Though it is now eclipsed by the Heartland hack, a massive intrusion on TJX Company Inc.'s systems a few years earlier is significant because it was one of the first to show just how vulnerable retailers were. TJX Companies include T.J. Maxx, Marshalls and HomeSense.
In December 2006, the Framingham, Massachusetts-based TJX alerted law enforcement that cybercriminals had stolen more than 45 million customer records in 2003 and 2004. In January 2007 it went public with the news.
According to Information Week, within eight months, the company had spent more than $20 million investigating the incident, notifying customers and hiring lawyers to deal with the dozens of associated lawsuits. The hack alerted the industry to the threat of cybercriminals and pushed lawmakers to fast-track data security legislation, Information Week reported.
The personal information for as many as 76 million veterans might have been compromised when a defective hard drive was sent for repair and recycling without first having the data on it erased.
In October 2009, the National Archives and Records Administration investigated the Veterans Affairs agency for the potential data breach, Wired magazine reported at the time.
The hard drive was used for the system veterans used to request health records and discharge papers, and included millions of Social Security numbers, Wired said.
In June 2005, news broke that a security breach at CardSystems, an Atlanta-based third-party processor of payment card transactions exposed more than 40 million card accounts to potential fraud. Of those, 68,000 Mastercard accounts, 100,000 Visa accounts and 30,000 accounts from other brands are known to have been used by hackers, according to the Privacy Rights Clearinghouse.
In May 2006, U.S. Veterans Affairs officials disclosed that a laptop containing personal information for millions of veterans had been stolen in a burglary from the home of an agency employee in Maryland.
The agency estimated that about 17.5 million veterans were at risk and reportedly offered to cover the cost of monitoring their credit for one year, to the tune of $160.5 million.
Fortunately, about a month later, the FBI announced it had recovered the laptop and the personal information had not been compromised.
The personal information for more than 12.5 million people was potentially compromised when the Bank of New York Mellon lost of box of computer data tapes with information such as Social Security numbers, names, addresses and possibly bank account numbers.
The six to 10 tapes were lost en route to a storage facility, Reuters reported in 2009.
In February 2008, Connecticut officials disclosed the breach, saying more than 4.5 million people were affected. In August 2008, the number was raised to 12.5 million.
A year later, the bank agreed to pay Connecticut $150,000 as part of a settlement and provide credit monitoring and fraud alerts for the affected people for 36 months. It also agreed to reimburse customers for funds stolen as a result of the breach, Privacy Rights said.