Years of identity theft
put consumers at risk

2007

Quincy-based Stop & Shop Supermarket Co. disclosed that thieves stole account and personal identification numbers from customers’ credit and debit cards at two Rhode Island locations, in Coventry and in Cranston, by tampering with checkout-lane keypads. Illegal purchases were made with data from cards that had been used at the two stores. There was evidence of similar tampering in stores in Bristol, Providence, Warwick, and in Seekonk.

Hackers stole customer credit card, debit card, checking account and driver’s license information from the computer systems of Framingham-based TJX Companies, owners of TJ Maxx, Marshalls, Home Goods and AJ Wright stores. The company says it believes the thefts began in July 2005 and continued through Jan. 2007. The company faces class-action lawsuits, and losses because of the breaches are still being tallied.

2006

Sensitive information from about 26 million veterans and military personnel was compromised when a laptop was stolen from the home of a Veterans Administration employee in May.

The computer was recovered two months later and an FBI forensic team determined that the computer’s database had not been accessed since it was taken.

In February, credit card and bank card numbers for about 200,000 subscribers of The Boston Globe and its sister paper in Worcester, the Telegram & Gazette, were accidentally distributed with bundles of the Telegram’s Sunday paper.

In March, a laptop belonging to Fidelity Investments that held the names, addresses, birth dates, Social Security numbers and other information of 196,000 retirement account customers was stolen.

Laptop computers containing personal information of current and former employees of Stop & Shop and its sister chains were stolen during a commercial flight in May and again in June.

A laptop belonging to the Boeing Co. containing names and Social Security numbers of 382,000 workers and retirees was stolen in December. It was the third laptop stolen from Boeing containing workers’ information.

A personal computer containing insurance information, including names, addresses and Social Security numbers of more than 500,000 injured workers in New York, disappeared in July from a secured facility operated by a state contractor.

2005

Bank of America, Wachovia Corp. and several other banks began notifying nearly 700,000 customers of a security breach in May. Employees had illegally sold customer account information to a man who was posing as a collection agency.

An estimated 1,100 Massachusetts consumers were victimized in an identity theft scam at Georgia-based ChoicePoint Inc., one of the country’s largest data collection companies.

The company sent warning notices to nearly 145,000 people across the country whose personal information was compromised after criminals gained access to the company’s databases.

Credit card information from customers of more than 100 DSW Shoe Warehouse stores was stolen from a company computer’s database between Dec. 2004 and March 2005.

The day after the DSW breech became public, LexisNexis said that intruders used stolen passwords from legitimate customers to access personal information on as many as 32,000 U.S. citizens in a database it owns.

2004

B.J.’s Wholesale Club agreed to outside security audits for 20 years to settle a Federal Trade Commission complaint that followed a massive theft of credit and debit card information disclosed in March.

The company said in government filings that the theft resulted in about $13 million in claims.

2003

A Florida man was convicted of hacking into computers at database company Acxiom Corp. and downloading massive amounts of information which he used in e-mail spamming campaigns.

The intrusion cost Acxiom an estimated $6 million.