2007: A Year of Record Data Breaches

 
 
By Baselinemag  |  Posted 2008-02-06
 
 
 

Since the term identity theft was coined, the number of recorded data breaches and compromises has steadily risen in both volume and severity. The following is an accounting of known data breaches and record compromises for 2007, which for the time-being will go down in the annals as a record year. The original data was supplied by the Identity Theft Resource Center and has been reconfigured by Baseline's editorial staff.

The data in this article has the following information:

 

TOP 25 DATA BREACHES OF 2007
The following companies and government agencies suffered the worst data breaches of last year, allowing the compromise of tens of millions of records that included a combination of Social Security numbers, credit card data and personal identifying information.
credit
Organization Sector Affected Records
1
TJX Retail 94,000,000
2
Dai Nippon Printing Company Services 8,637,405
3
Fidelity National Information Services/Certegy Check Financial 8,500,000
4
Georgia Department of
Health/Affiliated Computer
State Government 2,900,000
5
Department of Veteran Affairs Federal Government 2,000,000
6
Department of Veteran Affairs Federal Government 1,800,000
7
Chicago Board of Elections Local Government 1,300,000
8
SAIC Technology 867,000
9
Gap Retail 800,000
10
Ohio State Employees State Government 635,000
11
Massachusetts Division of
Professional Licensures
State Government 450,000
12
California Public Employees
Retirement System
State Government 445,000
13
Davison County Election Commission Local Government 337,000
15
Illinois Department of Financial and Professional Regulation State Government 300,000
15
New York City Financial
Services Agency
Local Government 280,000
16
Memorial Blood Centers Health Care 268,000
17
Los Angeles County Child
Support Services
Local Government 243,000
18

Texas Commission on Law
Enforcement Officers

State Government 229,000
19
West Virginia Public Employees
Insurance Agency
State Government 200,000
20
Community College of South Nevada Higher Education 197,000
21
Neiman Marcus Group Retail 160,000
22
Iowa Department of Education State Government 160,000
23
Administaff Services 159,000
24
Georgia Department of
Human Resources
State Government 140,000
25
St Mary's Hospital (Md) Health Care 135,000
Source: Identity Theft Resource Center
TOTAL RECORDS125,142,405  

CHIEF CAUSE OF DATA BREACHES
While hackers account for the most compromised records, improperly discarded and secured paper lead the number of breach incidents in 2007. The number of compromised records doesn’t always tell the whole story, since many breaches had unknown number of records exposed—some suspected of totaling in the hundreds of thousands.
credit
Type of Breach Incidents Percentage
of Total
Incidents
Incidents
With
Unknown
Records
Incidents
With
Unknown
Records
Percentage
of Incidents
With Unknown
Affected
Rewards
Compromised paper documents 80 18.5% 297,733 50 62.5%
External hacker breach 77 17.8 95,405,165 25 32.4
Stolen/lost laptop(s) 67 15.5 2,029,108 18 26.8
Erroneous Web posts 54 12.5 360,091 5 9.2
Stolen/lost storage media 48 11.1 7,506,500 13 27.0
Stolen/lost computer(s) 47 10.9 1,692,864 10 21.2
Internal data theft (digital) 17 3.9 18,979,955 3 17.6
Network security lapse 14 3.2 137,506 5 35.7
E-mail sata leak 8 1.9 10,813 3 37.5
Miscellaneous 7 1.6 10,659 3 42.8
Unsecure data transfer 6 1.3 1,352,600 1 16.6
Unauthorized data
access/disclosure
6 1.3 467,500 3 50.0
Total 431      a 120,250,494 139      32.2
Source: Identity Theft Resource Center

LIST TOPPERS
The following are the lists of the top data breaches of 2007 within each of the major verticals.
credit
Federal Government
Department of Veteran Affairs (Ala.) 2,000,000 Lost storage media
Department of Veteran Affairs (Calif.) 1,800,000 Internal data theft (digital)
U.S. Transportation Security Administration 100,000 Lost storage media
U.S. Department of Agriculture 38,700 Erroneous Web post
U.S. Army Training and Doctrine Command 16,000 Stolen laptop(s)
Oak Ridge National Laboratory 12,000 External hacker breach
Roudebush VA Medical Center 12,000 Stolen computer(s)
U.S. Marines 10,554 Erroneous Web post
U.S. Air Force 10,501 Missing computer/laptop
U.S. Coast Guard 6,200 Improperly discarded
paper documents
 
State Government
Georgia Department of Health/
Affiliated Computer
2,900,000 Lost storage media
Ohio State Employees 635,000 Lost storage media
Massachusetts Division of Professional Licensures 450,000 Unauthorized data disclosure
California Public Employees
Retirement System
445,000 Unsecure data transfer
Illinois Department of Financial and Professional Regulation 300,000 External hacker breach
Texas Commission on Law
Enforcement Officers
229,000 Stolen computer(s)
West Virginia Public Employees
Insurance Agency
200,000 Lost storage media
Iowa Department of Education 160,000 External hacker breach
Georgia Department of Human Resources 140,000 Print mailing/distribution error
Connecticut Department of
Revenue Services
107,600 Stolen laptop(s)
 
Local/County Government
Chicago Board of Elections (Ill.) 1,300,000 Lost storage media
Davison County (Tenn.) Election Commission 337,000 Stolen computer(s)
New York City Financial Services Agency 280,000 Stolen laptop(s)
Los Angeles County Child Support Services 243,000 Missing computer/laptop
Fulton County (Ga.) 75,000 Improperly discarded
paper documents
Yuba County (N.M.) Child Support Services 70,000 Stolen laptop(s)
Fulton County (Ga.) Voter Registration 45,000 Improperly discarded
paper documents
Fresno County (Calif.) 10,000 Lost storage media
Baltimore County (Md.) Department of Health 6,000 Stolen laptop(s)
City of Columbus (Ohio) 3,500 Stolen computer(s)
Source: Identity Theft Resource Center
Continued Topper LIstings >

LIST TOPPERS
The following are the lists of the top data breaches of 2007 within each of the major verticals.
credit
Financial Services
Fidelity National Information Services/
Certegy Check
8,500,000 Internal data theft (digital)
Money Gram International 79,000 External hacker breach
MoneyGram 79,000 External hacker breach
JPMorgan/Chase 47,000 Lost storage media
Merrill Lynch 33,000 Stolen computer(s)
Western Union 20,000 External hacker breach
New Horizons Community Credit Union 9,000 Stolen laptop(s)
Jax Federal Credit Union 7,500 Unsecure data transfer
ABN Amro Mortgage Group/Citigroup 5,208 Erroneous Web post
American Education Services 5,184 Stolen laptop(s)
 
Health Care
Memorial Blood Centers 268,000 Stolen laptop(s)
St. Mary's Hospital 135,000 Stolen laptop(s)
Saint Vincent Catholic Medical Center of NY 100,000 External hacker breach
Pathology Group of the Mid-South 75,000 Stolen computer(s)
TennCare/AmeriChoice 67,000 Lost storage media
Johns Hopkins Hospital 52,000 Lost storage media
St. Vincent Hospital/Verus 51,000 Network security lapse
Sutter Lakeside Hospital 45,000 Missing computer/laptop
West Penn Allegheny Health System 42,000 Stolen laptop(s)
Group Health Cooperative Health
Care Systems
31,000 Missing computer/laptop
 
BUSINESS AND CONSUMER SERVICES
Dai Nippon Printing Company 8,637,405 Internal data theft (digital)
Administaff 159,000 Missing computer/laptop
Securitas Security Services 100,000 Stolen Computer(s)
Tax Service Plus 4000 Stolen Computer(s)
CTS Tax Services 800 Stolen Computer(s)
 
Technology & Telecommunications
SAIC 867,000 Unsecure data transfer
Kingston Technology 27,000 External hacker breach
ADC Telecommunications 2,600 Stolen computer(s)
Mercury Interactive (HP) 1,425 Missing/lost laptop
Palm 679 External hacker breach
Source: Identity Theft Resource Center
< Previous/Continued Topper LIstings >

LIST TOPPERS
The following are the lists of the top data breaches of 2007 within each of the major verticals.
credit
High Education
Community College of South Nevada 197,000 Malware data leak
Stony Brook University 90,000 Erroneous Web post
East Carolina University 65,000 Network security lapse
University of California, San Francisco 46,000 External hacker breach
University of Colorado at Boulder, College
of Arts and Sciences
44,998 External hacker breach
University of Missouri 22,396 External hacker breach
City University of New York 20,000 Stolen laptop(s)
University of Nevada, Reno 16,000 Lost storage media
Ohio State University 14,000 External hacker breach
City College of San Francisco 11,000 Erroneous Web post
 
Secondary Education
Chicago Public Schools/McGladrey & Pullen 40,000 Stolen laptop(s)
Waco (Texas) Independent School District 17,400 External hacker breach
University of Michigan Clinics 8,585 Missing computer/laptop
Indianapolis Public Schools 7,500 Erroneous Web post
Tennessee Students 5,247 Erroneous Web post
Springfield (Ohio) City Schools 2,000 Stolen laptop(s)
Jackson (Ohio) Local Schools 1,800 Erroneous Web post
Cedarburg (Wisconsin) High School 900 External hacker breach
Clarksville-Montgomery County
(Tennessee) Schools
633 Erroneous Web post
Greenville County (S.C.) School District 500 Malware Data Leak
 
Retail
TJX 94,000,000 External hacker breach
Gap 800,000 Stolen laptop(s)
Neiman Marcus Group 160,000 Stolen computer(s)
Gander Mountain Company 112,000 Stolen computer(s)
Milwaukee PC 65,000 Erroneous Web post
Johnny's Selected Seeds 11,500 External hacker breach
The Home Depot 10,000 Stolen laptop(s)
Voxant 4,500 External hacker breach
KimsCrafts 4,500 External hacker breach
eBay 1,200 External hacker breach
Source: Identity Theft Resource Center
< Previous Topper LIstings

WEAK SECTOR SECURITY
Nearly everyevery industry and governmental sector experienced a security breach of the 431 incidents recorded in 2007. The following is a breakdown of compromised records by industry.
credit
Sector
Incidents
Affected Records
Retail
24
95,171,110
Services
17
8,901,455
Financial
39
8,793,719
State government
58
5,948,395
Federal government/military
22
4,017,163
Local/county government
33
2,381,447
Health care
56
1,027,462
Technology/telecommunication
19
899,450
Higher education
84
680,715
Miscellaneous
54
344,051
Secondary education
25
85,527
Source: Identity Theft Resource Center