Data Loss Source: A laptop computer recently stolen at the Palo Alto Medical Foundation’s Santa Cruz office contained personal and medical information of Santa Cruz County patients.
Date of Breach: April 1, 2009
Size of Loss : 1,000
Affected Individuals: Santa Cruz County patients
Geographic Focus: Palo Alto, CA
Data contained: The information on the computer included EMG results, the patients’ medical record numbers, treatment plans and diagnoses.
Additional Notes: The foundation has offered its patients free credit and identity fraud monitoring and warned them to contact local authorities if they notice anything suspicious on their credit reports.
Additional Information: San Jose Mercury News

Data Loss Source: A former child support worker was arrested after attempting to sell the personal information of people who used child support services to an undercover agent. He worked for Colorado-based Policy Studies Inc., a private company that contracts with the Tennessee Department of Human Services to provide child support services for Davidson County.
Date of Breach: April 3, 2009
Size of Loss : 1,600
Affected Individuals: Tennessee Department of Human Services clients
Geographic Focus: Tennessee
Data contained: Names, Social Security numbers and bank account numbers
Additional Notes: The worker trafficked the sensitive information in three separate transactions that were recorded by law enforcement officials.
Additional Information: The Tennessean

Data Loss Source: A computer stolen from the University of Toledo contained personal information for about 24,000 students and 450 faculty during the 2007-08 and 2008-09 academic years.
Date of Breach: March 16, 2009
Size of Loss : 24,450
Affected Individuals: University of Toledo students and faculty
Geographic Focus: Toledo
Data contained: The student data was directory and educational information, such as student identification numbers and grade point averages. The faculty information, however, was more personal and included names, social security numbers, birth dates, and more.
Additional Notes: The computer was password protected and many of the files were specifically encrypted or individually password protected, said the university.
Additional Information: TMCNet.com

Data Loss Source: A list of over 8,000 Comcast user name and passwords were available to the public via Scribd for two months, before a professor found it while searching for his name online.
Date of Breach: March 16, 2009
Size of Loss : 8,000
Affected Individuals: Comcast customers
Geographic Focus: Philadelphia, PA
Data contained: User names and passwords
Additional Notes: Comcast believes that the situation was the result of a phishing or malware-oriented attack perpetuated by an external, third-party source.
Additional Information: InfoPackets.com

Data Loss Source: The operator of 12 hospitals in Indiana and Illinois is notifying patients that CDs containing their personal information were lost for three days over the summer.
Date of Breach: April 2, 2009
Size of Loss : 250,000
Affected Individuals: Patients
Geographic Focus: Indiana and Illinois
Data contained: Social Security numbers and other personal information
Additional Notes: The Sisters of St. Francis Health Services, which operates 10 hospitals in Indiana and two in Illinois, said in its warning letter that an employee of a medical billing contractor copied the data onto several CDs in July and placed them in a new computer bag to work from home. That employee later went back to the store to exchange the bag, but accidentally left the discs inside. The person who bought the bag three days later immediately returned the discs and officials were confident the data was not accessed, according to an Associated Press report.
Additional Information: AdvanceWeb.com