88 million-plus Americans affected by data theft
The steady stream of data breaches that started with ChoicePoint Inc. in February 2005 has left more than 88 million Americans at risk for identity
fraud, according to a list tallied by the Privacy Rights Clearinghouse (PRC).
The latest incidents, which have not yet made it onto the PRC's list, involve Foster City, Calif.-based Visa USA Inc. and Atlanta, Ga.-based Equifax Inc.
Tuesday both companies acknowledged security breaches. Visa said that an ATM security breakdown may have exposed data on an undisclosed number of customers. The breach dates back to February, when Visa began notifying banks of a security issue affecting a contractor that processes ATM transactions, according to published reports. Visa publicly acknowledged the breach after Charlotte, N.C.-based Wachovia Bank N.A. decided to replace an untold number of debit cards issued to its customers, prompting a wave of media inquiries.
Separately, Equifax -- one of the three major U.S. credit reporting bureaus -- acknowledged that a laptop computer containing employee names and Social Security numbers was stolen from a worker traveling on a train near London. Company spokesman David Rubinger told the Reuters news agency that the May 29 theft affects nearly all of the company's 2,500 U.S. employees, aside from those hired in roughly the last two months. Personal data belonging to millions of consumers who obtain credit scores from Equifax was not compromised, Rubinger said, adding that it would be difficult for would-be thieves to decipher the data or determine that it included Social Security numbers in the first place. The employee responsible for the laptop was disciplined, but Rubinger wouldn't describe the punishment or release the employee's name.
The rate of data breaches has intensified since mid-May, when the U.S. Department of Veterans Affairs (VA) confirmed that records for every veteran discharged from the military since 1975 were stolen from the home of an agency employee. The VA later revealed that the breach also put active duty personnel at risk for identity fraud.
According to the list on the PRC Web site, the most recent security breaches involve:
The New York State Controller's Office, which acknowledged that a data cartridge containing payroll data of employees who work for a variety of state agencies was lost during shipment. The data included the names, salaries, Social Security numbers and home addresses of about 1,300 people.
Union Pacific, which acknowledged the theft of an employee's laptop containing the names, birth dates and Social Security numbers of 30,000 former employees.
American Insurance Group (AIG), which acknowledged the theft of a computer server containing personal information such as names, Social Security numbers and tens of thousands of medical records on 930,000 people.
Western Illinois University, where a hacker compromised a university server that contained names, addresses, credit card numbers and Social Security numbers of 240,000 people.
The U.S. Dept of Energy's Hanford Nuclear Reservation, where police believe personal data on 4,000 current and former workers was compromised. Police found a 1996 list with workers' names and other information in a home during an unrelated investigation, leading to suspicion that the facility suffered a security breach.
This article orginally appeared on SearchSecurity.com.