2007: A Year of Record Data Breaches
Since the term identity theft was coined, the number of recorded data breaches and compromises has steadily risen in both volume and severity. The following is an accounting of known data breaches and record compromises for 2007, which for the time-being will go down in the annals as a record year. The original data was supplied by the Identity Theft Resource Center and has been reconfigured by Baseline's editorial staff.
The data in this article has the following information:
- Top 25 Data Breaches of 2007
- Chief Causes of Data Breaches
- List Toppers By Vertical
- Affected Records By Industry
| TOP 25 DATA BREACHES OF 2007 The following companies and government agencies suffered the worst data breaches of last year, allowing the compromise of tens of millions of records that included a combination of Social Security numbers, credit card data and personal identifying information. |
|||||
| credit | |||||
| Organization | Sector | Affected Records | |||
|
1
|
TJX | Retail | 94,000,000 | ||
|
2
|
Dai Nippon Printing Company | Services | 8,637,405 | ||
|
3
|
Fidelity National Information Services/Certegy Check | Financial | 8,500,000 | ||
|
4
|
Georgia Department of Health/Affiliated Computer |
State Government | 2,900,000 | ||
|
5
|
Department of Veteran Affairs | Federal Government | 2,000,000 | ||
|
6
|
Department of Veteran Affairs | Federal Government | 1,800,000 | ||
|
7
|
Chicago Board of Elections | Local Government | 1,300,000 | ||
|
8
|
SAIC | Technology | 867,000 | ||
|
9
|
Gap | Retail | 800,000 | ||
|
10
|
Ohio State Employees | State Government | 635,000 | ||
|
11
|
Massachusetts Division of Professional Licensures |
State Government | 450,000 | ||
|
12
|
California Public Employees Retirement System |
State Government | 445,000 | ||
|
13
|
Davison County Election Commission | Local Government | 337,000 | ||
|
15
|
Illinois Department of Financial and Professional Regulation | State Government | 300,000 | ||
|
15
|
New York City Financial Services Agency |
Local Government | 280,000 | ||
|
16
|
Memorial Blood Centers | Health Care | 268,000 | ||
|
17
|
Los Angeles County Child Support Services |
Local Government | 243,000 | ||
|
18
|
Texas Commission on Law |
State Government | 229,000 | ||
|
19
|
West Virginia Public Employees Insurance Agency |
State Government | 200,000 | ||
|
20
|
Community College of South Nevada | Higher Education | 197,000 | ||
|
21
|
Neiman Marcus Group | Retail | 160,000 | ||
|
22
|
Iowa Department of Education | State Government | 160,000 | ||
|
23
|
Administaff | Services | 159,000 | ||
|
24
|
Georgia Department of Human Resources |
State Government | 140,000 | ||
|
25
|
St Mary's Hospital (Md) | Health Care | 135,000 | ||
|
|||||
| CHIEF CAUSE OF DATA BREACHES While hackers account for the most compromised records, improperly discarded and secured paper lead the number of breach incidents in 2007. The number of compromised records doesn’t always tell the whole story, since many breaches had unknown number of records exposed—some suspected of totaling in the hundreds of thousands. |
|||||
| credit | |||||
| Type of Breach | Incidents | Percentage of Total Incidents |
Incidents With Unknown Records |
Incidents With Unknown Records |
Percentage of Incidents With Unknown Affected Rewards |
| Compromised paper documents | 80 | 18.5% | 297,733 | 50 | 62.5% |
| External hacker breach | 77 | 17.8 | 95,405,165 | 25 | 32.4 |
| Stolen/lost laptop(s) | 67 | 15.5 | 2,029,108 | 18 | 26.8 |
| Erroneous Web posts | 54 | 12.5 | 360,091 | 5 | 9.2 |
| Stolen/lost storage media | 48 | 11.1 | 7,506,500 | 13 | 27.0 |
| Stolen/lost computer(s) | 47 | 10.9 | 1,692,864 | 10 | 21.2 |
| Internal data theft (digital) | 17 | 3.9 | 18,979,955 | 3 | 17.6 |
| Network security lapse | 14 | 3.2 | 137,506 | 5 | 35.7 |
| E-mail sata leak | 8 | 1.9 | 10,813 | 3 | 37.5 |
| Miscellaneous | 7 | 1.6 | 10,659 | 3 | 42.8 |
| Unsecure data transfer | 6 | 1.3 | 1,352,600 | 1 | 16.6 |
| Unauthorized data access/disclosure |
6 | 1.3 | 467,500 | 3 | 50.0 |
| Total | 431 | a | 120,250,494 | 139 | 32.2 |
|
Source: Identity Theft Resource Center
|
|||||
| LIST TOPPERS The following are the lists of the top data breaches of 2007 within each of the major verticals. |
||||
| credit | ||||
| Federal Government | ||||
| Department of Veteran Affairs (Ala.) | 2,000,000 | Lost storage media | ||
| Department of Veteran Affairs (Calif.) | 1,800,000 | Internal data theft (digital) | ||
| U.S. Transportation Security Administration | 100,000 | Lost storage media | ||
| U.S. Department of Agriculture | 38,700 | Erroneous Web post | ||
| U.S. Army Training and Doctrine Command | 16,000 | Stolen laptop(s) | ||
| Oak Ridge National Laboratory | 12,000 | External hacker breach | ||
| Roudebush VA Medical Center | 12,000 | Stolen computer(s) | ||
| U.S. Marines | 10,554 | Erroneous Web post | ||
| U.S. Air Force | 10,501 | Missing computer/laptop | ||
| U.S. Coast Guard | 6,200 | Improperly discarded paper documents |
||
| State Government | ||||
| Georgia Department of Health/ Affiliated Computer |
2,900,000 | Lost storage media | ||
| Ohio State Employees | 635,000 | Lost storage media | ||
| Massachusetts Division of Professional Licensures | 450,000 | Unauthorized data disclosure | ||
| California Public Employees Retirement System |
445,000 | Unsecure data transfer | ||
| Illinois Department of Financial and Professional Regulation | 300,000 | External hacker breach | ||
| Texas Commission on Law Enforcement Officers |
229,000 | Stolen computer(s) | ||
| West Virginia Public Employees Insurance Agency |
200,000 | Lost storage media | ||
| Iowa Department of Education | 160,000 | External hacker breach | ||
| Georgia Department of Human Resources | 140,000 | Print mailing/distribution error | ||
| Connecticut Department of Revenue Services |
107,600 | Stolen laptop(s) | ||
| Local/County Government | ||||
| Chicago Board of Elections (Ill.) | 1,300,000 | Lost storage media | ||
| Davison County (Tenn.) Election Commission | 337,000 | Stolen computer(s) | ||
| New York City Financial Services Agency | 280,000 | Stolen laptop(s) | ||
| Los Angeles County Child Support Services | 243,000 | Missing computer/laptop | ||
| Fulton County (Ga.) | 75,000 | Improperly discarded paper documents |
||
| Yuba County (N.M.) Child Support Services | 70,000 | Stolen laptop(s) | ||
| Fulton County (Ga.) Voter Registration | 45,000 | Improperly discarded paper documents |
||
| Fresno County (Calif.) | 10,000 | Lost storage media | ||
| Baltimore County (Md.) Department of Health | 6,000 | Stolen laptop(s) | ||
| City of Columbus (Ohio) | 3,500 | Stolen computer(s) | ||
|
||||
| LIST TOPPERS The following are the lists of the top data breaches of 2007 within each of the major verticals. |
||||
| credit | ||||
| Financial Services | ||||
| Fidelity National Information Services/ Certegy Check |
8,500,000 | Internal data theft (digital) | ||
| Money Gram International | 79,000 | External hacker breach | ||
| MoneyGram | 79,000 | External hacker breach | ||
| JPMorgan/Chase | 47,000 | Lost storage media | ||
| Merrill Lynch | 33,000 | Stolen computer(s) | ||
| Western Union | 20,000 | External hacker breach | ||
| New Horizons Community Credit Union | 9,000 | Stolen laptop(s) | ||
| Jax Federal Credit Union | 7,500 | Unsecure data transfer | ||
| ABN Amro Mortgage Group/Citigroup | 5,208 | Erroneous Web post | ||
| American Education Services | 5,184 | Stolen laptop(s) | ||
| Health Care | ||||
| Memorial Blood Centers | 268,000 | Stolen laptop(s) | ||
| St. Mary's Hospital | 135,000 | Stolen laptop(s) | ||
| Saint Vincent Catholic Medical Center of NY | 100,000 | External hacker breach | ||
| Pathology Group of the Mid-South | 75,000 | Stolen computer(s) | ||
| TennCare/AmeriChoice | 67,000 | Lost storage media | ||
| Johns Hopkins Hospital | 52,000 | Lost storage media | ||
| St. Vincent Hospital/Verus | 51,000 | Network security lapse | ||
| Sutter Lakeside Hospital | 45,000 | Missing computer/laptop | ||
| West Penn Allegheny Health System | 42,000 | Stolen laptop(s) | ||
| Group Health Cooperative Health Care Systems |
31,000 | Missing computer/laptop | ||
| BUSINESS AND CONSUMER SERVICES | ||||
| Dai Nippon Printing Company | 8,637,405 | Internal data theft (digital) | ||
| Administaff | 159,000 | Missing computer/laptop | ||
| Securitas Security Services | 100,000 | Stolen Computer(s) | ||
| Tax Service Plus | 4000 | Stolen Computer(s) | ||
| CTS Tax Services | 800 | Stolen Computer(s) | ||
| Technology & Telecommunications | ||||
| SAIC | 867,000 | Unsecure data transfer | ||
| Kingston Technology | 27,000 | External hacker breach | ||
| ADC Telecommunications | 2,600 | Stolen computer(s) | ||
| Mercury Interactive (HP) | 1,425 | Missing/lost laptop | ||
| Palm | 679 | External hacker breach | ||
|
||||
| LIST TOPPERS The following are the lists of the top data breaches of 2007 within each of the major verticals. |
||||
| credit | ||||
| High Education | ||||
| Community College of South Nevada | 197,000 | Malware data leak | ||
| Stony Brook University | 90,000 | Erroneous Web post | ||
| East Carolina University | 65,000 | Network security lapse | ||
| University of California, San Francisco | 46,000 | External hacker breach | ||
| University of Colorado at Boulder, College of Arts and Sciences |
44,998 | External hacker breach | ||
| University of Missouri | 22,396 | External hacker breach | ||
| City University of New York | 20,000 | Stolen laptop(s) | ||
| University of Nevada, Reno | 16,000 | Lost storage media | ||
| Ohio State University | 14,000 | External hacker breach | ||
| City College of San Francisco | 11,000 | Erroneous Web post | ||
| Secondary Education | ||||
| Chicago Public Schools/McGladrey & Pullen | 40,000 | Stolen laptop(s) | ||
| Waco (Texas) Independent School District | 17,400 | External hacker breach | ||
| University of Michigan Clinics | 8,585 | Missing computer/laptop | ||
| Indianapolis Public Schools | 7,500 | Erroneous Web post | ||
| Tennessee Students | 5,247 | Erroneous Web post | ||
| Springfield (Ohio) City Schools | 2,000 | Stolen laptop(s) | ||
| Jackson (Ohio) Local Schools | 1,800 | Erroneous Web post | ||
| Cedarburg (Wisconsin) High School | 900 | External hacker breach | ||
| Clarksville-Montgomery County (Tennessee) Schools |
633 | Erroneous Web post | ||
| Greenville County (S.C.) School District | 500 | Malware Data Leak | ||
| Retail | ||||
| TJX | 94,000,000 | External hacker breach | ||
| Gap | 800,000 | Stolen laptop(s) | ||
| Neiman Marcus Group | 160,000 | Stolen computer(s) | ||
| Gander Mountain Company | 112,000 | Stolen computer(s) | ||
| Milwaukee PC | 65,000 | Erroneous Web post | ||
| Johnny's Selected Seeds | 11,500 | External hacker breach | ||
| The Home Depot | 10,000 | Stolen laptop(s) | ||
| Voxant | 4,500 | External hacker breach | ||
| KimsCrafts | 4,500 | External hacker breach | ||
| eBay | 1,200 | External hacker breach | ||
|
||||
| WEAK SECTOR SECURITY Nearly everyevery industry and governmental sector experienced a security breach of the 431 incidents recorded in 2007. The following is a breakdown of compromised records by industry. |
||
| credit | ||
| Sector |
Incidents
|
Affected Records |
| Retail |
24
|
95,171,110 |
| Services |
17
|
8,901,455 |
| Financial |
39
|
8,793,719 |
| State government |
58
|
5,948,395 |
| Federal government/military |
22
|
4,017,163 |
| Local/county government |
33
|
2,381,447 |
| Health care |
56
|
1,027,462 |
| Technology/telecommunication |
19
|
899,450 |
| Higher education |
84
|
680,715 |
| Miscellaneous |
54
|
344,051 |
| Secondary education |
25
|
85,527 |
|
Source: Identity Theft Resource Center
|
||
