The Worst Data Breach Incidents of 2012 – So Far

Out of 189 breaches recorded through mid-June, here are the top 15 according to Identity Theft Resource Center.

Credit: Identity Theft Resource Center

The Identity Theft Resource Center tracks data-breach incidents and the number of exposed records related to payment cards, customer, university or patient data when that’s known. Here are the Top 15 Worst so far for 2012 based on number of exposed records — and the year’s only half over.

15 worst Internet privacy scandals

Credit: Nigel Roddis / Reuters
New York State Electric & Gas Co.

Located: Rochester, N.Y.

Number of records exposed: 1.8 million files that contained customer Social Security numbers, dates of birth and bank account number, due to unauthorized access by a contractor.

Credit: Stelios Varias / Reuters
Global Payments, Inc.

Located: Atlanta, Ga.

No. of records exposed: 1.5 million payment-card numbers, plus in June the company disclosed its investigation is also turning up potentially hacked servers with names of merchant applicants.

Related story: Investigation turns up second data breach

Credit: Fred Prouser / Reuters
California Dept. of Child Support Services

Located: Sacramento

No. of records exposed: 800,000 adults and children on four computer storage devices lost by IBM and Iron Mountain, believed lost in transit between Boulder and Sacramento because of falling out of an unsecured container FedEx was transporting.

Credit: Jim Urquhart / Reuters
Utah Dept. of Technology Services

Located: Salt Lake City, Utah

No. of records exposed: 780,000 patient files related to Medicaid claims stolen from a server by hackers believed to be operating out of Eastern Europe, Utah’s DTS disclosed in April. In May, Utah CIO Steven Fletcher resigned due to it.

Credit: Jim Young / Reuters
In-Home Support Services, state of California Dept. of Social Services

No. of records exposed: Personal information on 701,000 individuals receiving home care, which was in unencrypted microfiche form mailed by a HP processing facility to the State Compensation Insurance Fund, but the package was damaged in transit in May and some information found missing.

Credit: Carlos Barria / Reuters
University of Nebraska

Located: Lincoln, Neb.

No. of records exposed: A data breach of 654,000 files of personal data related to students, alumni, parents and university employees from the Nebraska Student Information Systems database; a student is the suspected culprit.

Credit: Carlos Barria / Reuters
University of North Carolina-Charlotte

Located: Charlotte, N.C.

No. of records exposed: In May, the university says 350,000 files of personal data, including account and Social Security information, related to students and faculty was “accidentally made available for three months.”

Credit: Lucy Nicholson / Reuters
Emory Healthcare, Inc.

Located: Georgia

No. of records exposed: Data related to 315,000 patients, including Social Security numbers, had been stored on 10 computer disks but went missing from a storage facility; a class-action lawsuit underway could cost the hospital $200 milion.

Credit: Tim Shaffer / Reuters
South Carolina Dept. of Health & Human Services

No. of records exposed: In April, the agency disclosed a major data breach of 228,435 Medicaid beneficiaries. A former employee for the South Carolina agency has been arrested for transferring this information via e-mail.

Thrift Savings Plan

Located: Washington, D.C.

No. of records exposed: In May, a computer attack against TSP contractor Serco resulted in a breach of information on 123,000 federal employees, the $313 billion TSP disclosed—10 months after it happened.

Credit: Marc Serota / Reuters
Dept. of Children and Families

Located: Florida

No. of records exposed: In May, personal information on 100,000 childcare workers statewide because of suspected data breach associated with contractor for the state storing the information online without password protection.

Credit: Brian Snyder / Reuters
Housatonic Community College

Number of records exposed: In April, information on 87,667 members of the campus community on two computers, possibly due to malware infections.

Digital Playground

Located: Van Nuys, Calif.

No. of records exposed: In March, hackers claimed to have personal data, including credit cards, on at least 40,000 users of the adult website Digital Playground.

University of Tampa

Located: Tampa, Fla.

No. of records exposed: In March, it was discovered that 36,818 names, student ID numbers, Social Security numbers and birthdates were publicly accessible due to a server error.

Credit: Gary Cameron / Reuters
Howard University Hospital

Located: Washington, D.C.

No. of records exposed: Health information on 34,503 patients due to personal laptop of a former contractor for the hospital being stolen.

Credit: Brian Snyder / Reuters
Clarksville-Montgomery County School System

Located: Clarksville, Tenn.

No. of records: Names, social security numbers, and other personal data belonging to about 110,000 people by hackers calling themselves Spex Security that broke into the school records system in mid-June, with some information on employees and students posted online.