Home > Identity Theft > 9 Crazy Data Breaches

Comments 0 Comments

Five men were indicted last week in the largest credit card hacking scheme in U.S. history, resulting in more than $300 million in losses and a data breach of more than 160 million credit and debit cards since 2005.

The four Russian nationals and one Ukrainian man targeted major American and international corporations, hacking into computer networks to steal credit and debit account numbers, as well as personal identifying information and more. They would then sell the data, from companies including JC Penney, Nasdaq, Dow Jones, JetBlue, Wet Seal, 7-Eleven and more.

While this may be the biggest hacking scheme in American history, there have been plenty of data breaches this year alone. Here’s a recap of Social Security number snafus, credit card slip-ups and personal information problems in the first half of 2013:

NYC Citi Bike

This rapidly-growing New York City bike sharing program, the largest in the U.S., began just two months ago. But Citi Bike’s beginnings were plagued with issues, including a software glitch that resulted in a data breach more than a month before it even launched. Credit card numbers, security codes, contact information, account passwords and other data for 1,174 individuals who had already signed up were accessible via the company’s website in April. NYC Bike Share, the operator of the program, hired a security firm to investigate the breach and offered those affected free credit and identity theft protection services.

University of Virginia, Aetna Health Care

In July, 18,700 students at the University of Virginia received a brochure from Aetna Health Care with a peculiar address label. A third-party mail vendor had unintentionally printed each student’s Social Security number on their mailing, making for a data breach in plain sight. Having dealt with several data breaches in the past, the university notified students and offered free credit monitoring services to those affected.


In April 2011, Citigroup discovered that they had accidentally exposed the Social Security numbers, birth dates and other sensitive data of approximately 146,000 customers who had filed for bankruptcy between 2007 and 2011. The bank failed to redact personal information on court records prior to filing them on the government-operated legal document system. Earlier this month, an independent auditor verified that they’ve fulfilled the terms of their settlement with the Justice Department by redacting the information at Citigroup’s expense, notifying customers and offering a year of free credit monitoring to those affected.


Morningstar Document Research, an investment-research firm and global database, revealed in an early July 2013 filing that they accidentally leaked personal details of about 2,300 users in April 2012. Names, addresses, email addresses, passwords and credit card details were compromised, and the account details (email addresses and user-generated passwords) for another 182,000 users were also revealed. The company informed users of the breach in its July 2013 monthly filing, saying financial damage was minimal and recommending that users monitor their credit accounts.

University of South Carolina

In June, the University of South Carolina notified 6,300 students that their personal information may have been on a laptop that was stolen from a locked physics classroom in late April. The password-protected laptop contained the names and Social Security numbers of students enrolled in physics courses beginning in January 2010, and this breach is the seventh that the university has faced in the same number of years. These breaches have exposed the data of 87,000 students and employees. As a result, USC is establishing new security programming in a six-year, $75 million software overhaul, nearly doubling their cyber security staff, and transitioning to identification numbers in place of Social Security numbers.

Florida State University

Beginning in late May of this year, personal information from about 47,000 participants in a teacher preparation program at Florida State University was publicly accessible for two weeks. As the university’s Florida Center for Interactive Media transferred information like students’ home addresses and Social Security numbers to a new server, viewing restrictions were not reinstated and the information was compromised.

Though the information may have been accessed by unauthorized users, the Department of Education said in a statement that there was no evidence it was misused, and Florida’s Education Commissioner Tony Bennett ordered a data review in response to the breach.

Kmart in Little Rock

In March, a robber held a Kmart assistant manager at gunpoint, demanding money from the safe and fleeing with more than $6,000. But the money wasn’t all he got away with, as he also stole an electronic backup disk with 788 patient records, including names, prescription information, birth dates and some Social Security numbers. Kmart sent letters notifying affected customers in April, though no arrests have been made related to the case.

Schnuck Markets, Inc. – St. Louis

From December 2012 through March 2013, an estimated 2.4 million credit and debit cards were compromised at the St. Louis-based grocery store chain, hacked through a magnetic strip swiping security breach. The breach resulted in a class action lawsuit filed against the chain, for damages related to managing the compromised information, and alleging that Schnuck Markets, Inc. was negligent and failed to properly inform customers of the mishap. However, the Missouri Attorney General stated in July that the company was not at fault, but rather the victim of a hacking scheme.

Kirkwood Community College

In March of this year, hackers from an international IP address accessed Kirkwood Community College’s database and stole personal data and application information from the Iowa institution’s archives. Information including names, birth dates, race, contact information and Social Security numbers for about 125,000 people was accessed. Anyone who applied to take college-credit courses from February 2005 through the breach could have been affected, and in response, the college offered personal identity theft assistance to victims.

While these incidents are a far cry from the massive hacking of 160 million credit and debit cards, they’re still of huge importance to those affected and indicate just how common data breaches really are. These are only a small fraction of some recent incidents, and there will surely be more as hacking technology grows more sophisticated. Since a breach can happen to anyone, the best way to protect yourself is to monitor your credit accounts and credit reports for any fraudulent charges, and alert your bank immediately should anything suspicious pop up.

Image: Lite Productions

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them.

Hello, Reader!

Thanks for checking out Credit.com. We hope you find the site and the journalism we produce useful. We wanted to take some time to tell you a bit about ourselves.

Our People

The Credit.com editorial team is staffed by a team of editors and reporters, each with many years of financial reporting experience. We’ve worked for places like the New York Times, American Banker, Frontline, TheStreet.com, Business Insider, ABC News, NBC News, CNBC and many others. We also employ a few freelancers and more than 50 contributors (these are typically subject matter experts from the worlds of finance, academia, politics, business and elsewhere).

Our Reporting

We take great pains to ensure that the articles, video and graphics you see on Credit.com are thoroughly reported and fact-checked. Each story is read by two separate editors, and we adhere to the highest editorial standards. We’re not perfect, however, and if you see something that you think is wrong, please email us at editorial team [at] credit [dot] com,

The Credit.com editorial team is committed to providing our readers and viewers with sound, well-reported and understandable information designed to inform and empower. We won’t tell you what to do. We will, however, do our best to explain the consequences of various actions, thereby arming you with the information you need to make decisions that are in your best interests. We also write about things relating to money and finance we think are interesting and want to share.

In addition to appearing on Credit.com, our articles are syndicated to dozens of other news sites. We have more than 100 partners, including MSN, ABC News, CBS News, Yahoo, Marketwatch, Scripps, Money Magazine and many others. This network operates similarly to the Associated Press or Reuters, except we focus almost exclusively on issues relating to personal finance. These are not advertorial or paid placements, rather we provide these articles to our partners in most cases for free. These relationships create more awareness of Credit.com in general and they result in more traffic to us as well.

Our Business Model

Credit.com’s journalism is largely supported by an e-commerce business model. Rather than rely on revenue from display ad impressions, Credit.com maintains a financial marketplace separate from its editorial pages. When someone navigates to those pages, and applies for a credit card, for example, Credit.com will get paid what is essentially a finder’s fee if that person ends up getting the card. That doesn’t mean, however, that our editorial decisions are informed by the products available in our marketplace. The editorial team chooses what to write about and how to write about it independently of the decisions and priorities of the business side of the company. In fact, we maintain a strict and important firewall between the editorial and business departments. Our mission as journalists is to serve the reader, not the advertiser. In that sense, we are no different from any other news organization that is supported by ad revenue.

Visitors to Credit.com are also able to register for a free Credit.com account, which gives them access to a tool called The Credit Report Card. This tool provides users with two free credit scores and a breakdown of the information in their Experian credit report, updated twice monthly. Again, this tool is entirely free, and we mention that frequently in our articles, because we think that it’s a good thing for users to have access to data like this. Separate from its educational value, there is also a business angle to the Credit Report Card. Registered users can be matched with products and services for which they are most likely to qualify. In other words, if you register and you find that your credit is less than stellar, Credit.com won’t recommend a high-end platinum credit card that requires an excellent credit score You’d likely get rejected, and that’s no good for you or Credit.com. You’d be no closer to getting a product you need, there’d be a wasted inquiry on your credit report, and Credit.com wouldn’t get paid. These are essentially what are commonly referred to as "targeted ads" in the world of the Internet. Despite all of this, however, even if you never apply for any product, the Credit Report Card will remain free, and none of this will impact how the editorial team reports on credit and credit scores.

Your Stories

Lastly, much of what we do is informed by our own experiences as well as the experiences of our readers. We want to tell your stories if you’re interested in sharing them. Please email us at story ideas [at] credit [dot] com with ideas or visit us on Facebook or Twitter.

Thanks for stopping by.

- The Credit.com Editorial Team