According to the group, a laptop containing the customer records of approximately 65,000 individuals, including debit card, credit card and social security data, was stolen from the YMCAs locked administrative offices in Providence, R.I., sometime in May.
The laptop contained the personal information of members of the Greater Providence YMCA, as well as customer information from some of the facilities overseen by that organization, including branches in both Rhode Island and Massachusetts.
YMCA spokesperson Mickey Riendeau said the area where the office is located has recently been victimized by a string of property thefts.
However, Riendeau said, the device was protected by at least two locked doors at the time it was taken, and only a handful of the records on the stolen machine included customers social security numbers.
While the laptop had security software onboard to protect the information, Riendeau said the organization felt compelled to inform its customers of the potential data exposure.
"We wanted to get the word out anticipating the worst-case scenario, so that our members had an opportunity to protect themselves," Riendeau said.
The spokesperson said the YMCA has not received any reports leading it to believe that information on the laptop has been used to commit identity fraud or any other crimes.
The laptop containing the customer data was first reported missing on May 24 when YMCA employees noticed that a second, unused laptop was gone. The second machine, also presumed stolen, held no information, Riendeau said.
The YMCA has already sent letters to members whose personal information was on the stolen device, warning them to be on the lookout for fraudulent activity.
The YMCA is only the latest in a long string of well-known organizations that have been forced to issue public warnings about the potential exposure of customer information during 2005 and 2006.
Most recently, online travel portal Hotels.com and auditors at Ernst & Young warned consumers of an incident that may have exposed the personal data of roughly 243,000 customers of the online travel site. That situation was also touched off by the theft of a laptop computer.
In late May, the United States Department of Veterans Affairs reported that the personal information of as many as 26.5 million veterans was exposed after a break-in at an employees home.
In January, the Federal Trade Commission levied $15 million in fines against ChoicePoint, an aggregator of consumer data whose lax procedures for disclosing personal information to other companies helped draw attention to the issue. The FTC charged ChoicePoint with violating the Fair Credit Reporting Act, among other issues.
ChoicePoint, headquartered in Alpharetta, Ga., was forced to report that fraudsters had tricked it into revealing the information of some 163,000 individuals under a 2003 California law requiring companies to disclose such data breaches. As a result, many other U.S. states have passed or are considering similar regulations.