Individuals who have been transported by Chicago Fire Department ambulances run the risk of identity theft following a laptop theft. But the data appears to have been encrypted.

How many victims? More than 60,000.

What type of personal information? Not disclosed.

What happened? The laptop was taken while in custody of an employee for DeZonia, a firm that does billing for the city’s ambulance transports. The thief broke into the employee’s car to steal the machine.

What was the response? DeZonia is providing one year of free credit monitoring for victims. Meanwhile, the city is considering punishment against DeZonia.

Details: The laptop was encrypted and password protected, according to the the city’s Revenue Department.

Source: wbbm780.com, WBBM newsradio 780, “Been In An Ambulance Lately? Your Identity May Be At Risk,” March 19, 2009.

A pharmacy benefits management provider has notified about 28,000 Kentucky retirees that their personal information was not protected during electronic transmission.

What type of personal information? Names, dates of birth, Social Security numbers.

What happened? Walgreens Health Initiative failed to encrypt an email containing the information that was sent to Kentucky Retirement Services.

What was the response? Walgreens said in a notification letter to affected individuals that there was a “remote” chance their records could have been compromised in transit.

Details: The email was received by a state employee, and Walgreens has not reason to believe the data was exposed at any point. The victims used Walgreens to manage their pharmacy benefits in 2007.

Source: courier-journal.com, The Courier-Journal (of Louisville, Ky.), “Ky. retiree data sent without proper security,” March 18, 2009.

Two servers belonging to Lorain County Community College in Elyria, Ohio were hacked by an individual(s) apparently trying to steal server space to host internet attacks.

How many victims? 22,000 students, community users and employees.

What types of personal information? Social Security numbers.

What happened? The intrusion, which occurred during the Thanksgiving break, was apparently orchestrated to pilfer additional storage space for the hackers - not to steal personal information. The college’s security systems detected the breach, thanks to a virus alert, and immediately shut down server access.

What was the response? Victims were notified by letter, which contained information of how to register for credit monitoring.

Source: chroniclet.com, The Chronicle-Telegram (Ohio), “Hackers strike LCCC system,” Dec. 24, 2008.

New Hampshire residents may have had their personal information exposed after the state Department of Health and Human services accidentally included an attachment in an email to health care providers.

How many victims? 9,300 people enrolled in prescription drug program Medicare Part D.

What type of personal information? Names, addresses, Social Security numbers.

What happened? The state agency errantly included the attachment in Dec. 1 emails to health care providers, such as nursing homes, home care providers and case managers. The emails were intended to update these 61 providers on changes to Medicare Part D, a prescription drug plan for the elderly and disabled.

What was the response? The department, which set up a hot-line to answer calls, encouraged victims to monitor their credit report. Also, officials have asked the email recipients to delete it.

Details: There is no evidence any of the data has been misused.

Source: concordmonitor.com, Concord (N.H) Monitor, “Medicare data accidentally breached,” Dec. 18, 2008.

The U.S. Army Medical Department Activity in the Bavaria region of Germany lost a laptop containing the personal data on thousands of patients. But the computer was encrypted.

How many victims? 6,000.

What type of personal information? Names, Social Security numbers and health data.

What happened? The laptop went missing Oct. 4 by an employee who was en route to a temporary duty assignment. The employee apparently lost the machine, which was contained in a backpack, while at a train station in Nuremberg.

What was the response? Victims weren’t notified until Nov. 24. Army officials blamed the delay on bureaucracy, privacy concerns and the time required to gather accurate information.

Details: Officials said the laptop was protected by encryption and access controls.

Source: Stripes.com, Stars and Stripes, “Army waited to tell of possible security breach,” Dec. 2, 2008.

A laptop containing the health care information of about 100,000 patients of Baylor Health Care Systems in Texas was stolen from the car of an employee, who was subsequently fired for breaking company protocol.

What type of personal information? Medical records, including the names of patients and medical codes corresponding to the treatment they received. About 7,400 patients had their Social Security numbers on the machine.

What happened? The employee, a manger, was assigned to enter the information into the laptop but was fired because she broke company policy by leaving the machine in her car.

What was the response? Baylor is offering free credit-monitoring services to the victims whose Social Security numbers were on the laptop. In addition, the organization is offering a $1,000 reward for the return of the machine, stolen between 11 p.m. and 8 a.m. on Sept. 18 or 19 in Royse City, Texas.

Details: When the incident happened, Baylor was in the process of extending tracking and remote-wipe technology to its laptops.

Source: dallasnews.com, The Dallas Morning News, “Baylor Health Care says laptop with patient data stolen,” Nov. 4, 2008.

The U.S. State Department has alerted roughly 400 people living in the Washington, D.C. area that identity thieves stole confidential information from their passport applications to fraudulently open credit card accounts.

What type of personal information? Social Security numbers, among other data.

What happened? The criminal syndicate was busted after police found a man in possession of 19 credit cards in different names and eight completed passport applications.

What was the response? Because of similar snooping incidents in the past, the department has improved its access management and monitoring capabilities.

Source: Associated Press, “State Department warns of possible identity theft,” Nov. 1, 2008.

The confidential data of University of North Dakota (UND) alumni and donors is at risk for theft after a laptop was stolen from the vehicle of a third-party software provider employee.

How many victims? More than 84,000.

What type of personal information? Social Security numbers, among other data, belonging to people involved with the North Dakota Alumni Association and the UND Foundation.

Wha was the response? The association and foundation are notifying affected individuals, and the unnamed software vendor is providing free credit monitoring to victims.

Details: Officials said they do not believe any of the data has been misused. The college plans to better scrutinize vendor security protocols.

Quote: “Despite following state-of-the-art technology procedures on our end, we deeply regret this issue has occurred with our vendor.” - UND Alumni Association and UND Foundation Executive Vice President and CEO Tim O’Keefe

Source: StarTribune.com, Minneapolis-St. Paul Star Tribune, “UND Alumni Association laptop swiped, along with vital ID of thousands,” Oct. 8, 2008.

Intruders accessed the confidential data of 11,000 students, faculty and staff at the University of Indianapolis.

What type of personal information? Social Security numbers, among other information.

What happened? The breach was discovered Sept. 18, 10 days after the attack. The hackers compromised information that was at least two years old, when the university was still collecting Social Security numbers as identifiers.

What was the response? Victims were notified by email or standard mail and will be offered one year of free credit monitoring.

Details: The hack appears to have originated outside the United States as investigators discovered foreign language embedded in the programming code.

Quote: “Our investigation leaves no doubt that this was a professional job by hackers from outside, and it was well beyond our control.” - University President Beverley Pitts.

Source: chicagotribune.com, Associated Press, “Hacker compromises data on 11,000 at U. of Indy,” Sept. 30.

Confidential information on more than 9,000 current and former Tennessee State University students is at risk after a financial aid counselor at the school lost a portable storage device.

What type of personal information? Social Security numbers, families’ financial histories.

What was the response? Students will be contacted by email or regular mail. In addition, the university is offering credit protection to victims.

Details: Officials said there is no indication any of the data has been misused.

Source: Tennessean.com, The Tennessean, “TSU loses 9,000 students’ data,” Sept. 13.