Ten Most Damaging Data Breaches of 2009 - Page 2

Every week for the past four years the San Diego-based Privacy Rights Clearing House (PRCH), an organization dedicated to empowering consumers and protecting privacy, has been chronicling data breaches on a weekly basis.

 By Laton McCartney
Page 2 of 2   |  Back to Page 1
Print Article

Internal Revenue Service

Guess what the IRS does with your old tax forms? Well, at a dozen disposal facilities, old returns were tossed out in regular waste containers and dumpsters. This work was being conducted by contract employees who, of course, have access to sensitive taxpayer documents but who, the IRS admitted, may or may not have passed background checks. Another problem: the agency wasn't sure who was supposedly responsible for overseeing the burning or shredding of tax documents at the 12 IRS offices involved.

Number of records affected: unknown

Date made public: May 21


Current and former Aetna employees' Social Security numbers may have been compromised as the result of a Web site data breach. This was the result of a spam campaign in which intruders obtained email address and possible SSNs from the Aetna Web site. Aetna notified the 65,000 people whose SSNs were on the site and was subsequently sued in a class action suit demanding credit monitoring, punitive damages, cost and other relief for former and potential employees.

Number of records affected: 573,000

Date made public: May 28

Network Solutions

Those damn hackers. Breaking into Web servers provided by e-commerce hosting provider Network Solutions, hackers were able to plant a rogue code that ended up compromising almost 600,000 debit and credit card accounts over a three-month interval. The hackers were able to intercept personal and financial data from customers purchasing goods and services from Network Solutions' 4,343 clients. Most were SMBs selling online.

Number of records affected: 573,000

Date made public: July 24

National Archives

When a hard drive used for eVetRecs, the system through which veterans request copies of their health records and discharge papers, failed late last year, the National Archives and Records Administration sent it to GMRI, the contractor that sold it to the agency, to be fixed. GMRI decided it was beyond repair and sent it to another vendor to be recycled. The only problem? National Archives didn't destroy the data on the disk before sending it out to its contractor. The drive held records on 76 million veterans, including Social Security numbers dating to 1972, when the military began using SSNs as service numbers.

Number of records affected: 76 million

Date made public: Oct. 2

Universal American Action Network

Universal Action Network, a subsidiary of Universal American Insurance, sent out postcards to 80,000 Universal clients earlier this month. The problem was that each of the cards included the Social Security numbers of the recipients. Identity theft anyone? Universal blamed the inclusion of the SSNs on a printing error and said it has terminated its contract with the printer.

Number of records affected: 80,000

Date made public: Nov. 18

This article was originally published on Dec 4, 2009
Get the Latest Scoop with Networking Update Newsletter