When a Maryland dental HMO acknowledged this week that it had accidentally posted the names, addresses and Social Security numbers of 75,000 members on its Web site, the revelation made news.
But the security breach at The Dental Network is just one of more than three dozen filed so far this year with the Maryland attorney general's office, The Sun has learned.
And though most of the security breaches are much smaller, they underscore how hard it is to completely protect computerized information.
Consumer groups acknowledge that just about anyone is at risk.
"There's little you can do to protect yourself unless you go into seclusion," said Paul Stephens of the Privacy Rights Clearinghouse, a San Diego nonprofit.
Thirty-nine businesses or groups have reported losses of sensitive information involving about 87,500 Maryland residents in the three months since a state law took effect requiring that people be informed of such incidents, records show.
Jeannine Kenney, a senior policy analyst with Consumers Union, said the new Maryland law ensures that people will learn when their personal information has been compromised without having to rely on the good will of businesses.
"Now that Maryland has a law, consumers should be more confident that when there is a breach they will be notified," Kenney said.
Consumers can use the information to comparison shop. Notice requirements such as these "give businesses incentive to more carefully safeguard personal data," Kenney said.
Forms of inadvertent disclosure vary from case to case, but most commonly they result from theft of a computer or electronic equipment.
More than 4,600 Maryland residents were notified this week that BNY Mellon Shareowner Services had lost a box of computer backup tapes last month, according to state records.
"When I see things like this I get a little frightened," said retired schoolteacher Thomas Fox of Baltimore County, who received a letter this week from Pittsburgh-based BNY Mellon that his Social Security number and even bank account information might have been on the computer tapes.
Also in February, a hacker broke into MLSgear.com, Major League Soccer's online store, and stole the personal information -- including credit and debit card numbers -- of more than 1,600 state residents. This week, The Dental Network, a CareFirst BlueCross BlueShield dental HMO, revealed that it didn't notify about 75,000 members of a security breach until about three weeks later.
