12 biggest data breaches of the past 12 months

Hackers and lost laptops put personal information at risk

Americans' confidential information is being exposed left and right because of the usual culprits: criminal activity, insufficient security and simple carelessness. Here are the 12 biggest data breaches in the United States from the past 12 months (arranged chronologically), with data from the Privacy Rights Clearinghouse .

Related stories:

Worst moments in network security history

Data-breach costs rising, study finds

Five data leak nightmares

Seven ways to stop data breaches

University of Florida

An unauthorized intruder accessed a University of Florida, College of Dentistry server storing personal information, including names, addresses, birth dates, Social Security numbers, and information on some dental procedures. More info.

Florida job seekers

Names and Social Security numbers of more than a quarter-million Florida job seekers were accidentally placed online by state government workers in the course of building a new Web site. The information, contained in several thousand Excel and text files, remained online and publicly accessible for 19 days. More info.

RBS WorldPay

More than 1 million Social Security records were exposed after hackers broke into RBS WorldPay's computer systems, in an attack that reportedly allowed perpetrators to steal $9 million from automated teller machines. A class action lawsuit was subsequently filed against RBS WorldPay. More info.


CheckFree notified 5 million customers after criminals took control of several of the company's Internet domains and redirected customer traffic to a rogue Web site hosted in the Ukraine, which attempted to install malicious software on victims' computers. More info.


Information on more than 130 million credit and debit cards was stolen with SQL injection attacks directed at Heartland, a New Jersey credit card payment processor; 7-Eleven; and the Hannaford Brothers supermarket chain. A 28-year-old Miami man named Albert Gonzales was indicted for the crime in August. More info.

Arkansas Department of Information Systems

The Arkansas Department of Information Systems lost a storage tape containing data from 12 years worth of criminal background checks. The agency sent the tape to an offsite storage company, Information Vaulting Services, but it went missing. Although the public was notified, Arkansas officials said there was little chance the lost tape would end up in the hands of a criminal. More info.

Oklahoma Department of Human Services

A laptop computer stolen from an Oklahoma Department of Human Services employee included names, Social Security numbers, birth dates and home addresses for clients who received Medicaid and other DHS services. More info.

Oklahoma Housing Finance Agency

A laptop computer stolen from an employee's home contained personal information, including Social Security numbers, tax identification numbers, birth dates and business addresses, of Section 8 clients at the Oklahoma Housing Finance Agency. More info.


Hackers demanded a $10 million ransom from Virginia authorities for the return of personal pharmaceutical records stolen from the state's prescription drug database. The state mailed notifications to 530,000 people whose prescription records, including Social Security numbers, may have been compromised. More info.

Network Solutions

Hackers targeting Internet hosting company Network Solutions illegally installed software on company servers used to handle credit card transactions initiated by more than 573,000 people during a three-month period. The malicious code allowed hackers to intercept customers' financial information. More than 4,000 online stores relying on Network Solutions were affected. More info.

National Archives and Records Administration

The National Archives and Records Administration sent a defective hard drive back to its vendor to be repaired without first wiping it clean of sensitive data. The drive was part of a RAID array that contained detailed records on 76 million veterans, including millions of Social Security numbers. The NARA denied that a breach of personally identifiable information occurred, but the agency's inspector general is investigating the incident, according to a report in Wired . More info.

Blue Cross Blue Shield

A laptop stolen from a Blue Cross Blue Shield employee in Chicago included information on 850,000 doctors nationwide, and as many as 187,000 records contained Social Security numbers. More info.

Related stories:

Worst moments in network security history

Data-breach costs rising, study finds

Five data leak nightmares

Seven ways to stop data breaches

Copyright © 2009 IDG Communications, Inc.