Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
867,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,256 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
April 22, 2014 NCO Financial Systems Inc.
Horsham, Pennsylvania
BSF PHYS

Unknown

NCO Financial Systems Inc. informed customers of a data breach when their third party communication vendor, RevSpring, Inc. sent an email to a number of loan customers that mistakenly included an attachment that contained loan statements. The information on these statements included names, addresses, Social Security numbers, and account numbers.

The company is offering 12 months free of ProtectMyID through Experian. A letter with a code went out to those individuals affected. Those with questions are asked to call 1-866-274-43711-866-274-4371.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 22, 2014 Snelling Staffing LLC
Dallas, Texas
BSO PHYS

Unknown

Snelling Staffing LLC informed current and previous employees of a data breach that exposed personal information to others via the Internet due to an installation error of a cloud based server at the home of a former Snelling employee, on January 24, 2014.

The information exposed included Social Security numbers, driver's license numbers, dates of birth, home addresses, medical information, alleged criminal activity and/or drug test results.

The company did discover that breach and shut down access to the information within the same day.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 17, 2014 Aaron Brothers
Coppell, Texas
BSR HACK

400,000

Aaron Brothers, a division of Michaels Stores Inc. appears to been a part of the data breach of Michaels Stores Inc. The company confirmed on Thursday April 17, 2014 that the payment system breach also affected its Aaron Brothers chain. Approximately 400,000 cards were potentially breached from June 26, 2013 through February 27, 2014.

 
Information Source:
Media
records from this breach used in our total: 400,000

April 14, 2014 Wilshire Mutual Funds
Kansas City, Missouri
BSF PHYS

Unknown

Wilshire Mutual Funds informed customers of a data breach that took place on March 13, 2014. It was brought to the company's attention that a copy of individuals 1099-Div tax form was sent by fax to an incorrect shareholders in error.

The information contained on the 1099-Div form included registered owner's names, the registration of the mutual fund account, the addresses of record, the last 4 digits of the Social Security numbers, the fund and account numbers assigned in their recordkeeping system, the taxable amounts, and the Payer's (Wilshire Equity Fund) Federal ID number.

Those affected with questions are asked to call 1-866-591-15681-866-591-1568 or to send written correspondence to P.O. Box 219512, Kansas City, MO 64121-9512 or by overnight mail to 430 W. 7th Street, Kansas City, MO 64105.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

April 11, 2014 Veterans Of Foreign Wars Of The United States
Kansas City, Missouri
GOV HACK

55,000

The office of The Veterans Of Foreign Wars Of The United States notified members that an unauthorized party accessed VFW's webserver through the use of a trojan and malicious code. The hacker, thought to be in China, was able to download tables containing the names, addresses, Social Security numbers of approximately 55,000 VFW members.

The motivation of the hacker, according to IT experts, was to gain access to information regarding military plans or contracts and not for purposes of identity theft, although they have not ruled that out.

VFW is providing 12 months free of AllClearID. Members can call 1-855-398-6437 with any questions. A security code must be provided and was provided in the letter sent to those affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 55,000

April 11, 2014 LaCie USA
Tigard, Oregon
BSR HACK

Unknown

LaCie USA was informed by the FBI that they had found indications that an unauthorized person used malware to gain access to information from customer transactions that were made through LaCie's website.  Reportedly, the transactions that may have been affected happened from March 27, 2013 through March 10, 2014.

The information breached included names, addresses, payment card numbers and card expiration dates. Also included could be an individuals LaCie username and password to access the website.

For those affected they are asked to call Monday through Friday from 9:00 a.m through 7:00 p.m EDT (eastern time).

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 11, 2014 University Urology, P.C.
Knoxville, Tennessee
MED PHYS

1,144

University Urology P.C of Knoxville Tennessee informed patients of a data breach regarding their personal information. According to the practice, the information was limited to names and addresses and that no Social Security numbers, financial account information or clinical information was exposed.

According to a statment by the facility, an administrative assistant had compiled the data in an effort to sell it to a competing provider, helping them gain patient business. Patients contacted University Urology to let them know that the competing provider had been soliciting their business.

 
Information Source:
Media
records from this breach used in our total: 0

April 9, 2014 Clinical Reference Laboratory
Lenexa, Kansas
MED PHYS

Unknown

Clinical Reference Laboratory, Inc. notified individuals of a breach regarding their personal information. On or around February 6, 2014 Clinical Reference Laboratory (CRL) sent a packet of invoices via the United States Postal Service to Nationwide Insurance for services performed. The package was damaged when it arrived at the USPS facility and some of the invoice pages were missing.

The information in these missing pages included names, dates of birth, the last 4 digits of individuals Social Security number and the type of lab tests conducted.

The company has arranged a free one year subscription through Equifax Personal Solutions.

For those affected with questions they can call CRL at 1-855-758-75431-855-758-7543 or disclosurehelp@crlcorp.com.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

April 8, 2014 StumbleUpon
San Francisco, California
BSO HACK

Unknown

The San Francisco based Internet company has informed customers of a potential breach that may have occured in their system. The company sent notification out to customers noticing suspicious activity on their account and in turn locked their accounts and reset their passwords.

The company reported that the breach included only passwords.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 7, 2014 American Express Company
New York, New York
BSF CARD

Unknown

Amercian Express Company informed customers that their credit card information was recovered as part of an investigation by law enforcement agencies and/or American Express. The information reportedly only included the American Express Card account numbers, no Social Security numbers were impacted.

Those individuals who notice suspicious activity on their account are asked to call 1-855-693-22131-855-693-2213 to notify the company.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 7, 2014 Deltek Inc.
Herndon, Virginia
GOV HACK

80,000

Software developer Deltek Inc. informed approximately 80,000 employees of a breach that occured in Deltek's GovWin IQ system.

The company confirmed that on March 13, 2014 they suffered a cyberattack where hackers obtained usernames, passwords and credit card information for individuals who use the GovWin IQ system. Of the 80,000 individuals affected, 25,000 of those may have had credit card information breached.

Those individuals who did have credit card information affected, the company is offering a membership to TransUnion Monitoring services for free.

It has also been reported that authorities have already made an arrest in this case.

Deltek has set up an email address for users to submit questions: protect@deltek.com.

 
Information Source:
Media
records from this breach used in our total: 25,000

April 6, 2014 BigMoneyJobs.com
Uknown,
BSO HACK

36,802

The recruiting site BigMoneyJobs.com has apparently been breached by a hacker that goes by the name of ProbablyOnion by exploiting an SQL Injection vulnerability. The details of over 36,000 users have been leaked online due to the breach.

The information included names, home addresses, phone numbers, emails and passwords of 36,802 users have been published in a Excel file. The information covers both individuals looking for a job and companies looking for talent.

 
Information Source:
Media
records from this breach used in our total: 0

April 3, 2014 Cole Taylor Mortgage
Portland, Oregon
BSF INSD

Unknown

Cole Taylor Mortgage (a division of Cole Taylor Bank) informed customers of a data breach that occured due to an error by one of their third party vendors. Information was inadvertently made accessible to employees of another federally regulated bank.

The information included names, addresses, Social Security numbers, loan numbers and certain loan information. According to the mortage company, the breach was caused by a technical error by the vendor that provides them information technology services and solutions to both banks.

The company has established a dedicated toll-free hotline for those who were affected at 1-800-572-9809.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 2, 2014 Kaiser Permanente Northern California Division of Research
Oakland, California
MED HACK

5,100 patients

Kaiser Permanente's Northern California Division of Research informed research patients of a data breach to their system. The company discovered that a server was infected by a malicious software that caused a breakdown in the server's security barriers allowing the hackers to obtain personal information.

The information included firs names, last names, dates of birth, ages, genders, addresses, race/ethnicities, medical record numbers, lab results all associated with research provided by individuals as part of research studies.

Currently the company has stated that no Social Security numbers or their Kaiser electronic medical record information used for ongoing medical care was not affected.

Those affected with questions are asked to call 1-877-811-00191-877-811-0019 from 8 a.m to 6 p.m PDT Monday through Friday or the Department of Health and Human Services through the Office for Civil Rights at 1-800-368-10191-800-368-1019.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 2, 2014 Boxee
Ridgefield Park, New Jersey
BSO HACK

158,128

The personal data of over 158,000 Boxee.tv forum accounts were hacked and leaked online to a Tor Internet site and at least one researcher. The information included email addresses, birth dates, IP addresses, message histories, and password changes. It also included message archives and past password changes.

The company was purchased by Samsung last July.

 
Information Source:
Media
records from this breach used in our total: 0

April 2, 2014 California Correctional Institution
Tehachapi, California
GOV PHYS

Unknown

On March 9, 2014 an employee roster was discovered within an unsecure desk drawer at one of the correctional facilities.

The roster included full names and the last 6 digits of Social Security numbers.

For those affected they are being directed to call Tim Fites, Information Security Coordinator at 1-661-823-5011.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 28, 2014 Palomar Health
Escondido, California
MED PHYS

5,000 patients

Palomar Health in Escondido had a laptop stolen along with two flash drives from an employee's SUV. Approximately 5,000 patients were affected by the breach.

The flash drives contained patient names, dates of birth, information regarding individual diagnosis, individual treatment and insurance information. The computer was encrypted but the flash drives were not. The information dates back to 2008.

The Oceanside police have recovered the laptop and the missing flash drives, one person was arrested and a possible second suspect arrest may follow.

Those patients who may have been affected can reach the health care system for more information at 1-866-313-79931-866-313-7993. The company is offering credit monitoring services for those individuals whose medicare numbers were compromised.

Palomar could face a fine as high as $250,000 from the California Department of Health.

 
Information Source:
Media
records from this breach used in our total: 0

March 27, 2014 Orlando Health's Arnold Palmer Medical Center
Orlando, Florida
MED PHYS

586

A computer flash drive containing patient information on 586 children treated at Orlando Health's Arnold Palmer Medical Center is missing or reportedly been "misplaced"

The information included last names, assigned medical record numbers, dates of birth, gestational ages, birth weights, dates of hospitalizations, and in some cases, transfer dates of children who were patients at Arnold Palmer Hospital for Children or Winnie Palmer Hospital for Women and Babies between 2009 and 2013.

 
Information Source:
Media
records from this breach used in our total: 0

March 27, 2014 The University of Wisconsin-Parkside
Kenosha, Wisconsin
EDU HACK

15,000

Students were notified by officials from The University of Wisconsin-Parkside of a data breach that occured to their system by hackers that installed malware on one university server.

The information that is at risk includes names, addresses, telephone numbers, email addresses and Social Security numbers. The breach affects students who were either admitted or enrolled at the university since the fall of 2010.

The server was shut down and the hacking was reported to local authorities. After launching an investigation it appears the malware was searching for credit card information and they show no evidence that any Social Security numbers were compromised.

The university has set up a website with information for those who may have been affected http://www.uwp.edu/explore/contactus/index.cfm 

 
Information Source:
Media
records from this breach used in our total: 15,000

March 27, 2014 Sorenson Communications and CaptionCall
Salt Lake City, Utah
GOV HACK

Unknown

On March 7 it was discovered that there was an unauthorized access to Sorenson Communications employee data via the payroll vendor utilized for both Sorenson Communications and CaptionCall employees. The personal information breached includes both the employee, beneficiaries, dependents, and emergency contacts, or anyone listed in the employees HR account with the company.

The information includes names, dates of birth, addresses, Sorenson income histories, Social Security Numbers, W-2 information, and emergency contact data and appeared to have happened between February 20, 2014 through March 3, 2014.

The FBI has been contacted and is investigating the breach. An email was sent to all those affected on March 11th with instructions on how to enroll in the company-provided credit monitoring services. If an email was not received they are requesting those individuals contact the Human Resources Department at hrsupport@sorenson.com to obtain the information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 25, 2014 University of Kentucky HealthCare/Talyst
Lexington, Kentucky
MED PHYS

1,079

UK Healthcare is notifying 1,079 patients that a laptop with their personal health information was stolen on February 4, 2014 from Talyst, a third party pharmacy billing management company.

The vendor's laptop included names, dates of birth, medical record numbers, diagnosis, medications, laboratory results, progress notes, allergies, height and weights, dates of service, physician name and clinics, insurance carrier, insurance identification numbers.

 
Information Source:
Media
records from this breach used in our total: 0

March 25, 2014 American Express
New York, New York
BSF HACK

Unknown

American Express sent out notification to cardholders regarding unauthorized activity on their cards from unnamed merchants. American Express has stated that names, card account numbers and expiration dates of cards could have been affected. At this time they have stated that no Social Security numbers have been affected.

American Express has placed a fraud alert on their cardholders credit reports. For those affected they are to call 1-800-297-7672 for identity theft assistance or email www.americanexpress.com/idtheftassistance.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 22, 2014 California DMV
Sacramento, California
GOV HACK

Unknown

The California DMV is investigating a potential data breach of their credit card processing systems. Reportedly several large financial institutions received private alerts this week from MasterCard about compromised cards used for charges.

As reported by Krebs on Security, "the alert, sent privately by MasterCard to financial institutions this week, did not name the breached entity but said the organization n question experienced a "card-not-present" breach-industry speak for transactin conducted online. The alert further stated that the date range of the potentially compromised transactions extended from August 2, 2013 to January 31, 2014, and that the data stolen included the card number, expiration date, and three-digit security code printed on the back of cards".

Krebs contacted 5 different financial institutions, two mid-sized California banks and "confirmed receipt of the MasterCard notice, and said that all of the cars MasterCard alerted them about as cmopromised had been used for charges bering the notation "STATE OF CALIF DMV INT."

The DMV, who originally stated they would investigate, put out a statement at 6:44 Eastern Time on March 22, 2014, placing blame on the the third party credit card processing company.

The total amount of individuals potentially affected at this time is unknown. KrebsOnSecurity stated that they had received a list of more than 1,000 cards, from one bank, that were potentially exposed that included credit card numbers, expiration dates and three-digit security codes printed on the back.

 
Information Source:
Krebs On Security
records from this breach used in our total: 0

March 21, 2014 Castle Creek Properties, Inc./Rosenthal Wine Shop
Malibu, California
BSR HACK

Unknown

Castle Creek Properties Inc/ Rosenthal Malibu Estate notified customers of unauthorized access to computer systems used to process credit card transactions at their Rosenthal wine shop.

The unauthorized access may have compromised payment card data of visitors who used their cards for payment of items at the wine shop tasting room. Information compromised included names, addresses, payment card account numbers, card expiration dates and security codes.

The company is offering a complimentary one year membership of Experian ProtectMyID Alert. For those affected and wish to enroll in the services they are asked to call 1-310-899-8903.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 21, 2014 Sa Francisco Department of Public Health/Sutherland Healthcare Solutions
San Francisco, California
MED PHYS

Unknown

San Francisco Health Network/San Francisco Department of Public Health has notified patients that their information may have been compromised as well, due to the recent theft of computers at Sutherland Healthcare Solutions. Sutherland is the third party billing company for the San Francisco Department of Public Health.

The information contained in the stolen computers included names, dates of birth, Social Security numbers, dates and location of services and names of insurance companies or payers.

The agency is providing one year of ID Experts. Anyone who was affected is encouraged to contact ID Experts with any questions and to enroll in the service by calling 1-866-486-4809 or by going to their website www.myidcare.com/idexpertshealthcareprotection. Documentation was sent to the affected parties that provided steps for enrollment and an access code for entry. Deadline to enroll is July 31, 2014

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 20, 2014 Marian Regional Medical Center
Santa Marica, California
MED INSD

Unknown

Marian Regional Medican Centers (Santa Maria and Arroyo Grande Campuses) notified patients of a data breach. A secured electronic file containing patients information was sent to a contracted health insurance plan in error. The health insurance plan notified the company immediately that they received the email in error.

The file included names, addresses, types of insurance, dates of birth, dates of service, types of laboratory tests and test results for dates of service between March 1 and March 6, 2014. The company has stated that the Social Security number was not included in the electronic file.

For those affected the company has asked questions or concerns to be directed to a toll free number 1-877-906-16031-877-906-1603.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 20, 2014 Auburn University
Auburn, Alabama
EDU HACK

Unknown

Auburn University notified individuals of a compromised server within the College of Business network. This incident could have resulted in unauthorized access to personal information including Social Security numbers and names. The investigation is ongoing and the University has reportedly patched the vulnerability in their system.

They have no evidence as of yet if any information was accessed or misused in any way. The University is offering a one year complimentary membership of Experian's ProtectMyID Alert.  For questions or concerns, affected parties should call 1-877-371-7902.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

March 18, 2014 Hickory Grove Gas Station
Vincent, Ohio
BSR HACK

100 reported, could go as high as 300

A local area gas station in Vincent Ohio off of Ohio 339 has a credit card breach and those affected are customers who recently used either debit or credit cards at the gas station. So far 100 people have reported fraudulent charges on their account that dates back to at least a month ago. Reports are saying that the number could go as high as 300 victims.

It appears hackers infiltrated the network that gas station and grocery store uses. The breach could have also potentially happened through the Kentucky-based credit card processing company they use. They have stopped accepting any credit or debit cards until a full investigation is completed.

Those who think they have been victimized are asked to call the Vincent Ohio Sheriffs Department.

 
Information Source:
Media
records from this breach used in our total: 100

March 18, 2014 Yellowstone Boys and Girls Ranch (YBGR)
Billings, Montana
MED PHYS

Unknown

The Yellowstone Boys and Girls Ranch which treats mental health issues for children and teens reported that a binder was lost or destroyed sometime in 2013. The binder contained information that included names, addresses, dates of birth, parents' names, programs and treatment professionals' information. They have stated that no financial or Social Security information was stored in this binder.

 
Information Source:
Health IT Security
records from this breach used in our total: 0

March 18, 2014 The Shelburne Country Store
Shelburne, Vermont
BSR HACK

Unknown

The Shelburne Country Store notified customers of a computer hack to their payment processing system, similar to reported attackes by other national retailers such as Target and Neiman Marcus.

The information compromised included names, addresses, credit or debit card numbers, expiration dates and verfication codes. They believe the breach occured between November 13, 2013 and January 6, 2014.  They are unclear as to how many purchases were affected.

The company has set up AllClear ID protect your identity for 12 months at no cost to those affected. They can either email support@allclearid.com or call 1-855-434-8077.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

March 18, 2014 IRS
, Pennsylvania
GOV INSD

20,000

A former emloyee of the IRS took home a computer thumb drive that contained personal information on 20,000 current and former employees and contractors. The information included Social Security numbers, names and addresses. The thumb drive was plugged into the employees unsecured network, which could have left the information vulnerable.

This incidence dates back to 2007 before the IRS stared using automatic encryption. The IRS will not comment why they did not discover this breach until now, or if the employee who used the thumb drive is still working at the IRS.

 
Information Source:
Media
records from this breach used in our total: 20,000

March 17, 2014 Service Coordination Inc.
Frederick, Maryland
MED HACK

9,700

Hackers infiltrated the computers of a state-licensed provider of services to developmentally disabled individuals. The information stolen included Social Security numbers and medical information for approximately 9,700 clients.

The non-profit learned of breach in late October 2013. The U.S Justice Department asked the non-profit organization to delay notification of the breach to allow for a federal investigation.

The investigation did lead to the alleged hacker and their equipment and accounts have been seized.

"Service Coordination is one of five private organizations licensed by the state's Developmental Disabilities Administration, an agency of the Maryland Department of Health and Mental Hygiene."

 
Information Source:
Media
records from this breach used in our total: 9,700

March 17, 2014 Arcadia Home Care and Staffing
Southfield, Michigan
MED INSD

Unknown

Arcadia Home Care/Arcadia Health Services, Inc. notified employess of unauthorized access of their files by an independent contractor for Arcadia by the name of Charles E. Symes, II and his new business Alegre.  Mr. Symes was previously authorized to use Arcadia's database, which contained personal information, but only for authorized purposes and access.

The company discovered Mr. Symes gaining unauthorized access to employee's personal information which included names, Social Security numbers, addresses, bank account information, California driver's license and other information.

The company believes the information was breached on or around January 2014 through March 1, 2014. For questions the company is asking those affected to call1-800-733-8427800-733-8427.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 17, 2014 ELightBulbs.com
Maple Grove, Minnesota
BSR HACK

Unknown

Elightbulbs.com is in a series of companies who have had security breaches due to exposure of ColdFusion weaknesses. The online company was contacted by Discover card alerting them to a pattern of fraudulent activity on cards that were recently used at their store. This is a similar incident to what happened with Smucker's. ELightbulbs.com was listed in the ColdFusion botnet panel.

The Vice President of the company, Paul McLellan said "he first learned of the breach on November 7, 2013 from his company's processor, Heartland Payment Systems". He also stated that "shortly before we were told by Heartland, we paid $6,000 a year for a company to brutalize our server, for protection and peace of mind. Turns out this flaw had existed for two years and they never saw it."

The FBI has stated that group responsible for the attack have also compromised much higher-profile targets as well.

 
Information Source:
Media
records from this breach used in our total: 0

March 17, 2014 Kichlerlightinglights.com
New York, New York
BSR HACK

Unknown

KichlerLightingLights is another victim of the ColdFusion botnet. The company's owner Gary Fitterman stated "It was like being attacked by terrorists. When we learned what had happened, we immediately went into frenzy, spent a ton of money to get forensic experts to take a look."

The hacking gang used vunerabilities in Adobe's ColdFusion to build a botnet of hacked ecommerce sites, designed to bilk the customers credit card data, KichlerLightingLights was just another one of the ecommerce sites affected.

The various companies that have been affected all handled credit card processing on their site. Mr. Fitterman has now outsourced all of his credit card processing transactions to a third party company.

Experts state that if you run your own credit card processing you must be diligent about software updates.

 
Information Source:
Media
records from this breach used in our total: 0

March 14, 2014 Health Source of Ohio
Milford, Ohio
MED PHYS

8,800

Health Source of Ohio reported a breach of patients' personal information when a file containing specific data was accidentally made visible online. According to authorities the file was viewed 47 times.

The file included names, account numbers, addresses, phone numbers, Social Security numbers, birthdates, credit card numbers and limited healthcare information. According to the center not all patients information included financial or Social Security numbers. A specific number was not provided of the 8,800, who may have suffered a breach of their financial information or SSN.

Patients who were affected are advised to contact HSO at 1-800-495-7647

 
Information Source:
Media
records from this breach used in our total: 8,800

March 13, 2014 Silversage Advisors
Irvine, California
BSF PHYS

Unknown

On February 20, 2014 Silversage Advisors notified customers of a theft of back-up computer drives from a secure offsite location used as part of the company's disaster recovery plan. The drives contained names, addresses, Social Security numbers, driver's license numbers and account information.

The company is providing one year of Breach Protector credit monitoring and identity theft restoration coverage. For those affected with question they are to call 1-888-969-7500.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 13, 2014 Detroit Medical Center-Harper University Hospital
Detroit, Michigan
MED INSD

1,087

A former Detroit Medical Center-Harper University Hospital employee was found with the personal information of 1,087 patients by West Bloomfield police. The documents included patients health information, names, dates of birth, reasons for patient visits and Social Security numbers.

When the hospital learned of the breach they immediately revoked the employee's access to its computer systems and all of the Detroit Medical Center hospitals.

For patients that were affected they can call 1-855-830-9731 with questions.

 

 

 

 
Information Source:
Media
records from this breach used in our total: 1,087

March 12, 2014 UCSF Family Medicine Center at Lakeshore
San Francisco, California
MED PHYS

9,986

UCSF Family Medicine Center at Lakeshore notified patients of a theft of desktop computers that were unencrypted on or around January 11, 2014.  An immediate analysis of what information the computers obtained. On March 6, 2014 UCSF determined that some of the computers stolen contained Social Security numbers, names, dates of birth and medical record numbers, some only contained names, medical record numbers and health information.

Those who were affected were asked to contact UCSF/ID Experts by calling 1-888-236-02991-888-236-0299  Monday through Friday from 6 a.m to 6 p.m Pacific time. When calling individuals are asked to used Access Code: 59832

UPDATE (3/20.2014): The University of California at San Francisco is notifying 9,986 individuals who had information on the computers that were stolen from the UCSF Family Medicine Center at Lakeshore. The computers included information such as names, dates of birth, mailing addresses, medical record numbers, health insurance ID numbers and driver's license numbers. Of the 9,986 files, 125 of them also included Social Security Numbers. Credit monitoring is being offered to those whose Social Security numbers were affected.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 125

March 12, 2014 NoMoreRack.com
New York, New York
BSR HACK

Unknown

As reported by Krebs On Security, for the second time since August 2013, the "online retailer NoMoreRack.com has hired a computer forensics team after being notified by Discover about a potential breach of customer card data."

The Director of Business Development with company, Vishal Agarwal, has confirmed that they were approached by Discover Card in August of 2013, communicating that they were seeing fraudulent activity and the online retailer was the point of compromise.

As stated by Mr. Agarwal "they requested then that we go through a forensics audit, and we did that late October by engaging with Trustwave. Trustwave came out wtih a report at end of October saying there was no clear cut evidence that our systems had been compromised. There were a few minor bugs reported, but not conclusive evidence of anything that caused a leakage in our systems."

Discover reached out the company again in February to notify them that there was additional evidence of fraud associated with their online store from November 1, 2013 through January 15, 2014.

The company has again engaged Trustwave to complete another forensic audit and to also confirm that they are PCI compliant.

 
Information Source:
Media
records from this breach used in our total: 0

March 11, 2014 City of Hope
Duarte, California
MED PHYS

Uknown

The City of Hope was informed by one of their vedors, Sutherland Healthcare Solutions, Inc. regarding a burglary that happened in one of their offices, where the thieves stole eight of their computers. Two of the computers contained City of Hope patient and patient guarantor information. Both computers were password protected. Sutherland Healthcare Solutions provides billing services for the City of Hope, who has since suspended their relationship with Sutherland.

The information on the computers contained Social Security numbers, names, addresses, phone numbers, medical record numbers, account numbers and/or diagnoses. Law enforcement is currently investigating the incident.

The City of Hope has secured the services of Kroll, a risk mitigation company, to provide identity theft protection at no cost for one year for those who may have been affected.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 11, 2014 Cornerstone Health Care
Hight Point, North Carolina
MED PHYS

548

Cornerstone Health Care reported a laptop containing information for 548 patients was stolen from Cornerstone Neurology sometime between December 31, 2013 and January 6, 2014.

The laptop contained protected health information such as patient names, dates of birth, physician names and nerve conduction scan summaries. The laptop did not contain any addresses, billing information, or Social Security numbers. The laptop was not connected to their third party billing company or their electronic health records.

Since the theft the medical practice has revised its procedures and policies, retrained the staff on securing patient information and replaced locks on rooms with electronic medical devices.

 
Information Source:
Media
records from this breach used in our total: 0

March 11, 2014 Emory Dialysis Center, part of Emory Clinic
Atlanta, Georgia
MED PHYS

826

An employee of Emory Dialysis Center, notified the center that his work laptop had been stolen out of his car on February 7, 2014.

The laptop was protected by a password but was not encrypted. The laptop contained information for 826 patients which included dates of services, blood flow test graphs, first and last names for approximately half of the patients, the rest were the patients initials. They center has stated that the laptop did not contain dates of birth, addresses, billing information or Social Security numbers.

HSM (Health Systems Management) who runs the clinic is now password protecting all laptops and encrypting patient information.

 
Information Source:
Media
records from this breach used in our total: 0

March 10, 2014 Statista
New York, New York
BSO HACK

50,000

Online statistics portal, Statista, notified customers of a data breach that occurred with their system. The breach was noticed when the company internally started receiving spam emails. The company investigated and approximately 50,000 of its customers username and password combination were compromised.

The company has not said whether or not the breach goes beyond access to username and passwords, but at present, this seems to be all that has been affected.

The company notified users almost immediately and assured them that the compromised passwords "cannot be used by third parties due to masking procedures".  The company did not encourage customers to change their passwords.

Experts are questioning how secure the passwords are for those that created accounts prior to December 2013 and have stated that "the passwords of those who signed up before this data were stored in the Statista database as MD5 hashes. As many experts will tell you, MD5 passwords can be easily cracked".

The main risk for those affected would be a higher incidence of spam and phishing emails, potentially impersonating Statista.

 
Information Source:
Media
records from this breach used in our total: 0

March 7, 2014 John Hopkins University
Baltimore, Maryland
EDU HACK

1,307

University officials at John Hopkins University announced a data breach of their Department of Biomedical Engineering's Design Team course web server. A hacker claiming to be part of the group Anonymous claimed credit for the hack.

The hackers made an attempt to extort the university out of server passwords, but the university did not comply with the request.

Officials at the university said that the server did not contain Social Security numbers, birth dates, credit card numbers or any financial data. The data the server did contain included employee data that is publicly available from the department's website. Those affected include any students from the BME department who were enrolled in the course from 2006 to this past fall. Approximately 1,307 individuals may have been affected.

There was a coding error that left the database vunerable was identified and fixed but not prior to the hackers infiltrating the system. The server was primarily used to produce the BME department's website. Although the breach happened late last year, it was not realized until someone posted on Twitter in January that the server was open to attack.

 
Information Source:
Media
records from this breach used in our total: 0

March 6, 2014 North Dakota University
Bismarck, North Dakota
EDU HACK

290,780

North Dakota University System has notified individuals of a security breach of a computer server that stores personal information on students, staff and faculty.

On February 7, 2014 the server was hacked into and more than 209,000 current and former students and 780 faculty and staff had personal information stored on thus server that included names and Social Security numbers according to Larry Skogen, the Interim Chancellor.

The university has notified officials and has set up a website www.ndus.edu/data with information and is organizing a call center for questions from those who were affected.

Authorities have announced that "an entity operating outside the Unites States apparently used the server as a launching pad to attack other computers, possibly accessing outside accounts to send phishing emails"

 
Information Source:
Media
records from this breach used in our total: 290,780

March 6, 2014 Los Angeles County Department of Health/Sutherland Healthcare Solutions
Portland, Oregon
MED PHYS

168,000

On February 5, 2014 Sutherland Healthcare Solutions, who provides patient billing and collection services for Los Angeles County was broken into and computers were stolen. Information that was stored on these computers included first and last names, Social Security numbers, billing information, dates of birth, addresses, diagnosises and other medical information.

Currently the breach is being investigated by authorities and the agency is offering credit monitoring services through ID Experts free for 12 months. To enroll in the free services by calling 1-877-868-92841-877-868-9284 or going to www.myidcare.com/securityandprotection.

UPDATE (3/7/2014): The Los Angeles County Department of Health and Human Services (DHS) announced recently that they will be notifying 168,000 patients of a data breach at Sutherland Healthcare Solutions. When originally reported the number of patients was not divulged.

 
Information Source:
California Attorney General
records from this breach used in our total: 168,000

March 5, 2014 Sally Beauty Supply
Denton, Texas
BSR HACK

25,000

As reported by Krebs on Security, it appears that Sally Beauty Supply may be one of the latest victims of a string of credit card data breaches affecting their payment systems.

"On March 2, a fresh batch of 282,000 stolen credit and debit cards went on sale in a popular underground crime store.  Three different banks contacted by KrebsOnSecurity made targeted purchases from this store, buying back cards they had previously issued to customers".

The banks used a "common point of purchase" or "CPP" to determine where the cards were used over the same period of time. "Each bank independently reported that all of the cards (15 in total) had been used within the last ten days at Sally Beauty Supply locations across the United States".

The company had also detected some kind of intrusion into their network at or around the same time that the stolen card mapping or "CPP" dates that the banks found associated with Sally Beauty Supply. The company's initial investigation did not show any evidence that data was compromised at the store level. The company hired Verizon Enterprise Solutions for the initial and continued investigation.

UPDATE (3-17-2014): Sally Beauty has confirmed that the breach they suffered was due to hackers breaking into their network, stealing credit card data from stores. Originally the retailer would not confirm that they suffered a breach as they had no evidence that any credit card data was stolen. The company confirmed that "fewer than 25,000 records containing card present (track 2) payment card data have been illegally accessed on our systems and we believe have been removed." The company also states " As experience has shown in prior data security incidents at other companies, it is difficult to ascertain with certainty the scope of a data security breach/incident prior to the completion of a comprehensive forensic investigation. As a result, we will not speculate as to the scope or nature of the data security breach."

 
Information Source:
Media
records from this breach used in our total: 25,000

March 5, 2014 OANDA
New York, New York
BSF HACK

Unknown

OANDA informed customers of an unauthorized breach affecting some of their clients. On Monday March 3, 2014 a historical log of some payments received via PayPal (prior to 2007) was accessed. The company states that the incident did not impact any fxTrade services, client trades or funds.

The information accessed included named and email addresses. The company states that usernames or passwords for thier "fxPense" expense reporting tool may have been accessed. These accounts are not related to fxTrade. They are asking customers who registered for this service and use the same username and password on any other external websites, to change those passwords.

Upon learning of the breach, the company shut down access to the system and alerted the FBI, their regulators and relevant privacy offices of the breach.

For additional questions or concerns those who may have been affected can call their respective local office http://www.oanda.com/corp/contact/ or via frontdesk@oanda.com.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 5, 2014 Point Park University
Pittsburgh, Pennsylvania
EDU UNKN

1800

On Wednesday March 5, 2014 Point Park University in Pittsburgh Pennsylvania notified employees of a possible data breach that included names, home addresses, Social Security numbers, wage information, birthdates, bank accounts and routing numbers.

The Point Park President stated that as many as 1,800 employees could have been affected by this breach.

"The university was expecting a package from its payroll processing vendor Ceridian, but when the package arrived to campus it was missing all of the accompanying reports, according to an internal email obtained by the Pittsburgh Post-Gazette."

The university is working with authorities and an investigation has been launched. The law firm that represents the university is currently putting a letter together to those who were affected that will include call-center information and other services offered.

 
Information Source:
Media
records from this breach used in our total: 1,800

Breach Total
867,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,256 DATA BREACHES made public since 2005
Showing 1-50 of 4256 results


X

Sign In!

Loading