Flurry of new data breaches disclosed

The dizzying pace of data-breach notifications in recent months shows no signs of slowing, as several more organizations have disclosed major data compromises over the past few days.

Among them are American International Group Inc. (AIG), ING Financial Services LLC, Union Pacific Corp. and Western Illinois University (WIU).

The latest disclosures bring to more than 190 the number of such incidents reported since the ChoicePoint Inc. breach of February 2005, according to a list maintained by the Privacy Rights Clearinghouse, a San Diego-based advocacy group. Of that number, more than 90 have been disclosed since January.

The total number of records containing personal information that may have been exposed by such breaches since the ChoicePoint incident is now over 88 million, according to the Privacy Rights Clearinghouse. The latest breaches include the following:

- The burglary of a password-protected file server at New York-based AIG resulted in the potential compromise of personal data belonging to about 970,000 people. That theft took place on March 31, but it has taken the company until now to determine exactly what information the server contained, said AIG spokesman Christian Murray.

As a result, AIG will start notifying affected individuals of the breach next week, he said. According to Murray, the server was stolen from inside a locked room and contained insurance information submitted by brokers on behalf of various employers. In addition to names, addresses and Social Security numbers, the stolen server also held medical information on "a very small" number of people, he said without elaborating.