On September 14, 2011, backup tapes containing personal and protected health information for approximately 4.9 million TRICARE (US military healthcare) beneficiaries were stolen from the personal vehicle of an employee of Science Applications International Corporation (SAIC), a federal IT contractor. The theft occurred in San Antonio, Texas while the employee was transporting the tapes between SAIC facilities. TRICARE is the healthcare program for US military personnel, retirees, and their dependents. SAIC was a TRICARE contractor processing health claims data. Exposed data included Social Security numbers, names, phone numbers, addresses, and personal health and clinical data (laboratory results, diagnoses, prescriptions) — data dating from 1992. No financial information was included. TRICARE notified approximately 4.9 million affected beneficiaries in late September/October 2011. This was one of the largest healthcare breaches of 2011 and remains one of the largest involving physical media loss. A class-action lawsuit sought $4.9 billion in damages ($1,000 per affected individual); it was ultimately dismissed. SAIC was held liable and reached a $7.5 million settlement with class-action plaintiffs. The incident was a catalyst for stronger HIPAA Business Associate Agreement requirements and highlighted the risk of transporting unencrypted backup media.