Who’s Losing Data?

The Privacy Rights Clearinghouse keeps tabs on data breaches and provides some examples of how personal data gets into the hands of bad guys.

eye_mask_rob_securityBefore you hit “Send” or fill out a job application, do you ever wonder how careful a particular company is to protect your resume information? If so, you might consider checking to see whether it’s had the dubious distinction of appearing on the Privacy Rights Clearinghouse’s running chronology of data breaches.

The chronology lists data breaches that have been reported because the compromised personal information included Social Security, account and driver’s-license numbers — all data used by thieves to steal identities. What follows is a selection from that list of some large, well-known companies and how their data stores were compromised:

June 14, 2007
Lynchburg City, Lynchburg, Va.
Number of compromised records: 1,200

Personal information of Lynchburg city employees and retirees was accidentally posted on the city’s Web site, along with information about employees’ prescription medications.

Aug. 3, 2009
National Finance Center, Washington, DC
Number of compromised records: 27,000

An employee with the National Finance Center mistakenly sent an Excel spreadsheet containing the employees’ personal information to a co-worker via e-mail in an unencrypted form. The names and Social Security numbers of at least 27,000 Commerce Department employees were exposed.

Aug. 4, 2009
New Hampshire Department of Corrections, Laconia, N.H.
Number of compromised records: 1,000

A 64-page list containing the names and Social Security numbers of about 1,000 employees of the state Department of Corrections ended up under the mattress of a minimum-security prisoner. The prison contracts with vendors to shred documents, and investigators are trying to find out why documents were not destroyed.

Aug. 13, 2009
National Guard Bureau, Arlington, Va.
Number of compromised records: 131,000

An Army contractor had a laptop stolen containing personal information about 131,000 soldiers enrolled in the Army National Guard Bonus and Incentives Program. The data included names, Social Security numbers, incentive payment amounts and payment dates.

Aug. 14, 2009
American Express, New York, NY
Number of compromised records: Unknown

Some American Express card members’ accounts may have been compromised by an employee’s recent theft of data. The former employee has been arrested, and the company is investigating how the data was obtained. American Express declined to disclose any more details about the incident.

July 10, 2009
Northern California dumpsters, from San Francisco Bay area to Central Valley
Number of compromised records: 1,500

A criminal complaint filed against a 30-year-old suspect claims that he made more than 1,000 fake ID cards that he used to rip off people, stores and banks. He also allegedly admitted to stealing the identities of more than 500 people all across Northern California, ranging from the Bay area to the Central Valley. Federal agents say the man said it was easy to find new victims: All he needed to do was visit the dumpsters outside a local business and dig for documents. Using the sensitive materials he found in the trash, he was able to use a computer to mock up fake identification cards and blank checks, according to authorities. He also allegedly confessed to stealing between $1 million and $2 million dollars in cash and merchandise.