866-903-1408 in Canada, and 0800 77 90 15 in the United Kingdom and Ireland
  Website: http://www.tjx.com
  The Official Notice on BusinessWire
• More Information:
  TJX Data Breach: At 45.6M Card Numbers, It's The Biggest Ever - ComputerWorld

Return to data breach overview page.

Return To The Top