Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
930,642,074 RECORDS BREACHED
(Please see explanation about this total.)
from 4,403 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
May 1, 2014 JCM Partners LLC
Suwanee, Georgia
BSO HACK

Uknown

JCM Partners informed customers of a data breach that occured when a file containing personal information of housing applicants was taken from a JCM database and posted on an unauthorized website. An internal investigation was launched.

The information in the file included Social Security numbers, driver's license numbers, email addresses and mailing addresses.

The company is providing 12 months of AllClear Secure and those affected are automatically eligible and can call 1-877-979-2595.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 5, 2014 ground (ctrl)
Sacramento, California
BSO HACK

Unknown

ground(ctrl) operates social networking community websites focused on musicians, informed customers of a data breach to their website. The information breached included e-mail addresses and passwords. The company did inform customers that their credit card information was never stored with them and was not at risk.

For those affected, the company is recommending that usernames and passwords be changed. For questions individuals can call 1-877-463-2875 or via email at security@groundctrl.com.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 6, 2014 California Department of Child Support Services
Rancho Cordova, California
GOV PHYS

Unknown

The California Department of Child Support Services has notified individuals of a data breach that resulted in unauthorized disclosure of personal information. On April 7, 2014 letters from the Solano County Department of Child Support Services were misplaced while in the custody of a contracted courier who was transporting mail to the US Post Office.

Those affected are asked to call the Department of Child Support Services at 1-866-901-3212.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 25, 2014 Willis North America Inc.
Nashville, Tennessee
BSO DISC

Unknown

Willis North America Inc, informed customers that on "March 19, 2014 an email was sent internally to a group of current Willis Associates who were enrolled in the medical Plan's Healthy Rewards Program". The original email sent out to customers was as a reminder for a special program through their company, however the individual who sent the email "accidentally attached a spreadsheet to the email that was not meant to be included".

The information on the spreadsheet included names, email addresses, dates of birth, social security numbers, employee ID numbers, and office locations by city/state/zip, Wellness credits, an individuals credit status codes, insurance coverage codes, internal codes for plan geographic region and type of reward applicable, last effective date of medical plan elections, election selections, original and last start dates, and when medical plan coverages began.

The spreadsheet did not include any information that revealed health conditions, health treatments or health claims, or personal health information regarding spouses or dependents.

The company has arranged for two years of identity theft protection at no charge. Those affected can find the information at www.trustedid.com/enhanced-identity-theft-protection. To register to to www.trustedid.com/willis and enter the activation code WNAIDE0314 OR CALL 1-888-880-0761.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

May 7, 2014 Green's Accounting
Greenfield, California
BSF STAT

Unknown

The office of Brent Green, CPA was burglarized on April 6, 2014 where the burglars took a network server computer and hard drives containing personal information of their clients. Their server was unencrypted and contained Social Security numbers, names, and addresses of both individuals and their independents.

For additional information or questions, those affected are asked to call Brent Green at 831-64-5562.

 
Information Source:
records from this breach used in our total: 0

May 14, 2014 University California Irvine
Irvine, California
EDU HACK

Unknown

On March 26, 2014, the California Information Security Office notified the University California Irvine that three of the computers in the Student Health Center had been infected by a keylogging virus, which captured the keystrokes as information was being entered into the computers, then transmitted the data to unauthorized servers. They believe that hackers gained information from February 14th through March 27th 2014.  As a result of the virus personal information of individuals was compromised.

The information included names, unencrypted medical information, potentially including health or dental insurance number, CPT codes, ICD9 codes and/or diagnosis, student ID numbers, non-student patient ID numbers, mailing addresses, telephone numbers, amounts paid to the Student Health Center for services, bank names and check numbers.

UC Irvine has contracted with ID Experts to provide one year of FraudStop credit monitoring and one year of CyberScan Internet monitoring for those affected. To enroll visit www.idexpertscorp.com/protect and use the code provided in the letter sent to those affected or call 1-877-810-8083.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 7, 2014 Gingerbread Shed Corporation
Tempe, Arizona
BSR HACK

Unknown

Gingerbread Shed Corporation notified customers of unauthorized access to their system that compromised the personal data of its customers. The information included names, addresses, phone numbers, email addresses, credit card information, user names and passwords for website accounts.

The company has established a confidential phone line for those affected that have questions 1-866-597-8199 and use reference # 5474042814.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 8, 2014 Boulder Community Health
Boulder, Colorado
MED PHYS

16

Boulder Community Health is investigating another data breach of their facility. It has been reported this is the third such incident for this facility since 2008.

Nine people have claimed that they had their records stolen and hard copies mailed to them. Two of these individuals said that there was a letter in theirs that stated their records were mailed “to demonstrate the easy access the hospital and their partners provide to some with bad motives.”

There is an ongoing investigation to understand the extent of the breach. "The hospital — previously known as Boulder Community Hospital until a name change last month — is asking anyone else who thinks their records might have been stolen to call its legal office at 303-440-2342 ".

UPDATE (5/12/2014): Seven more patients have claimed that an anonymous source has sent them copies of their medical records in the mail. It is still unclear as to whether the souce is taking the medical records from inside of the hospital or from somewhere outside of the hospital. The breach is still under investigation.

 

 
Information Source:
Media
records from this breach used in our total: 0

May 19, 2014 Lowe's
Mooresville, North Carolina
BSR DISC

Unknown

Lowe's, the home improvement store informed current and former drives of Lowe's vehicles that one of their third party vendors who provide a computer system "E-DriverFile" that stores compliance documentation and information related to these current and former employees, was unintentionally backed up to an unsecure computer server that was accessible from the Internet.

The information that was compromised included names, addresses, dates of birth, Social Security numbers, driver's license numbers, Sales IDs and other driving record information.

An investigation was launche and it and it was discovered that the information may have been exposed between July 2013 and April 2014. The company is providing one year free of AllClear ID services to those affected. For questions from those affected asr asked to call 1-877-263-7997 within the USA, for those outside the United States or Canada, call 1-512-579-2449.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 21, 2014 Ebay
San Jose, California
BSO HACK

145,000,000

Ebay, the online auction site, was hacked between late February and early March with login credentials obtained from employees. The hackers then accessed a database containing user records of approximately 145 million users which they appeared to have copied.

The information included email addresses, encrypted passwords, birth dates, mailing addresses. The company reports that no financial data or PayPal databases were compromised.

The company is encouraging all who were affected to login into their account and change their passwords.

Ebay has provided the following links for additional information:

http://www.ebayinc.com/

 
Information Source:
Media
records from this breach used in our total: 0

May 21, 2014 Paytime Inc.
Mechanicsburg, Pennsylvania
BSO HACK

Unknown

Paytime Inc, a payroll service for corporations, notified customers of a data breach to their payroll system. The hackers obtained usernames and passwords to their system and were able to obtain Social Security numbers, direct deposit account information, dates of birth, hire dates, wage information, home and cell phone numbers, other payroll information and home addresses.

The company is providing one year free of AllClearID. Those affected are asked to call 1-855-398-6436.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 22, 2014 San Diego State University
San Diego, California
EDU DISC

Unknown

San Diego State University discovered a database that was set up and managed by the Pre-College Institute, containing names, Social Security numbers, dates of birth, addresses, and other personal information was mis-configured to enable any computer connected to the SDSU wired network with the program "File Maker"   The SDSU wired network consists of offices, some labs and the library.

For those with question or concerns about the incident are asked to contact Felecia Vlahos, the Information Security Officer at iso@sdsu.edu or via phone at toll free 1-855-594-0142 and refer to incident #H05007.

 

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 28, 2014 Hospital for Veterans Affairs, Denver
Denver, Colorado
BSF STAT

248

The hospital for Veterans Affairs in Denver had two bio-medical computers stolen from a locked room in the hospital. The computers contained data from tests on approximately 239 VA patients. These computers were used to record data from pulmonary function tests for these patients. The hospital has said that no other data was stored on the computers and the data is encrypted on a password protected application.

 

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

May 28, 2014 Sharper Future
Los Angeles, California
MED STAT

Unknown

The Sharper Future, a mental health facility in Los Angeles has informed clients of a data breach when their offices were burglarized and various electronic equipment that stored patient records which includes names, dates of birth, health and clinical histories, treatment records, CDCR identification numbers and Social Security numbers of their clients.

The facility did report that the information on the stolen equipment was password-protected and did not include financial information. The incident is currently under investigation by authorities.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 3, 2014 Craftsman Book Company
Carlsbad, California
BSO HACK

Unknown

Craftsman Book Company notified customers of a breach that occured on their site. On Tuesday May 27th the company discovered unauthorized access to their site and recommended a change in their username and password. Since that time they discovered that the breach also included charges on customers credit card. The hackers found another site operated by the company and through the security vulnerabilities in the one site, they were able to get to the Craftsman Book site and ultimately to the customers information.

Since the vulnerability was discovered, the company has shut down the other site and is in the process of securing it.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 4, 2014 National Credit Adjusters
Hutchinson, Kansas
BSF UNKN

Unknown

National Credit Adjusters have informed individuals of a breach that has happened when they were notified that some customers were receiving phone calls from unauthorized third party debt collectors. The information that these unauthorized debt collectors may have access to include names, addresses, debt balances, dates of birth and Social Security numbers. The information may also expand beyond the individual on the account to co-signers of the account as well.

The hackers pose as legitimate debt collectors but are actually calling with the attempt to scam individuals out of their money.

For those affected, the company is asking individuals call 1-855-737-9123.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 29, 2014 Montana Health Department
Helena, Montana
MED HACK

Unknown

The Montana Department of Public Health and Human Services announced a data breach that occured when hackers had access to the server for nearly a year. The server contains names, addresses, dates of birth, Social Security numbers and clinical information of customers along with the Social Security numbers and bank account information of employees.

The agency has set up a help line for those who may have been affected at 1-800-809-29561-800-809-2956.

 
Information Source:
Media
records from this breach used in our total: 0

May 26, 2014 Power Equipment Direct
Suwanee, Georgia
BSR HACK

Unknown

Power Equipment Direct has notified customers of a data breach that occured when a small piece of malicious computer code was uploaded to a server that handles their check-out process. The malicious code captured and transmitted screen shots of check-out pages. The company reported that the breach most likely occured from May 4, 2014 until May 5, 2014.

The company is not sure as to what information was captured, it woud have been the information on the screen available at the time the malicious code was enabled.

The company is offering AllClear SECURE at no cost for 12 months. For those affected they can call 1-877-676-0382.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

May 26, 2014 AutoNation Toyota of South Austin
Austin, Texas
BSO HACK

Unknown

AutoNation Toyota of South Austin informed customers of a data breach that occured when a third party vendor, TradeMotion, who operates parts websites for auto dealers nationwide, had their systems hacked potentially exposing credit card information that was stored on their system. The hackers may have also gotten names, addresses, telephone numbers, and email addresses.

The company has arranged for those affected to receive one year of identity theft protection through Experian's ProtectMyID. Those affected can call 1-866-252-9553 by August 31, 2014 for enrollment.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

June 11, 2014 PF Chang's
Scottsdale, Arizona
BSO HACK

Unknown

P.F Chang's is investigating a potential data breach, when credit cards showed up on an underground website that criminals use. Brian Krebs broke the story, when the banks he contacted confirmed that the cards had been used at P.F Chang's restaurants.

P.F Chang's is investigating the allegations currently with authorities.

UPDATE (06/30/2014): PF Chang's has had a class action lawsuit filed against the restaurant chain. The company confirmed on June 12, 2014 that a breach had occured. Some experts believe that the lawsuit is unlikely to succeed because some security experts have said, because proving consumer losses linked to the specific restaurant data breach is difficult to do.

Some believe it was a breach of the restaurants POS system, most likely infiltrated by malware, similar to the Target and Salley Beauty breaches, the restaurant chain has yet to divulge any details, including the number of cards exposed.

UPDATE (8/4/2014): "P.F Chang's China Bistro Ltd. stated Monday that the data breach that affected customer credit and debit cards affected 33 locations throughout the continental U.S.", the investigatin is still ongoing.

 
Information Source:
Krebs On Security
records from this breach used in our total: 0

June 10, 2014 AT&T Mobility, LLC
Des Peres, Missouri
BSR INSD

Unknown

AT&T has informed California regulators of a data breach that occurred with a third party service provider.

"Employees of one of our service providers violated our strict privacy and security guidelines by accessing your account without authorization," the company said in a letter to affected customers. "AT&T believes the employees accessed your account as part of an effort to request codes from AT&T than are used to unlock AT&T mobile phones in the secondary mobile phone market."

Personal information such as Social Security numbers and phone records were accessed. The incident took place between April 9th through April 21st, but the California regulators were just informed this week.

AT&T would not disclose how many customers were affected, but the law requires disclosure if more than 500 people have been affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 12, 2014 Redwood Regional Medical Group
Santa Rosa, California
MED PHYS

33,702

A thumb drive containing 33,702 patient records was stolen from the Redwood Regional Medical Group in Santa Rosa California. An employee placed the thumb drive in a "zipped container in an unlocked locker", where the drive was stolen.

The information contained on the device included patients' first and last names, gender, medical record numbers, date of birth, date and time of service, area of body X-rayed, the X-ray technologist's name and the radiation level required to produce the X-ray. No other images such as MRI's or mammograms were stored on the device.

 The medical center was taken over by St. Joseph Health on April 1st. The records were backed up to the drive as a precaution while they were being moved to Santa Rosa Memorial Hospital's electronic medical records system.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

April 28, 2014 Seton Northwest Hospital
Austin, Texas
MED INSD

180

A computer-like device was stolen from Seton Northwest Hospital that is used in the sleep lab. The device according to the hospital, is a Hewlett Packard desktop device that is used to capture and manipulate data from sleep studies. "It does not function like a normal computer. The operator would need a password and access to Seton systems to get a hold of patient data". Reportedly the data consists of names, dates of birth and Seton account numbers.

The device was stored inside a locked storage area at Seton Northwest Hospital, where the device was stolen.

In response Seton Healthcare sent the following statement:

"But to be safe, Seton already has offered, at no cost to patients, ID protection for a year to all the 180 or so patients whose information we believe is on this data storage device. Seton is sincerely sorry that this incident occurred and plans to work closely with the patients involved to protect them from harm."

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

June 7, 2014 Walgreens
Atlanta, Georgia
BSR INSD

Unknown

Walgreens has notified some patients of a breach when an employee stole some patients information, which included names, dates of birth, and Social Security Numbers in the form of a Medicare ID number and provided the information to a third party. Walgreens is claiming that no credit card, banking or other personal information was involved.

The company has set up a hotling for those affected, 1-866-312-8654 from 7 a.m to 7 p.m Central Standard time, Monday through Friday.

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 0

June 10, 2014 St. Francis Hospital
Columbus, Georgia
MED DISC

1,175

St. Francis Hospital notified patients of a data breach when a mass email to 1, 175 patients was sent out where all email addresses were visible vs. having each patient being blind copied on the email.

The hospital is claiming that no medical treatment or other personal information was part of the email.

Those St. Francis patients who have questions about the incident are asked to call the hospital at 1-800-723-49981-800-723-4998.

 
Information Source:
Media
records from this breach used in our total: 0

June 6, 2014 Miami-Dade County
, Florida
GOV UNKN

Unknown

The county of Miami-Dade informed employees of a data breach where their personal information is being used to file fraudulent unemployment claims, along with credit card fraud. Currently, officials at the county are not clear if this breach happened internally or by external hackers.

They have not released what specific information has been compromised.

Federal officials at the U.S Inspector General's Office are leading the investigation due to false unemployment claims. The Human Resource Department of the agency has put out a statement.

"The recent news report on a “Data Breech” has understandably raised concerns amongst our employees regarding their personal information and whether they are one of the employees impacted by identity theft. Please be advised that when we identify a possible fraudulent unemployment claim, we immediately notify the Departmental Personnel Representative (DPR) for that employee. Our procedures are as follows:

The Human Resources Department receives the Notices of Reemployment Assistance once a claim for unemployment has been filed with the Department of Employment Opportunity (DEO). If a claim is identified as fraudulent (once HR confirms the employee is an active employee) HR contacts the employee’s DPR to provide notice to the Department and notification is immediately sent to the Department of Unemployment indicating that it is a fraudulent claim.

If an employee is notified that a fraudulent claim has been filed on their behalf, the employee should be instructed to do the following:

 

  1. Contact the Unemployment Fraud Hotline to report the fraud at (800) 342-9909(800) 342-9909. They should report that their identity (SS#, Name) is being used to commit Unemployment Fraud.
  2. Make a note of the Master Case File # that has been assigned by the Miami-Dade Police Department:PD130322106429.
  3. File an Identity Theft Affidavit (IRS Form 14039), found at http://www.irs.gov/pub/irs-pdf/f14039.pdf
  4. Notify their banking institutions
  5. Make routine checks on their bank accounts
  6. Conduct thorough reviews on their bank and credit card statements
  7. Visit http://myfloridalegal.com/identitytheft to learn more about Identity Theft


We assure you that fraudulent claims are being taken very seriously and every effort is being made to identify and refer these cases to the proper authorities for appropriate action."

 
Information Source:
Media
records from this breach used in our total: 0

June 6, 2014 Penn State Milton S. Hershey Medical Center
Hershey, Pennsylvania
MED INSD

1,801

Penn State Milton S. Hershey Medical Center began alerting patients of a data breach when an employee accessed clinical data on an unauthorized computer and removable storage device. The employee did have permissions to have access to the files, but downloaded the clinical information on a removable storage device and his personal computer, both of which were not properly secured and outside of the medical centers IT department. The employee also used their personal email account to send emails with a test log of the data to two physicians at the medical center.

 
Information Source:
Media
records from this breach used in our total: 0

May 22, 2014 Bluegrass Communit Federal Credit Union
Ashland, Kentucky
BSF UNKN

Unknown

Experian has notified Bluegrass Federal Credit Union of unauthorized access of it's consumer information without proper authorization. The information includes names, addresses, Social Security numbers, dates of birth, and account numbers.

For those affected they can contact Bluegrass Community FCU at 606-324-0888606-324-0888 and ask for Jamie Darling.

 
Information Source:
New Hampshire Attorney General
records from this breach used in our total: 0

June 19, 2014 Rady's Childrens Hospital
San Diego, California
MED DISC

14,100

Rady's Children's Hospital has suffered a data breach when an employee inadvertently sent an email with a file attached to 6 potential job applicants. The applicants were meant to receive approved information for an internal evaluation, instead they received the original file with the information of 14,100 patients. The information included names, dates of birth, primary diagnoses, medical records and insurance carrier claim information. According to the hospital no Social Security numbers,  credit card information, addresses or parent/guardian information were included in this file.

The file contained information on patientes admitted to the hospital between July 1, 2012 through June 30, 2013.

 
Information Source:
Media
records from this breach used in our total: 0

June 5, 2014 Highmark
Pittsburgh, Pennsylvania
BSF DISC

3,675

Health Insurer, Highmark Inc. notified customers that are members of either Security Blue or Freedom Blue, that their information may have been mailed to other people. The information mailed was a health risk assessment that included information such as names, addresses, dates of birth and certain medical information.  The health insurer is claiming that no Social Security numbers were compromised.

 
Information Source:
Media
records from this breach used in our total: 0

May 28, 2014 Precision Planting
Tremont, Illinois
BSO HACK

Unknown

Precision Planting customers have been impacted by a security breach affecting one of the company's data servers. The company has not communicated specifically how their system was compromised, however the information breached included customer names, addresses, tax identification numbers and financial information. The server also contained some employee W-2 forms, Social Security numbers, and driver's license numbers.

 
Information Source:
Media
records from this breach used in our total: 0

June 20, 2014 UCDC, Washington Center
Washington, District Of Columbia
EDU HACK

Unknown

The University California, Washington Center received a notification of unsolicited emails being sent to alumni of the university. After an investigation, it was revealed that someone accessed the pre-enrollment system, GoSignMeUp.com, which is a cloud-based provider for the online course registration utilized by UCDC to host its online course registration process.

The information breach included usernames, passwords, addresses, principal e-mails, gender, birth dates and UCDC course information. The university has stated that they do not record or store any Social Security numbers or financial account information on any of its databases.

For those who were affected the university is recommending individuals change their password.

Those with questions are asked to contact techhelp@ucdc.edu

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 24, 2014 Riverside County Regional Medical Center
Moreno Valley, California
MED PORT

Unknown

The Riverside Regional Medical Center has notified patients of the loss of a laptop computer that contained personal patient information. The laptop went missing from a diagnostic services office in the hospital sometime between June 17, 2014 and June 18, 2014.

The information on the missing laptop included names, dates of birth, medical record numbers and results of a nerve conduction study, and the names of the referring doctor and the doctor who performed the study.

The hospital did communicate that no Social Security numbers, health insurance information or home addresses were stored on this particular laptop.

For those who were affected, they have been asked to call Christina Quijada at 1-877-500-1255 or the Riverside County Privacy Office at 951-955-5757.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 18, 2014 The Metropolitan Companies
New York, New York
BSO HACK

Unknown

The Metropolitan Companies, LLC, which is a conglomerate of companies from staffing services to interpreters suffered a data breach as a result of unauthorized access to their computer systems and may have potentially removed documents that included personal information of their customers.

Through an investigation, it has been disclosed that the information that was breached includes names, addresses, phone numbers, email addresses, Social Security numbers, dates of birth, past education, work history, and financial information. The company has not disclosed the number of individuals affected.

For those that may have been affected the company is providing one year of identity theft protection through Kroll. They can be contacted at 1-855-781-0033 to speak with a licensed investigator or visit their website at Visit www.kroll.idMonitoringService.com.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 26, 2014 Sterne, Agee & Leach
Birmingham, Alabama
BSF PORT

Unknown

Sterne, Agee & Leach has contacted customers regarding a data security incident that occured between May 29th and 30th, 2014.

An employee of the brokerage firm was unable to locate their firm-issued laptop, which was password protected, but the data stored locally on the laptop was not encrypted. The data stored on the laptop included "account information utilized for mailing to certain Private Client Group customers whose accounts were opened between July1, 1992 and June 30, 2013".

The information may have included names, addresses, account numbers and Social Security numbers. The information did not include dates of birth, account holdings, account passwords or access codes.

The firm is offering a free one year membership to Experian's ProtectMyID. Those affected must enroll by September 30, 2014, and can visit the website to enroll at www.protecmyide.com/redeem and utilize the activation code in the letter sent by the firm.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 26, 2014 Record Assist LLC
Houston, Texas
BSO HACK

Unknown

Record Assist, LLC informed cstomers of an unauthorized access to their order processing system for ExpressVitals.com. The unauthorized access could have led to obtaining information such as the individuals name, address, credit card number, security code and Social Security number.

Those who are affected can contact the company at P.O Box 19686, Houston Texas 77224-9868 or call 1-844-245-5654.

 
Information Source:
records from this breach used in our total: 0

June 27, 2014 Benjamin F. Edwards & Company
St. Louis, Missouri
BSF HACK

Unknown

On May 27, 2014 Benjamin Franklin Edwards & Company (BFE) discovered an unauthorized access to their database which may have resulted in personal information of it's customers being compromised. The company did not provide the exact information that was stored on their system, nor have they communicated how many individuals were involved.

For those that have an account and may have been affected the company is offering one year free of AllClearPro. They are asking individuals to contact their financial consultant for more information or go to www.enroll.allclearid.com to enroll.

 
Information Source:
records from this breach used in our total: 0

June 26, 2014 Orange Public School District
Orange, New Jersey
EDU HACK

Unknown

A 16 year old New Jersey teen has been charged with unlawfully accessing the Orange Public School District's database and changing final grades and attendance records.

The Orange High School sophomore is facing multiple counts of second-degree computer theft for unlawfully accessing and altering data an one cound of hindering apprehension.

Reportedly, the student accessed the computer system after obtaining the password of a staff member. Authorities do not know how the teen was able to gain the password information. An investigation is still underway.

 

 
Information Source:
Media
records from this breach used in our total: 0

July 2, 2014 Uxbridge School District
Uxbridge, Massachusetts
EDU PORT

Unknown

Students at Uxbridge School District may have had their personal information stolen due to a data breach with a third party billing service, Multi-State Billing Services, located in Somersworth, New Hampshire, when an employee's laptop was stolen from their locked vehicle in May.

The laptop was password protected but not encrypted, contained information on nearly 3,000 students from 19 school districts in Central and Eastern Massachusetts.

The information on the laptop included names, addresses, Medicaid ID numbers and Social Security numbers.

Multi-State Billing will reimburse costs related to security freezes for the next three years. Information about reimbursement can be obtained by emailing customersupport@msb-services.com or phoning (855) 285-7433(855) 285-7433  . Because the children aren't actual victims of identity theft, the credit agencies may charge up to $5 each time to place, temporarily lift or permanently remove a security freeze.

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 1, 2014 Vermont Health Exchange
Williston, Vermont
MED HACK

Unknown

A Romanian hacker accessed the Vermont Health Exchange's development server last December gaining access at least 15 times and going undetected for a month.

"CGI Group, the tech firm hired to build Vermont Health Connect, described the risk as “high” in a report about the attack. It also found possible evidence of sophisticated “counter-forensics activity performed by the attacker to cover his/her tracks.”"

"The report says that no private consumer information was stored on the hacked server, and that CGI Group had “verified that no additional servers [that may store private data] communicated with any of the identified attacker IP addresses.”"

This individual was able to gain access to the server because the defaut password on that server was never changed (in violation of guidelines laid out in the state’s official policy) along with the fact that the access to the server was never restricted to those users who were known and authorized to be on the server.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 2, 2014 Goldman Sachs
New York, New York
BSF DISC

Unknown

 

Goldman Sachs Group Inc warned customers of a data breach that occured when an outside contractor emailed confidential client data to a stranger's Gmail account by mistake. The bank has asked a U.S. judge to order Google Inc to delete the email to avert a "needless and massive" breach of privacy.

 

"The breach occurred on June 23 and included "highly confidential brokerage account information," Goldman said in a complaint filed last Friday in a New York state court in Manhattan".

Goldman Sachs did not say how many people were affected and are asking Google to assist in tracking down who has access to the data.

The contractor meant to email a report to a gs.com account but inadvertently sent it to a similar email address with a gmail.com account. Goldman Sachs has not been able to retrieve the report and has not received a response back by the individual who owns the gmail account.

 
Information Source:
Media
records from this breach used in our total: 0

July 3, 2014 Watermark Retirement Communities
Tuscon, Arizona
BSO PORT

Unknown

Watermark Retirement Communities Inc. informed current and former employees of the facility of a data breach when a laptop was stolen on June 13, 2014. The information on these laptops included names, addresses, telephone numbers, email addresses, dates of birth and Social Security numbers. The laptop was password protected.

For those affected they can call 1-800-597-66181-800-597-6618.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 7, 2014 Legal Sea Foods
Boston, Massachusetts
BSO HACK

Unknown

Legal Sea Foods informed customers of a data breach that occured on June 5, 2014 that a segment of their mail order web sales and e-commerce environment, that an unauthorized person gained access to a server that contained information from mail order web customer transactions.

After an investigation, transactions made between Jaunary 1, 2014 and May 21, 2014 were potentially affected, which included transactions used with credit cards. Names, credit card numbers, card expiratin dates, and card verification values may have been breached.

The company has informed their payment processing company of the breach and the processor has been working with the credit card companies to provide them the card numbers of those affected.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

July 8, 2014 Heartland Automotive/Jiffy Lube
Irving, Texas
BSO PORT

Uknown

Heartland Automotive (Jiffy Lube) has notified customers of a data breach that has occured when one of their company owned laptop was stolen with personal information on it.

The information included names, addresses, dates of birth, Social Security numbers.

The company is offering 12 months free of AllClearID. For those affected call 1-877-437-4004.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 9, 2014 Office of Personnel Management
Washington, District Of Columbia
GOV HACK

Unknown

In March 2014, it has been reported that Chinese hackers broke into the computer networks of the United States government, specifically The Office of Personnel Management, which houses personal information of all federal employees. The hackers appeared to be targeting the files on "tens of thousands of employees who have applied for top-secret security clearance."

"The hackers gained access to some of the databases of the Office of Personnel Management before the federal authorities detected the threat and blocked them from the network, according to the officials. It is not yet clear how far the hackers penetrated the agency’s systems, in which applicants for security clearances list their foreign contacts, previous jobs and personal information like past drug use."

This particular hacking is unusual as the US computer systems are constantly being hacked by international hackers, but up until this point, have been stopped before any information was compromised.

Currently, officials are investigating to pinpoint exactly where these attacks came from.

 
Information Source:
Media
records from this breach used in our total: 0

July 8, 2014 The Houstonian Hotel, Club and Spa
Houston, Texas
BSO HACK

Unknown

Secret Service notified The Houstonian Hotel, Club and Spa regarding a breach to their system that houses customer credit card information.

Once the notification happened, the company launched a forensics investigation and discovered that their POS system had been accessed by an unauthorized third party from December 2013 through June 2014, and that the credit card information stored on these systems were compromised.

The company has since stopped the intrusions, but has not communicated how many individuals were affected by the breach. The company is offering 12 months free of credit monitoring services for those affected.

 
Information Source:
Media
records from this breach used in our total: 0

July 11, 2014 Boeing
Seattle, Washington
BSO HACK

Unknown

"Federal prosecutors have charged the owner of a Chinese aviation firm with trying to steal data about U.S. military aircraft by hacking into the computer networks of Boeing and other U.S. companies, according to a federal complaint unsealed in Los Angeles this week.

According to authorities, the individuals allegedly stole information on  Boeing’s C-17 transport plane. Evidence shows that the Chinese hackers obtained large amounts of data on dozens of  military projects.

 
Information Source:
Media
records from this breach used in our total: 0

July 11, 2014 Lockheed Martin
Fortworth, Texas
BSO HACK

Unknown

"Federal prosecutors have charged the owner of a Chinese aviation firm with trying to steal data about U.S. military aircraft by hacking into the computer networks of Lockheed Martin and other U.S. companies, according to a federal complaint unsealed in Los Angeles this week".

Allegedly, the Chinese hackers stole information about Lockheed’s F-22 and F-35 fighter jets.  Large amount of data were stolen on a dozen U.S military projects.

 
Information Source:
Media
records from this breach used in our total: 0

June 23, 2014 Silk Road/U.S Marshall Service
Washington, District Of Columbia
BSF HACK

40

"U.S. Marshals Service accidentally CC’d 40 potential Silk Road Bitcoin bidders instead of BCC’ing them. Thanks to a phishing scheme that took advantage of this slipup, though, an Australian bidder lost 100 Bitcoin—worth an estimated $62,000—according to.

A total of 40 individuals received a phishing email on June 21st from someone who claimed to be from "BitFirm Productions". The email asked they these individuals participate in a survey for a client of the fake media firm and to click on a link that was supposed to be a GoogleDoc, instead the link contained malware.

Unfortunately one individual did click on the link that infected his computer and the hackers were able to transfer 100 Bitcoin out of his account.

 

 
Information Source:
Media
records from this breach used in our total: 0

July 8, 2014 Aecom
Los Angles, California
BSO HACK

Unknown

Aecom has notified current and prior employees of a data breach that exposed employee personnel files. Hackers were able to penetrate their corporate network, which included the employee payroll system for the US specifically.

The information exposed inlcuded names, addresses, Social Security numbers, personal bank account numbers and routing numbers.

The company has set up 12 months of All ClearID at no cost. For those affected they can call which can be reached at 1-877-615-3770.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

Breach Total
930,642,074 RECORDS BREACHED
(Please see explanation about this total.)
from 4,403 DATA BREACHES made public since 2005
Showing 4301-4350 of 4403 results


X

Sign In!

Loading