Wisconsin Department of Agriculture, Trade and Consumer Protection

serving the state of wisconsin since 1839

DATCP works to assure safe food, healthy people, animals, plants and environment, vibrant agriculture and fair business practices.

  You are here:   

Office of Privacy Protection

  • Coming soon.
  • ID Theft & Privacy Protection
    2811 Agriculture Drive
    PO Box 8911
    Madison, WI 53708-8911
    Phone: 608-224-5163
    Fax: 608-224-4677
    Hotline: 1-800-422-7128

Data Breaches Affecting Wisconsin Citizens

October, 2011

Date Public Notified Date of Breach Company Data Stolen
October 2011 April and October 2011 Sony PlayStation Network  (PSN) Usernames and  passwords
Who’s Affected Details
An estimated 93,000 users have been affected. It is unknown whether any of those affected are Wisconsin residents.

This incident is linked to the Sony breach from April 2011 where over 77 million users accounts were compromised.		 Consumer accounts were exploited and credentials were stolen from third parties vendors and reused. Sony has notified approximately 100,000 users and has locked the affected accounts. If those accounts were compromised and purchases were made, Sony has offered to refund any loss. Sony is asking all users to reset their passwords in an effort to mitigate any further fraud.

If you feel you are a victim of identity theft as a result of this breach, contact the Office of Privacy Protection at (800) 422-7128 or email us at wisconsinprivacy@wisconsin.gov.

September, 2011

Date Public Notified Date of Breach Company Data Stolen
September 23, 2011 September 2011 GoDaddy.com Username and passwords, payment information
Who’s Affected Details
445 secure socket layer-certified sites representing GoDaddy.com’s merchant client base. It is unknown at this time how many individual consumers are affected. A representative from GoDaddy.com reported to the media that merchant client accounts were accessed as a result of installed malicious code, the result allowed access to usernames and passwords and ultimately payment information.

In this case hackers may have used malicious code to modify how a site accepts and processes payments, putting that data at risk. When a GoDaddy.com user visits the site, the code could be executed on their local computer.

This incident is under investigation.

If you feel you are a victim of identity theft as a result of this breach, contact the Office of Privacy Protection at (800) 422-7128 or email us at wisconsinprivacy@wisconsin.gov

Date Public Notified Date of Breach Company Data Stolen
September 2011 December 12, 2008 - May 25, 2011 Vacationland Vendors Inc. - operating at Wilderness Resort in Wisconsin Dells Debit and credit card information to include account number, name and expiration date.
Who’s Affected Details
Approximately 40,000 individuals that transacted using debit and credit cards at gaming arcades at the Wilderness Report and a sister resort located in Tennessee.

It is unknown at this time how many Wisconsin residents are affected.

Notification letter		 Vacationland Vendors Inc. has reported  that an attack by hackers has compromised a large number of debit and credit cards used at gaming arcades. Those affected have been notified.

Transactions associated with payment of room fees, restaurants and entertainment centers do not appear to be affected by this incident.

Vacationland discovered the breach on April 1, 2011, at which time the company shut down its card payment systems until late May 2011, when it removed malware from  its computers. An investigation is ongoing.

Anyone that used a debit or credit card during the time frame described should close accounts affected to further protect themselves.

If you feel you are a victim of identity theft as a result of this breach, contact the Office of Privacy Protection at (800) 422-7128 or  email us at wisconsinprivacy@wisconsin.gov

August, 2011

Date Public Notified Date of Breach Company Data Stolen
August 22, 2011 April 5, 2010 Purdue University - Indiana Social security numbers
Who’s Affected Details
Approximately 7,000 past students that attended the university in 2000 through the summer session in 2005. A computer server containing old course records was broken into on April 5, 2010.  The explanation for delay to notify those affected is the database contained 6.6 million nine digit numbers – the same amount as a social security number. The numbers had to be matched to the owner before a notification mailing could occur with name and mailing address.

Those affected received notice starting Monday, August 22, 2011.

The letter contains a toll free number for inquiries at 866-520-0492 and online at www.purdue.edu/securePurdue/theft.cfm

If you feel you are a victim of identity theft as a result of this breach, contact the Office of Privacy Protection at (800) 422-7128 or  email us at wisconsinprivacy@wisconsin.gov

Date Public Notified Date of Breach Company Data Stolen
August 10, 2011 May 25, 2011 University of WI - Milwaukee Name and SSN
Who’s Affected Details
Approximately 75,000 students and staff, past and current. On May 25, 2011, the UW - Milwaukee discovered that computer hackers had installed malware (computer viruses) on one university server, which housed a software system serving several campus departments and which managed confidential information. The system was immediately shut down and security was reassessed before restarting. Initially the breach was believed to only affect image files.

The incident was reported to local and federal law enforcement and an investigation initiated.

Several weeks into the investigation, on or around June 30, 2011, it was discovered that a database associated with the system was accessible to the hackers. This database included the names and social security numbers of approximately 75,000 individuals associated with the university, primarily current and former employees and students.

Notification letters have been sent to those affected. Anyone receiving a letter should place a fraud alert on their credit report and should regularly monitor their credit report for suspicious activity. A FREE credit report can be requested at www.annualcreditreport.com or by calling 1-877-322-8228.

If you feel you are a victim of identity theft as a result of this breach, contact the Office of Privacy Protection at (800)422-7128 or  email us at DATCPwisconsinprivacy@wisconsin.gov

June, 2011

Date Public Notified Date of Breach Company Data Stolen
June, 2011 June, 2011 CitiGroup, Inc. Name, Address, Email addresses, credit card number
Who’s Affected Details
Citi is reporting this breach affects hundreds of thousands of bank card consumers, to include 7,838 Wisconsin residents.

Sample letter

 Citi recently discovered unauthorized access to Citi Account Online through routine monitoring. The bank indicated about 1% of their total client base was affected.

Citi is in the process of notifying those affected. Citi has implemented enhanced procedures to prevent a recurrence.

If you feel you are a victim of identity theft as a result of this breach, contact the Office of Privacy Protection at (800) 422-7128 or  email us at DATCPwisconsinprivacy@wisconsin.gov

Date Public Notified Date of Breach Company Data Stolen
Public Notice of Class Action Settlement Dec 1, 2006 through Nov 30, 2009 Krist Oil Company CITGO gas stations Receipts printed displayed more than last 5 digits of credit or debit card numbers
Who’s Affected Details
The courts have determined that all persons who used a credit or debit card at any of Krist Oil Company’s businesses in Michigan, Wisconsin & Minnesota, where Krist Oil Company provided that person an electronically printed receipt at the point of sale or transaction that displayed the expiration date or more than the last five digits of that person’s credit card or debit card, for a time period beginning on December 1, 2006, until November 30, 2009, is eligible to participate in a class action settlement. A lawsuit was filed against Krist Oil Company claiming the company violated the Fair Credit Reporting Act by not truncating the information printed on customers’ receipts, leaving full credit or debit numbers and expiration dates on the receipts.

If you believe you qualify to be a member of this settlement, you can read more about Seppanen et al. v. Krist Oil Company by going to http://www.kristoilsettlement.com/EN/.

If you feel you are a victim of identity theft as a result of this breach, contact the Office of Privacy Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

Date Public Notified Date of Breach Company Data Stolen
June 9, 2011 Early May 2011 CitiGroup, Inc. Name, Account number, mailing and email address
Who’s Affected Details
CitiGroup reports approximately 200,000 cardholders are affected representing about 1% of the company’s North American client base. CitiGroup reports its servers containing their clients personal information was hacked. An investigation is ongoing.  The intrusion occurred in early May. Those affected by the breach are being notified by CitiGroup.

If you feel you are a victim of identity theft as a result of this breach, contact the Office of Privacy Protection at (800) 422-7128 or  email us at wisconsinprivacy@wisconsin.gov

May, 2011

Date Public Notified Date of Breach Company Data Stolen
May 4, 2011 February 8, 2011 through May 6, 2011 Michaels Stores Customer credit and debit card information from store PIN pads
Who’s Affected Details
An undetermined number of cardholder numbers have been compromised.

At this time, the compromised PIN pads have been found at stores in the following states:

Colorado, Delaware, Georgia, Iowa, Illinois, Massachusetts, Maryland, North Carolina, New Hampshire, New Jersey, New Mexico, Nevada, New York, Ohio, Oregon, Pennsylvania, Rhode Island, Utah, Virginia, and Washington.

No Wisconsin stores or residents have been affected at this time.		 Michaels Stores has discovered that some of its stores’ PIN pads have been tampered with. As of May 4, 2011, Michaels Stores has identified less than 90 individual PIN pads affected. Regardless, the company has removed approximately 7,200 PIN pads from its US Stores.

As of May 12, 2011, fewer than 100 customer PIN debit cards have been reported used in fraudulent transactions. At this time, there are no reports to police of credit card fraud. The investigation is still ongoing, but Michaels urges all customers to take precautionary measures such as checking their accounts for unauthorized transactions.

If you feel you are a victim of identity theft as a result of this breach, contact the Office of Privacy Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

Sample letter (1 page PDF)

April, 2011

Date Public Notified Date of Breach Company Data Stolen
April 20, 2011 Between April 17-19, 2011 Sony PlayStation Network and Qriocity Name, address, Email address, DOB, PlayStation Password and login, PSN online ID and possible purchase history.
Who’s Affected Details
Sony has reported over 77 million users of the PlayStation Network and Qriocity. A hack of the Sony system compromising personal information to include credit card information has been reported by Sony. The credit card file hacked was encrypted, however Sony  made this statement on their website, “out of a abundance of caution we are advising you that your credit  card number (excluding security code) and expiration date may have been obtained.”

An investigation is in progress.

Emails have went out to those affected notifying them of the breach.

See example letter.

If you receive an email from Sony, we recommend that you close the credit card account affected and change your email and PlayStation password and user id.

If you feel you are a victim of identity theft as a result of this breach, contact the Office of Privacy Protection at (800) 422-7128 or  email us at wisconsinprivacy@wisconsin.gov

Date Public Notified Date of Breach Company Data Stolen
April 1, 2011 March 30, 2011 Alliance Data Systems, Corp. - DBA Epsilon Name and email address
Who’s Affected Details
A large number of consumers that currently do business with or have done business with the following companies Citi, Chase, US Bank, Capital One, Barclays Bank of Delaware, Verizon, Walgreens, Visa, Kroger, Marriott International, Ritz-Carlton Rewards, Brookstone, NY & Co., TiVo, HSN, LL Bean, Disney and Best Buy may be affected by this compromise. Epsilon, an online marketing unit of Alliance Data Systems Corp. has announced that an outside intruder hacked into their database is reporting that email addresses and names only were compromised.

Those companies listed are notifying their consumers of the incident and cautioning them about sharing information via a link in an email.

If you receive an email that asks you to click on a link and provide personal information, do not respond. This may be an attempt to gain your personal information.

If you feel you are a victim of identity theft as a result of this breach, contact the Office of Privacy Protection at (800) 422-7128 or  email us at wisconsinprivacy@wisconsin.gov

March, 2011

Date Public Notified Date of Breach Company Data Stolen
March 14, 2011 January 2011 Health Net Inc Names, Social Security Numbers, Addresses, Health Information, and Financial Information
Who’s Affected Details
1.9 million consumers

Approximately 7,468 WI residents

Health Net letter 1

Health Net letter 2		 Health Net Inc, a major health insurance and services provider, recently reported a data breach. The breach was brought to their attention by IBM, which manages the company’s IT infrastructure. IBM discovered nine server drives have gone missing. The drives included personal information for former and current Health Net members, employees and health care providers.

Health Net Inc is notifying all affected individuals, and has also notified the attorney general’s office about the breach.

Health Net Inc is offering two years of free credit monitoring and fraud resolution services to affected individuals. These services will be provided through the Debix Identity Protection Network.

Health Net Inc is continuing to investigate the whereabouts of the missing servers. If you feel you are a victim of identity theft as a result of this breach, contact the Office of Privacy Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@wisconsin.gov.

January, 2011

Date Public Notified Date of Breach Company Data Stolen
January 18, 2011 December 23-28, 2010 MicroBilt Corp Integrity Bank Plus Name, address, social security number, and/or other information contained in credit and/or other reports
Who’s Affected Details
500 consumers, some of which are Wisconsin residents

MicroBilt Corp is a reseller of credit bureau information. One of their customers, Integrity Bank Plus, had a breach affecting about 500 consumers. MicroBilt Corp has sent letters to those affected informing them that their information may have been impermissibly accessed by a party without proper authorization.  The inquiry would appear on an affected credit report as MicroBilt/Integrity Bank Plus or Integrity Bank Plus.

There is an ongoing investigation into the matter. In the meantime, MicroBilt has taken action to place temporary fraud alerts on all affected credit reports.

MicroBilt is offering all affected consumers free Identity Theft Insurance and Restoration Service for one year.

If you feel you are a victim of identity theft as a result of this breach, contact the Office of Privacy Protection at (800) 422-7128 or  email us at wisconsinprivacy@wisconsin.gov


Follow us on Facebook  Follow us on Twitter  Follow us on YouTube  Follow us on Flickr

Sign up for email updates!
Sign up for email updates:
More info