An employee of the Boston Children's Hospital lost a laptop holding patient information.

How many victims? 2,159

What type of personal information? Names, birth dates, and diagnoses and treatment information (but no financial data or Social Security numbers)

What happened? The employee was in Buenos Aires, Argentina for a conference and lost the laptop, which contained a file with the patient data.

What was the response? Patients and their families were sent emails notifying them of the incident. Daniel Nigrin, the facility's chief information officer, released a statement to the media stating that "additional steps" will be taken to prevent further breaches in the future. Affected individuals were advised to call the hospital at (855) 281-5730.

Details: The exposed data was not saved to the lost computer's hard drive, but was contained in an email attachment. The laptop was password protected, though not encrypted.

Quote: “Boston Children's takes this incident and the protection of protected health and personal information extremely seriously," Nigrin said.

Source: The Boston Globe, bostonglobe.com, "Laptop lost with data for more than 2,000 patients, Boston Children's reports," May 22, 2012.

Sensitive data belonging to people who made web-based purchases at the University of Maine's (UMaine) Orono Campus may have been stolen after the school's server suffered a security breach.

How many victims? 3,825

What type of personal information? Social Security and credit card numbers.

What happened? One of UMaine's servers was hacked, exposing the personal information of 2,818 customers who made online purchases using a web-based tool hosted by the school.

What was the response? Local, state and federal authorities are currently investigating the situation and are working with an identity protection firm to notify individuals whose information has been compromised. Those affected will receive free identity protection, including credit monitoring, for one year.

Details: The web-based application used by customers, developed by UMaine's Computer Connection store, was licensed to share with the University of Arkansas, which was believed to have had up to 1,007 transaction records on the server. Officials at the school became aware of the breach after reading an article online posted by a gang of hackers known as Team GhostShell. They notified UMaine on April 27 and the server was promptly shut down.

Quote: “Any time these attacks occur anywhere in the world, it heightens our awareness and vigilence,” said Janet Waldron, vice president for finance and administration at UMaine.

The personal information of home care workers and their elderly and disabled recipients may have been compromised when the storage device on which it was contained was lost in the mail.

How many victims? 700,000

What type of personal information? Full names, Social Security numbers, wages, and state identification numbers.

What happened? A package of microfiche containing the sensitive data was shipped last month by Hewlett-Packard via the U.S. Postal Service to a state In-Home Supportive Services office in Riverside, Calif. The package arrived tampered with and with some contents missing.

What was the response? The state notified authorities, and an internal investigation is underway. Notices have been sent to anyone affected by the breach. Officials are reviewing policies to avert future problems.

Details: The potentially hijacked information, dating from October to December 2011, was mailed April 26 and was received at the Riverside office on May 1. According to information posted on a state website, there was a weeklong delay before the state received word of the breach.

Quote: “It's hard for us to believe that in one of the largest states in the union, we're using such an antiquated system,” said Steve Mehlman, a labor union spokesman.

Source: latimes.com, Los Angeles Times, “Personal data for home care workers, recipients lost in the mail,” May 12, 2012.

The Social Security numbers and financial account information of students and staff at the University of North Carolina at Charlotte (UNC-Charlotte) was exposed during an online security breach.

How many victims? 350,000

What type of personal information? Full names, Social Security numbers, addresses, and financial account information.

What happened? Incorrect access settings and a system misconfiguration caused a large amount of personal data hosted by the university to leak onto the internet.

What was the response? School officials alerted students and staff, and created a website to provide additional information. UNC-Charlotte has enhanced its internal review procedures to monitor for suspicious activity.

Details: The breach was first discovered by university officials in January, but the college informed students and staff in mid-February. The leak was caused by two exposure issues, one affecting the general university systems over a period of three months, and another that impacted the school's College of Engineering systems for more than a decade.

Quote: “It makes me feel unsafe to think my information could be out there and that somebody could take my credit and do what they want to with my Social Security [number],” said Jennifer Affinito, a student at UNC-Charlotte.

Source: wbtv.com, Channel 3 WBTV, “UNC Charlotte: 350,000 Social Security numbers exposed during Internet breach,” May 9, 2012.

The personal information of employees of the Florida Department of Children and Families (DCF) was breached.

How many victims? 100,000

What type of personal information? Full names, dates of birth, and Social Security numbers.

What happened? An unnamed third-party service provider stored the employees' personal information online, but the data was not password protected.

What was the response? The DCF sent letters to 100,000 child care workers asking them to monitor their accounts and place fraud alerts on their credit reports.

Details: While the sensitive data was vulnerable when it was online, it was not easily accessible through search engines. Letters were sent to victims.

Quote: “During the time the information was unprotected, there was only legitimate uses for that information, only legitimate uses conducted by the vendor,” said Kristi Gray, a spokeswoman for DCF.

Source: wftv.com, Channel 9 WFTV, “DCF warns child care workers of possible computer security breach,” May 2, 2012.

The personal information of 14,000 students, former students and faculty at Volunteer Community College in Gallatin, Tenn., was placed on a web server that was not secure.

How many victims? 14,000

What type of personal information? Full names and Social Security numbers.

What happened? Files containing the names and Social Security numbers of Volunteer Community College students, former students and faculty were placed on an unsecure server by school employees.

What was the response? A web site was created to provide more information on the situation. College officials said they notified all affected students and faculty, adding that one-year of credit protection will be given upon request to students whose personal information was on the server.

Details: The files containing the sensitive data were placed on a web server that was not protected. School employees believed it was secure because a login and password was requested for access, university officials said. There is no evidence that the information has been used inappropriately.

Quote: “We have contacted the major credit reporting agencies and informed them that some of our students' and faculty members' personal information may have been accessible,” said Bruce Scism, Volunteer Community College interim president.

Source: tennessean.com, The Tennessean, “Vol State: Personal information found vulnerable for 14,000 students, faculty,” April 30, 2012.

The Social Security numbers of millions of Texas voters were mistakenly given to opposing lawyers by the state attorney's office as part of a voter ID case.

How many victims? While there were 13 million records handed over, only half contained the full Social Security number of Texas voters.

What type of personal information? Social Security numbers, though they were encrypted and password protected.

What happened? After lawyers challenged the voter ID law in Texas, the state was ordered to give them a voter database for analysis. State Attorney General Greg Abbott's office inadvertently handed over the personal records of 13 million Texas voters, half of which included full Social Security numbers.

What was the response? The state attorney's office dispatched a state police officer to New York, Washington D.C., and Boston to retrieve the encrypted disks.

Details: The records were given to opposing lawyers on password-protected, encrypted disks. The error was brought to light by an analyst who opened the disks.

Quote: "At no time were these Social Security numbers exposed to the public," First Attorney General Daniel Hodge said.

Source: chron.com, The Houston Chronicle, “Texas AG releases voters' Social Security numbers in mix-up,” April 25, 2012.

South Carolina Medicaid data was leaked after the information was transferred to a personal email account.

How many victims? 228,000.

What type of personal information? Names, addresses, phone numbers, and Social Security numbers, which also double as Medicaid ID numbers.

What happened? South Carolina Medicaid employee, Christopher Lykes Jr., 36, improperly transferred information on more than 228,000 people to his personal email account. The data was compiled over several months.

What was the response? Lykes was arrested and charged with violating medical confidentiality laws. He also was fired. New security measures are in place, and victims will be notified and offered free identity theft protection services.

Details: After an investigation launched earlier this month by the state Department of Health and Human Services (HHS), officials concluded that the information was transferred to one other person, apparently intentionally, though they are unsure of the motive. There are no reports that the information has so far been misused. The state Law Enforcement Division is investigating.

Quote: “I've woken up every morning for the past week praying somehow I could find a reason or the individual who committed the act would tell us this is just a big mistake,” said Anthony Keck, director of HHS.

Source: myrtlebeachonline.com, The State, "SC agency says information leaked on 228K people," April 19, 2012.

Emory Healthcare in Atlanta lost the personal information of surgery patients treated at its three hospitals when 10 backup discs went missing.

How many victims? 315,000 patients treated from September 1990 to April 2007.

What type of personal information? Names, Social Security numbers (on 228,000 patients), surgery dates, diagnoses, and other information about the procedures, such as whom performed them and what types of devices were used.

What happened? The discs went missing from a storage area at Emory University Hospital. An investigation concluded that the discs were removed at some point between Feb. 7 and 20.

What was the response? Victims are being notified by letter and will receive free identity protection services. In addition, the health care system has launched an investigation that will seek to "reinforce and clarify" current security and privacy policies.

Details: The data contained in the discs, covering patients at Emory University Hospital, Emory University Hospital Midtown and The Emory Clinic Ambulatory Surgery Center, has not been accessed by physicians since 2010. There is no indication that any of the missing information has been misused.

Quote: "We sincerely regret this incident and want to assure our patients that we are committed to safeguarding their personal information," said John Fox, president and CEO of Emory Healthcare.

Source: emory.edu, news release, "Emory Healthcare notifies individuals regarding missing data," April 18, 2012.

Thousands of patients of Memorial Healthcare System in Hollywood, Fla. may be at risk for identity theft after two former employees improperly accessed their records.

How many victims? 9,500.

What type of personal information? Names, Social Security numbers and birth dates.

What happened? The two workers, who have since been fired, got access to the records with the intention of possibly using the information to file false tax returns.

What was the response? The system, made up of five hospitals in Broward County, is notifying victims and offering them one year of free credit monitoring. In addition, officials are looking to tighten security in light of the breach.

Source: miamiherald.com, The Miami Herald, "Two Memorial Healthcare System employees fired over information breach," April 12, 2012.