Two work-study students at Dominican University in River Forest, Ill., near Chicago, misused their passwords to access Excel files containing student and alumni data.

How many victims? About 5,000.

What type of personal information? Names, Social Security numbers, addresses, phone numbers and birth dates contained on three spreadsheets dating back to 2003, 2005 and 2007.

What was the response? Affected individuals were encouraged to place a fraud alert on their accounts.

Details:Officials do not believe any of the information has been misused. The students who accessed the data are back at school and are cooperating with authorities in their investigation.

Source: NBC5.com, WMAQ-TV, “University says there’s no reson to believe information was misused,” May 8.

A hacker gained access to a Southern Connecticut State University web server that contained 11,000 names, Social Security numbers and other personal information of current and former students.

What was the response? The New Haven university will offer free credit monitoring for two years for victims. Meanwhile, Attorney General Richard Blumenthal is asking all colleges in Connecticut to do more to protect sensitive data. Gov. M. Jodi Rell said data should only be stored for as long as it is needed and it should be properly secured.

Details: The exposed information was contained in an electronic file that students use to register for graduation. It is unknown whether any of the data will be used fraudulently. The college said it believed the web server’s security was intact, but is planning to implement new protective measures.

Source: ConnPost.com, Connecticut Post, “Blumenthal warns colleges about hacking,” April 23.

About 700,000 Indiana residents’ personal information was on a computer server stolen from a debt-collection bureau. The incident represents one of the largest publicly reported data breaches in the Hoosier State’s history.

What type of personal information? Social Security numbers contained in billing records for about 100 state businesses.

Details: The records had been turned over for debt collection to the Central Collection Bureau. The server, stolen March 20, was password protected but not encrypted.

Quote: “We’re obviously heartsick about this. We’ve been in business since 1972, and nothing like this has ever happened before.” - Chet Klene, president of the collection agency.

Source: pal-item.com, The Indianapolis Star, “700,000 Hoosier IDs compromised in computer theft,” April 19.

Some 16,000 students’ identities were exposed when a laptop belonging to Buffalo State College in New York was stolen.

What type of personal information? Names and Social Security numbers.

What happened? The laptop was stolen from SunGard, a vendor help Buffalo State transition to a new computer system.

What was the response? The university sent out letters to affected individuals.

Details: Officials do not believe the thief was after the personal information.

Source: WIVB-TV, “Stolen laptop may contain Buffalo State College students’ sensitive information,” April 17.

A laptop containing the sensitive data of more than 7,000 University of Virginia students, staff and faculty members was stolen from a school employee somewhere in Albemarle County.

What type of personal information? Names and Social Security numbers.

What was the response? The university notified victims by letter.

Details: Police released few details about the incident, but they do not believe the thief was after the data. The university is in the process of phasing out its use of Social Security numbers.

Source:DailyProgress.com, The Daily Progress, “UVa laptop stolen, had sensitive data,” April 16.

The payroll information of approximately 6,500 employees at University of Toledo in Ohio was potentially compromised when it was accidentally placed on a server, which was accessible by all employees.

What type of personal information? Names, Social Security numbers and addresses.

What happened? A payroll department employee who was authorized to be working with data inadvertently moved it to a temporary folder, where it was accessible for 24 hours. Forty-four files were moved; five contained personal information.

What was the response?The university notified the 6,488 affected individuals by letter.

Details: Officials doubt any of the data will be misused.

Source: toldedoblade.com, The Toledo Blade, UT tells employees of potential data breach, April 13.

A 38-year-old former worker at New York-Presbyterian Hospital/Weill Cornell Medical Center was charged with stealing and subsequently selling personal data on patients.

What type of personal information? Names, Social Security numbers, phone numbers.

How many victims? Nearly 50,000.

What happened? Dwight McPherson, 38, used his access rights to tap into the hospital’s computer registration system. Authorities caught on to the crime when postal inspectors discovered printouts of the data during an unrelated investigation in Atlanta. McPherson later admitted that he was selling the data in exchange for cash.

Details: Hospital officials said none of the data contained health information and they were not aware of any cases where the stolen data was used for fraud.

Source: Associated Press, Man charged in ID theft at NY hospital, April 12.

The personal information of about 128,000 WellPoint customers from several states was publicly available on the internet.

What type of personal information? Social Security numbers and pharmacy and medical data.

What happened?WellPoint, the nation’s largest health insurer by membership, blames the security lapse on an insecure server managed by an unnamed third-party vendor.

What was the response? The company offered free credit-monitoring services to affected individuals.

Details: The data contained some protection and could not be discovered through search engines. The problem has been fixed. Earlier this year, another server was improperly secured, resulting in the exposure of personal information of 1,350 WellPoint customers.

Source:Chicago Tribune, chicagotribune.com, “WellPoint customer data may have been accessed via internet,” April 8.

Cybercriminals possibly accessed 28,168 credit card transactions during a 16-day period in February.

What type of personal information? Credit card numbers, including names and expiration dates. Debit card holders also would be affected if they used their card as a credit card.

What was the response? The resort notified the appropriate regulators and card brands. The issuing banks will notify customers.

Details:None of the information has been used fraudulently so far.

Quote: “As a result of this, we’ve increased the firewall capability and added some software and taken some additional precautions.” - Okemo spokeswoman Bonnie MacPherson.

Source:TimesArgus.com, The Barre Montpelier Times Argus, “Web hacker gains credit card data at Okemo,” April 1.

Hackers stole financial information belonging to 56,000 customers of 14 Advanced Auto Parts stores.

What type of personal information? Credit and debit card and checking account information.

What happened? The company did not reveal how the network intrusion happened.

What was the response? The company sent letters to affected individuals and is offering them one year of free credit monitoring.

Source:MansfieldNewsJournal.com, The News Journal, “Mansfield auto parts store one of 14 impacted by ‘network intrusion,’” March 31.