A hacker accessed the Luxottica Retail computer mainframe and downloaded the personal data of thousands of former employees.

How many victims? 59,000.

What type of personal information? Names, addresses and Social Security numbers.

Details: Investigators were allegedly able to trace the hacker’s IP address to Molly Burns, of Glendale, Ariz.

The 30-year-old has a five-page long arrest record that includes theft, forgery and drug charges. Police confiscated a number of computers from her apartment during a heroin raid this summer.

Burns is currently on the run and Warren County authorities said that three different police departments in Arizona are also looking for her.

What was the response? The case is expected to be handed over to the FBI soon. The company sent letters to all the former employees letting them know what happened.

Quote: “Basically, we have potential victims in all 50 states,” Warren County Cyber Crimes Task Force Lt. Jeff Braley said.

Source: WLWT.com, WLWT Cincinnati’s Channel 5, “Thousands At Risk After Hacker Breaches Computer Mainframe,” Nov. 24, 2008.

A stolen laptop contained personal information of nearly half of Starbucks’ workforce.

How many victims? 97,000.

What type of personal information? Names, addresses and Social Security numbers.

What was the response? A letter was sent out to affected individuals and Starbucks is providing them with a year of credit watch service for free.

Details: The laptop was stolen on Oct. 29 at an unspecified location.

Two years ago, the personal information of more than 60,000 employees and contractors were compromised when four computers disappeared. At the time, the company said it was implementing a policy that forbids putting critical data such as social security numbers on mobile equipment.

Quote: “This is very frustrating! I try so hard to watch who I give my personal information to and the company I work for doesn’t seem to have any security guarding my information,” one commenter wrote.

Source: Komonews.com, KOMO News, Seattle., “Stolen laptop puts Starbucks workers’ IDs at risk,” Nov. 24, 2008.

An unauthorized intruder accessed a University of Florida College of Dentistry computer server containing personal information of current and former dental patients.

How many victims? 344,000

What type of personal information? Names, addresses, birth dates, Social Security numbers and dental procedure information for patients dating back to 1990.

What was the response? FBI and University Police officers are investigating the security breach. After it was discovered, the server was disconnected from the Internet to cut off the intruder’s access. Letters were mailed to 336,234 breach victims; the university is trying to locate the mailing addresses for nearly 8,250 others. A hotline was established for patient inquiries. UF officials are in the process of screening up to 60,000 more computers to ensure appropriate safeguards are in place.

Details: The server was being upgraded when staff found software had been remotely installed on it.

Source: Ocala.com, Star-Banner, “Hacker accesses 344,000 UF dental patient records,” Nov. 12, 2008.

A student found a document on the school’s website that contained names and social security numbers of admissions applicants from 2005.

How many victims? 1,430

What type of personal information? Names and Social Security numbers.

What happened? Through an Internet search on the university’s Web site, a student found the document, which contained her own name and social security number, and reported it to the university.

Details: The document was contained in the archives of a school computer server.  The server itself was purged of sensitive data, but the archives were not.  This was the fourth data breach at the university in two years. A hacker accessed a university server in September and may have had access to a document with students’ Social Security numbers. A university flash drive was misplaced in June 2007 that may have contained 8,000 current and former students’ Social Security numbers and a class roster was misplaced that July that included 49 students’ Social Security numbers.

What was the response? Officials temporarily shut down the site and removed the document; letters to all affected individuals were mailed informing them about the breach. A university official said they will look into hiring outside technology experts to determine what can be done to prevent breaches. The employee responsible for scanning the schools server archives for sensitive data will be reprimanded but not terminated.

Quote: “This is an ongoing problem that all campuses face, with old data on computers with millions of files and it is difficult to make sure that they are all deleted,” said Jody Nelsen, the university’s executive vice president of finance and administration. “It is disappointing that it has happened again and we are going to be very aggressive to alleviate this problem.”

Source: Caller.com, Corpus Christi Caller-Times, “A&M-CC student data exposed,” Nov. 7, 2008.

A laptop containing the health care information of about 100,000 patients of Baylor Health Care Systems in Texas was stolen from the car of an employee, who was subsequently fired for breaking company protocol.

What type of personal information? Medical records, including the names of patients and medical codes corresponding to the treatment they received. About 7,400 patients had their Social Security numbers on the machine.

What happened? The employee, a manger, was assigned to enter the information into the laptop but was fired because she broke company policy by leaving the machine in her car.

What was the response? Baylor is offering free credit-monitoring services to the victims whose Social Security numbers were on the laptop. In addition, the organization is offering a $1,000 reward for the return of the machine, stolen between 11 p.m. and 8 a.m. on Sept. 18 or 19 in Royse City, Texas.

Details: When the incident happened, Baylor was in the process of extending tracking and remote-wipe technology to its laptops.

Source: dallasnews.com, The Dallas Morning News, “Baylor Health Care says laptop with patient data stolen,” Nov. 4, 2008.

Lottery winners, lottery commission employees, retailers and vendors in Texas have been the victims of a data breach by a former employee at the Texas Lottery Commission.

How many victims? More than 100,000.

What type of personal information? Names, Social Security numbers, addresses and prize amounts.

What happened?  A former computer analyst at the Texas Comptroller’s Office copied the data onto computer disks.

What was the response? The employee was fired and the agency has begun sending out letters to notify the victims. It is looking into measures to prevent similar acts in the future but have not yet implemented any new security procedures, an agency spokesman said.

Details: The employee said he copied the information to use “for possible future reference as a programmer at other state agencies.”

Quote: “The guy clearly did wrong.” said Dawn Nettles, the Texas Lottery Commission’s unofficial watchdog. “He should not have had any personal data on his work computer. However, he should not have been able to copy the files. There should have been a password required.”

Source: chron.com, Houston Chronicle, “Data on lottery winners copied,” Oct. 31, 2008.

The U.S. State Department has alerted roughly 400 people living in the Washington, D.C. area that identity thieves stole confidential information from their passport applications to fraudulently open credit card accounts.

What type of personal information? Social Security numbers, among other data.

What happened? The criminal syndicate was busted after police found a man in possession of 19 credit cards in different names and eight completed passport applications.

What was the response? Because of similar snooping incidents in the past, the department has improved its access management and monitoring capabilities.

Source: Associated Press, “State Department warns of possible identity theft,” Nov. 1, 2008.