Data Loss Source: Personal information of state retirees was emailed to the Kentucky Retirement Systems (KRS) without being properly encrypted for security purposes by its pharmacy benefit provide.
Date of Breach: March 19, 2009
Size of Loss : 28,000
Affected Individuals: Retirees
Geographic Focus: Deerfield, IL
Data contained: The email contained dates of birth, Social Security numbers and health insurance claim numbers but not personal health information.
Additional Notes: The file contained information only on members who were both Medicare-eligible and used the retiree pharmacy benefit through Walgreens in 2007.

Data Loss Source: Security software provider Symantec warned a small number of customers that their credit card numbers may have been stolen from an Indian call center used by the company.
Date of Breach: March 31, 2009
Size of Loss : 200
Affected Individuals: Symantec customers
Geographic Focus: Cupertino, CA
Data contained: Credit card numbers
Additional Notes: Symantec is investigating allegations that a call center in India leaked credit card numbers of its customers to someone who then sold them to BBC News reporters posing as criminals.
Additional Information: CNET News

Data Loss Source: A laptop computer recently stolen at the Palo Alto Medical Foundation’s Santa Cruz office contained personal and medical information of Santa Cruz County patients.
Date of Breach: April 1, 2009
Size of Loss : 1,000
Affected Individuals: Santa Cruz County patients
Geographic Focus: Palo Alto, CA
Data contained: The information on the computer included EMG results, the patients’ medical record numbers, treatment plans and diagnoses.
Additional Notes: The foundation has offered its patients free credit and identity fraud monitoring and warned them to contact local authorities if they notice anything suspicious on their credit reports.
Additional Information: San Jose Mercury News

Data Loss Source: A former child support worker was arrested after attempting to sell the personal information of people who used child support services to an undercover agent. He worked for Colorado-based Policy Studies Inc., a private company that contracts with the Tennessee Department of Human Services to provide child support services for Davidson County.
Date of Breach: April 3, 2009
Size of Loss : 1,600
Affected Individuals: Tennessee Department of Human Services clients
Geographic Focus: Tennessee
Data contained: Names, Social Security numbers and bank account numbers
Additional Notes: The worker trafficked the sensitive information in three separate transactions that were recorded by law enforcement officials.
Additional Information: The Tennessean

Data Loss Source: A computer stolen from the University of Toledo contained personal information for about 24,000 students and 450 faculty during the 2007-08 and 2008-09 academic years.
Date of Breach: March 16, 2009
Size of Loss : 24,450
Affected Individuals: University of Toledo students and faculty
Geographic Focus: Toledo
Data contained: The student data was directory and educational information, such as student identification numbers and grade point averages. The faculty information, however, was more personal and included names, social security numbers, birth dates, and more.
Additional Notes: The computer was password protected and many of the files were specifically encrypted or individually password protected, said the university.
Additional Information: TMCNet.com