Sign up now to get free exclusive access to reports, research and invitation only events.
Out of 189 breaches recorded through mid-June, here are the top 15 according to Identity Theft Resource Center.
The Identity Theft Resource Center tracks data-breach incidents and the number of exposed records related to payment cards, customer, university or patient data when that’s known. Here are the Top 15 Worst so far for 2012 based on number of exposed records — and the year’s only half over.
New York State Electric & Gas Co.
Located: Rochester, N.Y.
Number of records exposed: 1.8 million files that contained customer Social Security numbers, dates of birth and bank account number, due to unauthorized access by a contractor.
Global Payments, Inc.
Located: Atlanta, Ga.
No. of records exposed: 1.5 million payment-card numbers, plus in June the company disclosed its investigation is also turning up potentially hacked servers with names of merchant applicants.
California Dept. of Child Support Services
No. of records exposed: 800,000 adults and children on four computer storage devices lost by IBM and Iron Mountain, believed lost in transit between Boulder and Sacramento because of falling out of an unsecured container FedEx was transporting.
Utah Dept. of Technology Services
Located: Salt Lake City, Utah
No. of records exposed: 780,000 patient files related to Medicaid claims stolen from a server by hackers believed to be operating out of Eastern Europe, Utah’s DTS disclosed in April. In May, Utah CIO Steven Fletcher resigned due to it.
In-Home Support Services, state of California Dept. of Social Services
No. of records exposed: Personal information on 701,000 individuals receiving home care, which was in unencrypted microfiche form mailed by a HP processing facility to the State Compensation Insurance Fund, but the package was damaged in transit in May and some information found missing.
University of Nebraska
Located: Lincoln, Neb.
No. of records exposed: A data breach of 654,000 files of personal data related to students, alumni, parents and university employees from the Nebraska Student Information Systems database; a student is the suspected culprit.
University of North Carolina-Charlotte
Located: Charlotte, N.C.
No. of records exposed: In May, the university says 350,000 files of personal data, including account and Social Security information, related to students and faculty was “accidentally made available for three months.”
Emory Healthcare, Inc.
No. of records exposed: Data related to 315,000 patients, including Social Security numbers, had been stored on 10 computer disks but went missing from a storage facility; a class-action lawsuit underway could cost the hospital $200 milion.
South Carolina Dept. of Health & Human Services
No. of records exposed: In April, the agency disclosed a major data breach of 228,435 Medicaid beneficiaries. A former employee for the South Carolina agency has been arrested for transferring this information via e-mail.
Thrift Savings Plan
Located: Washington, D.C.
No. of records exposed: In May, a computer attack against TSP contractor Serco resulted in a breach of information on 123,000 federal employees, the $313 billion TSP disclosed—10 months after it happened.
Dept. of Children and Families
No. of records exposed: In May, personal information on 100,000 childcare workers statewide because of suspected data breach associated with contractor for the state storing the information online without password protection.
Housatonic Community College
Number of records exposed: In April, information on 87,667 members of the campus community on two computers, possibly due to malware infections.
Located: Van Nuys, Calif.
No. of records exposed: In March, hackers claimed to have personal data, including credit cards, on at least 40,000 users of the adult website Digital Playground.
University of Tampa
Located: Tampa, Fla.
No. of records exposed: In March, it was discovered that 36,818 names, student ID numbers, Social Security numbers and birthdates were publicly accessible due to a server error.
Howard University Hospital
Located: Washington, D.C.
No. of records exposed: Health information on 34,503 patients due to personal laptop of a former contractor for the hospital being stolen.
Clarksville-Montgomery County School System
Located: Clarksville, Tenn.
No. of records: Names, social security numbers, and other personal data belonging to about 110,000 people by hackers calling themselves Spex Security that broke into the school records system in mid-June, with some information on employees and students posted online.