Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,421 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
July 8, 2014 Aecom
Los Angles, California
BSO HACK

Unknown

Aecom has notified current and prior employees of a data breach that exposed employee personnel files. Hackers were able to penetrate their corporate network, which included the employee payroll system for the US specifically.

The information exposed inlcuded names, addresses, Social Security numbers, personal bank account numbers and routing numbers.

The company has set up 12 months of All ClearID at no cost. For those affected they can call which can be reached at 1-877-615-3770.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 15, 2014 Atlantic Automotive Corporation/dba One Mile Automotive
Towson, Maryland
BSO HACK

Unknown

One Mile Automotive is notifying customers of a data breach of one of their third party vendors, Trade Motion who operates automobile websites and has notified One Mile Automotive that this breach could have included personal information of some of its customers.

The information included names, addresses, email addreasses, telephone numbers, credit card information.

Those who are affected should call 1-855-505-2774.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 15, 2014 City of Encinitas/San Dieguito Water District
Encinitas, California
GOV DISC

Unknown

"City of Encinitas and San Dieguito Water District recently were made aware that a Cal-PERS payment document containing Social Security numbers with corresponding employee and former employee names had inadvertently been made accessible to the public on the City’s website on or about May 13, 2014 to July 3, 2014. Based on our research, we found the exposure has been limited to (16) people that accessed the document during that period."

The document contained information of employees and former employees who were enrolled in Cal-PERS during the following timeframes:

City of Encinitas–July 1993-October 2011

City of Encinitas Fire Safety/Fire Protection District–July 1986–October 2011

San Dieguito Water District-July 1989–October 2011

The city of Encinitas is offering 1 year free membership of Protect MyID Alert from Consumer Info.com by Experian.

For those affected with questions contact Courtney Barrett at 760-633-2631 or Jace Schwarm at 760-633-2636.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 15, 2014 Bank of The West
San Francisco, California
BSF HACK

Unknown

Bank of The West notified customers of an email scam that involved two employees' remote bank email login credentials being compromised. As a result of this unauthorized access, customer information could be at risk.

The information includes names, account numbers, loan numbers, Social Security numbers.

The bank is offering one year free of First Watch ID for those affected. For those with questions regarding the service they can call 1-866-310-7373 or 1-800-488-2265.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 16, 2014 Bay Area Pain Medical Associates
Sausalito, California
MED STAT

2,780

Bay Area Pain Medical Associates have notified patients of a data breach when several of their desktop computers were stolen.

There were approximately 2,780 patients first and last names, number of years the patients had been seen at their practice. The are reporting that the computer data was encrypted and inaccessible, there was an Excel spreadsheet that containing this information that could have possibly been accessed. No Social Security numbers, dates of birth, financial information, contact information or medical information was exposed.

The facility is offering 12 months free of AllClearID. Those affected can call 1-877-579-2269.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 18, 2014 Penn Medicine Rittenhouse
Philadelphia, Pennsylvania
MED PHYS

661

Penn Medicine had to announce a data breach involving receipts that were stolen last month from a locked office in Pennsylvania Hospital.

The information on the receipts included combinations of patient names, dates of birth and the last four digits of credit card numbers.

 
Information Source:
Media
records from this breach used in our total: 0

July 11, 2014 University of Illinois, Chicago
Chicago, Illinois
EDU HACK

Unknown

The University Illinois Chicago (UIC) notified former students of a data breach to their system that included the exposure of personal data.

"A website security breach made two College of Business Administration documents from the 2002 spring semester accessible — a roster from a Special Topics in Accounting course and an advising list for all junior and senior accounting majors, according to a statement from the university".

Personal information was exposed, including Social Security numbers. The university has not stated how many students were affected, and the breach is currently under investigation.

 
Information Source:
Media
records from this breach used in our total: 0

July 16, 2014 Douglas County School District
Castle Rock, Colorado
EDU PORT

Unknown

Douglas County School District notified employees of a data breach of their personal information when a laptop containing their personal information was stolen.

In a letter sent to district employees, the district stated that the stolen computer contained some workers' Social Security numbers and bank account information.

The district is currently investigating the breach.

 
Information Source:
Media
records from this breach used in our total: 0

July 22, 2014 Vice.com
Brooklyn, New York
BSO HACK

Unknown

Reportedly a "Russian hacker group known as W0rm tweeted, along with screenshots, that it had hacked popular news, arts and culture site Vice.com and The Wall Street Journal website, and would sell each stolen database for Bitcoin."

The company has communicated that a hacker was able to access a list of Vice.com CMS users. This list included email addresses and hashed passwords. The company communicated that they since have patched the vulnerablity.

 
Information Source:
Media
records from this breach used in our total: 0

July 23, 2014 Wall Street Journal
New York, New York
BSO HACK

Uknown

The Wall Street Journal was compromised by a Russian hacker who posted images of a list of user accounts claiming they were from the Wall Street Journal. The Wall Street Journal claimed they had an intrusion but that no data was affected.

The information has yet to be confirmed that it was from the Wall Street Journal, however the same type of intrusion was recently confirmed when this same hacker claimed an intrusion to CNET.

 
Information Source:
Media
records from this breach used in our total: 0

July 14, 2014 CNET
New York, New York
BSO HACK

Unknown

Russian hackers infiltrated servers of CNET by the name of W0rm and the Twitter handle @rev-priv8, who "posted an image of remote access to a CNET.com server, with a screenshot of a shell proving a compromise of the site".

CNET would not comment on the nature of the attack or what information was compromised, they have just communicated that they have fixed the problem.

"The image posted on Twitter would indicate the hacker could access and upload files to the website. It's pretty difficult to say how they did it, though. One source suggested it was likely a content management system breach - something like a WordPress or Joomla exploit".

 
Information Source:
Media
records from this breach used in our total: 0

July 17, 2014 Bank of America
Baltimore, Maryland
BSF DISC

Unknown

Aon Hewitt, a human resources benefits service provider for Bank of America, was made aware that a vendor's former employee (Hexaware) sent a copy of certain files and inadvertently uploaded them to an FTP site.

The file contained names and Social Security numbers.

 

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 0

July 28, 2014 Backcountry Gear
Eugene, Oregon
BSR HACK

Unknown

Backcountry Gear notified customers of a data breach with a server that handles credit card information. The company discovered malware that was put onto their server that was able to gain customer names, addresses, purchase information, and credit card/debit card information.

The company has stated they do not collect pin numbers or bank account numbers in a transaction so those would not have been compromised in the breach.

For those who were affected and have questions can call 1-800-953-5499 ext. 5 or email at data@backcountrygear.com.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 29, 2014 Northern Trust Company
Chicago, Illinois
BSO DISC

Unknown

The Northern Trust Company communicated a data breach to customers that involved their personal information. Northern Trust Company "provides or previously provided payment services for an employee benefits plan or program in which you participate or participated through. In that capacity, Northern Trust is responsible for maintaining certain personal information about you as a participant of that plan. Regrettably, we are writing to inform you about an inadvertent disclosure by Northern Trust of some of that information".

"As part of normal procedures, Northern Trust sends participant information to record-keeping companies that assist in administering those benefit plans and programs. In late May, a Northern Trust employee transmitted a file containing your information to one of our record-keeping companies that was not responsible for the plan in which you participate (d). The information included your name, address, Social Security number, and benefits plan or program account number, as well as other information about your benefits plan or program account, such as your payment /deduction amounts and, in some situations, bank routing and account numbers used for direct deposits".

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 30, 2014 CVS/Caremark
Atlanta, Georgia
BSR DISC

350

As reported by a local news station in Atlanta Georgia reported a breach by CVS/Caremark when a mailing went out to CVS Caremark customers offering a switch to a 90-day prescription supply.

Unfortunately the mailings went out to the wrong addresses. "CVS Caremark is in the process of notifying the affected members that due to a programming error, letters intended for fewer than 350 plan members were sent to incorrect addresses".
 
The company said they sent the mailings July 15 and fixed the error after getting complaints. The information exposed were individual names, addresses and what prescriptions the individuals were on.

 
Information Source:
Media
records from this breach used in our total: 0

July 30, 2014 Rite Aid Pharmacy
Milton, Washington
BSR PHYS
521

Rite Aid Pharmacy in Milton Washington notified customer of a data breach, when someone stole a" stack of expired prescription records from a Rite Aid pharmacy in Milton, the company announced Wednesday".

"The records did not contain Social Security numbers or credit card numbers, and there has been no sign of resulting identity theft", spokeswoman Ashley Flower said.

The theft occurred on June 30 when a burglar entered a back room where the records were stored.

"Flower said 521 customers were notified of the theft via mail. She did not know how many records were stolen. The affected customers were offered a free identity theft consultation".

Those who were affected can contact Kroll Inc. at 855-269-6547 or Rite Aid at 800-RITE-AID.


Read more here: http://www.thenewstribune.com/2014/07/30/3309632/expired-prescription-records-stolen.html#storylink=cpy

 
Information Source:
Media
records from this breach used in our total: 0

June 30, 2014 San Antonio Metropolitan Health District
San Antonio, Texas
MED PORT

300

San Antonio Metropolitan Health District announced a data breach involving vaccination records of 300 children when a laptop containing these records was stolen.

The records included first and the last name of the patient, the patient's date of birth, an identifier for the patient's doctor, and the name of the immunizations. The laptop has since been recovered.

 
Information Source:
Media
records from this breach used in our total: 0

June 26, 2014 Salina Family Healthcare Center
Salina, Kansas
MED DISC

500

"Salina Family Healthcare Center (SFHC) notified more than 500 patients of an unintentional transmission of unsecured personal patient protected health information after discovering the following event:

"On April 8, 2014, a staff member submitted a database to the National Commission for Quality Assurance (NCQA) for our involvement in a care coordination research study. The staff member responsible for our participation in the project inadvertently left a table in that database that included patients’ names, dates of birth, chart numbers and CPT codes associated with their care. Upon opening the email, the NCQA staff member who received the database immediately recognized the breach, deleted the database, and notified our staff member"".

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

March 1, 2014 Managed Med, A Psychological Organization
Los Angeles, California
MED UNKN

Unknown

Managed Med, A Pschological Corporation has notified the California Attorney Generals office of a data breach with their system. Currently they have not communicated what information was involved in the breach, the dates or how many people were affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 30, 2014 Lasko Group, Inc.
West Chester, Pennsylvania
BSR HACK

Unknown

Lasko Group Inc. announced a data breach of customers who purchased on-line parts from them and Air King America Inc. Both companies were the victims of "phishing" emails from an unknown third party. These fraudulent emails led to unauthorized access to their computer network. 

Information breached included names, email addresses, phone numbers, credit card numbers, and credit card expiration dates.

The company is offering AllClearID protect your identity for one year at no cost to those affected. For those who are affected they can sign-up by calling 1-866-979-2595 or at enroll.allclearid.com. The company has also established a confidential assistance line for questions or concerns at 1-877-218-0052 from 9:00 a.m. to 7:00 p.m. EST.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 20, 2014 Mount Olympus Mortgage Company
Irvine, California
BSF INSD

Unknown

Mount Olympus Mortgage Company has notified customers of a data breach when a previous employees downloaded mortgage applications from their system to their private Internet accounts and then sent it to a competitor. The information included names, addresses, Social Security numbers, and other information in connection mortgages.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 31, 2014 Recreational Equipment Inc. (REI)
Kent, Washington
BSR HACK

Unknown

On July 23, REI discovered that a third-party may have accessed REI customer accounts without authorization obtaining email addresses and passwords.

For those affected who have further questions about this incident, please contact them at privacy@rei.com or 1-800-426-48401-800-426-4840 Monday through Sunday 4 a.m. to 11 p.m. Pacific Time.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 8, 2014 Park Hill School District
Kansas City, Missouri
EDU INSD

Unknown

The Park Hill School District has informed current and former Park Hill students and employees of a data breach to their system. A former employee downloaded files onto a hard drive without authorization. When the employee connected it to a home network, the files went onto the Internet.

The information leaked included personnel files and Social Security numbers.

 
Information Source:
Media
records from this breach used in our total: 0

July 17, 2014 Freshology
Burbank, California
BSR HACK

Unknown

Only July 1, 2014 Freshology was performing a routine review of its Internet website and discovered unauthorized code. This code may have compromised billing names, addresses and credit/debit card information of customers.

 

 
Information Source:
New Hampshire Attorney General
records from this breach used in our total: 0

August 5, 2014 Vibram
Concord, Massachusetts
BSR HACK

Uknown

Vibrum USA Inc had notified customers of a data breach in their online ordering system. The compay contracts with a third party web hosting provider vibramfivefinger.com whose systems were compromised when an unauthorized party accessed their system that manages online transactions and inserted malicious code.

The information that may have been compromised included credit card numbers.

The company has set up credit monitoring services through Experian. Those affected can call 1-877-371-7902

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 7, 2014 University California Santa Barbara
Santa Barbara, California
EDU HACK

Unknown

The University California Santa Barbara has notified unauthorized access to some archival payroll data that included names, social security numbers and direct deposit banking information.

The University has contracted with ID Experts to provide free credit monitoring service, and insurance for identity theft restoration.

If you need assistance enrolling or have additional questions, the University is requesting individuals call the UCSB / ID Experts team at 1-877-919-9184, between the hours of 6:00 am and 6:00 pm Pacific Time.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 5, 2014 Russian hacking discovered by Hold Security
Unknown, Wisconsin
BSO HACK

1 billion

"A gang of Russian hackers has amassed over 1 billion username and password combinations and more than 500 million email addresses, a security firm reported late Tuesday, calling it the largest-ever haul of stolen Internet credentials.

The massive trove — stolen from hundreds of thousands of websites — was discovered by the Milwaukee firm Hold Security, according to a post on its website".

According to reports by Hold Security,  it took over seven months to identify the gang, "whom the firm dubbed CyberVor, or cyber-thief in Russian".

 

It appears that no payment card information or Social Security numbers were threatened.

PRC will provide updates as the story unfolds.

 

 

*note: state location provided is that of Hold Security LLC.

 
Information Source:
Media
records from this breach used in our total: 0

August 7, 2014 Anderson & Murison
Los Angeles, California
BSF DISC

Unknown

Anderson & Murison, a wholesale insurance broker, notified individuals of a data breach when individual retail insurance agents applied for personal umbrella insurance policies for their customers via Anderson & Murison's online umbrella rating system.

When the retail agents requested an estimate through this online system, specific information regarding their customers was necessary to obtain the quote/estimate. Information such as first and last names, addresses, policy dates, policy numbers, premium costs, policy amounts, types of policies, dates of birth, all real estate owned and addresses, types of automobiles, other motorized equipment such as watercraft, occupations of both individuals and spouses, employer names and addresses, general information such as traffic violations, etc.

The company is offering identity theft protection through Kroll for one year at no cost.  Those affected can call 1-844-263-8605.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 7, 2014 San Mateo Medical Center
San Mateo, California
MED INSD

Unknown

San Mateo Medical Center (SMMC) notified individuals of a potential data breach when the facility discovered that an employee who was hired in the payroll unit of the facility failed to disclose a prior conviction for identity theft.

The employee was terminated immediately, but the individual had access to SMMC employee information including names, contact information, Social Security numbers and dates of birth.

The facility reported that they found "no evidence indicating that the employee misused confidential information from SMMC employee records".

SMMC has engaged Kroll to provide identity theft protection for one year at no cost. For those affected they can contact the county at 1-844-530-4127 from 6:00 a.m. to 3:00 p.m. PDT.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 12, 2014 Freedom Management Group, LLC dba The Natural
Hauppauge, New York
BSR HACK

Unknown

The Natural, an online store, notified customers of a data breach to their system when an unauthorized party accessed customer payment card data. The unauthorized access occurred from 4/22/2014 to 7/17/2014.

The information accessed included customer credit and debit card numbers, expiratin dates, names, addresses, and phone numbers, account numbers, and passwords.

The company has recommended that those affected change their online passwords to their online account. The company is offering AllClear ID at no cost for 12 months. For those affected they may contact the AllClear ID team at 1-877-615-3771.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 15, 2014 Albertsons/AB Acquisitions LLC
Boise, Idaho
BSO HACK

Unknown

The Albertsons grocery chain in Southern California announced a data breach when hackers attempted to obtain customer credit and debit card information from its approximately 180 Southern California stores, as well as stores in several other states.

AB Acquisition LLC which operates Albertson stores, ACME Markets, Jewel-Osco, Shaw’s and Star Markets all under New Albertson’s, Inc. confirmed that the data breach started as early as June 22, 2014 and ended July 17, 2014.

"Albertson stores in Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and southern Utah were also affected. In addition, ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; Jewel-Osco stores in Iowa, Illinois and Indiana; and Shaw’s and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island were all impacted by this incident".

The company is offering customers who may have been affected by the breach a year of complimentary identity-protection services. For more information, customers can call (877) 932-7948 or visit Albertsons' website.

More Information: http://www.latimes.com/business/la-fi-breach-alberstons-20140815-story.html
 
Information Source:
Media
records from this breach used in our total: 0

August 18, 2014 MeetMe, Inc.
New Hope, Pennsylvania
BSO HACK

Unknown

MeetMe, Inc. has announced a data breach of their system when hackers gained access to their customer information. The information included names, emails addresses, and passwords.

The company reported that they have contacted their customers to change their usernames and passwords.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 20, 2014 The UPS Store
Atlanta, Georgia
BSR HACK

Unknown

The UPS Store, Inc has notified customers of a data breach when they discovered malware in their systems targeting UPS retailers. UPS retained a security firm to review their systems and found malware at 51 locations in 24 states. UPS has a total of 4,470 franchised center locations within the US.

The company announced that both credit and debit card purchases were impacted at the franchised locations from January 20, 2014 through August 11, 2014. The company has since removed the malware from their system.

The company put out the following information: 

For those affected with questions,  please call us at 1-855-731-6016."

 

For more information http://oag.ca.gov/system/files/California%20Distribution_0.pdf?

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 15, 2014 Supervalue
Eden Prairie, Minnesota
BSO HACK

Unknown

Supervalu, which operates 3,763 outlets, both corporate and franchised stores, has reported a data breach in their point-of-sale system which affected some of its retail food stores, along with several of its stand-alone liquor stores. The information compromised includes account numbers and other information on customer payment cards used at the point-of-sale systems. The data breach occurred from June 22, 2014 through July 17, 2014 according to company spokesperson. The retail grocery chain has notified authorities and the breach is currently under investigation.

 

More Information: http://www.cnbc.com/id/101922584# 

 
Information Source:
Media
records from this breach used in our total: 0

August 22, 2014 ManagedMed Inc (A Psychological Corporation)
Los Angeles, California
MED DISC

Unknown

ManagedMed Inc.(A Psychological Corporation) notified patients and the Attorney General's office of a data breach of their patient scheduling system.

According to the facility patient scheduling information was viewed via an unsecured webpage by at least two non-ManagedMed individuals. This information was visible from March, 2013 through May 15, 2014. The breach allowed unauthorized persons to access the facilities calendaring system and view the information.

This information included patient scheduling information, patient names, telephone numbers, names of providers, notes on the patient which could have included information on the type of visit scheduled or medication/test scheduled for the patient, and dates of appointments.  According to the facility no SSN's, credit card or medical records information were exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 12, 2014 Orthopaedic Specialty Institute Medical Group
Orange, California
MED PHYS

49,000

Orthopaedic Specialty Institute Medical Group has reported a data breach when it was discovered that 742 boxes of patient X-rays were stolen from an Iron Mountain Record Management storage facility. After an investigation by the authorities, it was discovered that two Iron Mountain Record Management employees stole the files and melted them down for the silver.

The information in the records, which are 10 to 15 years old,  and could have included patient names, birth dates and medical record numbers.

For those who might have been affected they can call the medical group at 1-714-937-48251-714-937-4825 .

 

More Information: http://www.ocregister.com/articles/medical-631456-rays-group.html

 
Information Source:
Media
records from this breach used in our total: 0

August 26, 2014 Milpitas Knights PAL Youth Football
Milpitas, California
BSO PHYS

80

Parents of 80 youth football players were notified of a data breach, when a bag of registration materials required by the league were stolen from the back seat of a volunteers car.

The information included original birth certificates and physical forms. The league did not comment on what information was entered on the physical form.

 

More Information: http://www.mercurynews.com/sports/ci_26375263/milpitas-youth-football-pl...

 
Information Source:
Media
records from this breach used in our total: 0

August 26, 2014 The Hand Care Center/Shoulder and Elbow Institute
Orange., California
MED PHYS

10,000

The Hand Care Center/Shoulder and Elbow Institute in Orange California notified patients of data breach when they were notified by Iron Mountain Record Management, a facility where the medical practice stores old files, that 25 boxes of X-rays were stolen by two employees of the storage company.  The employees sold the X-rays to a recycler who melted them down to recover the silver. 

The information in the X-ray files included patient names, dates of birth, gender, treating physician, medical record numbers and the image on the X-ray itself.

For those possibly affected, they can call the center at 1-877-615-3762. The center is reporting that any X-rays taken after 2002 were most likely not affected.

 

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 26, 2014 Long Beach Internal Medical Group
Long Beach, California
MED PHYS

Unknown

The Long Beach Internal Medical Group, Inc. in Long Beach California notified patients of data breach when they were notified by Iron Mountain Record Management, a facility where the medical practice stores old files, that boxes of records were stolen by two employees of the storage company.  Reportedly the employees sold X-rays files to a recycler who melted them down to recover the silver. 

The information in the files stored by the medical practice included names, sex, addresses, dates of birth, telephone numbers, account numbers, office charges, insurance information, diagnosis information, Social Security numbers.

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2014 J.P Morgan Chase
New York, New York
BSF HACK

76,000,000

The FBI is investigating a sophisticated hacking attack on JP Morgan Chase and potentially seven other financial institutions. Originally it was reported that possibly one to four other institutions may have been affected, but it appears that the breach could be much larger than originally thought.

The hackers, who are reportedly Russian, gained enough personal information to completely wipe out bank accounts. The sophisticated and coordinated attacks go beyond the typical criminal hacker (s) according to authorities. Investigators are looking into the reasons behind the coordinated attack.

It appears that not only did the hackers gain access to the accounts, but also altered and possibly deleted information.

The attack appears to have been coordinated and directed at specific JP Morgan Chase employees to gain access to their computers and databases at the bank.

Experts are communicating that the hackers would have had to of spent a significant amount of time researching and studying the record system of the bank prior to attempting any kind of unauthorized access. "What was even more concerning is these hackers were able to modify records using high-level credentials and do it in a way that was undetected."

More Information: http://www.foxnews.com/politics/2014/08/28/fbi-reportedly-probing-hack-j...

http://www.cnet.com/news/jpmorgan-hackers-altered-deleted-bank-records-s...

UPDATE (9/16/2014): After further investigation by authorities and Chase Bank, the breach they suffered isn't as severe as originally anticipated. The bank has confirmed that the hackers were able to gain access only to names, addresses and phone numbers, no financial or bank account information was accessed.

More Information: http://www.tomsguide.com/us/chase-bank-breach-update,news-19545.html

UPDATE (10/3/2014): The cyber attack JPMorgan Chase & Co. faced this summer compromised personal information in much greater numbers than first reported. Originally the numbers reported were over 1 million affected customers. After an investigation, JP Morgan Chase reports that hackers gained access to data on more than 76 million account holders--names, addresses, phone numbers and emails. Information on an additional 7 million small businesses was obtained as well. "

"JPMorgan Chase said that names, addresses, phone numbers and email addresses were stolen from the company's servers, but only customers who use the websites Chase.com and JPMorganOnline and the apps ChaseMobile and JPMorgan Mobile were affected".

 

 
Information Source:
Media
records from this breach used in our total: 0

August 27, 2014 Dairy Queen
Edina, Minnesota
BSR HACK

Unknown

Dairy Queen has reported a data breach of their POS (Point of Sale) system when malware authorities are calling "Backoff" was found on the system. This same malware authorities are attributing to the Target and Supervalu Inc. data breaches.  Currently the restaurant chain is unclear as to how many stores were affected. 

Dairy Queen operates 6,300 restaurants across the US, many of which are franchisees that are not required to report fraud to Dairy Queens headquarters.

Currently Dairy Queen is working with authorities to uncover the specifics.

More Information: http://bringmethenews.com/2014/08/27/dairy-queen-confirms-potential-brea...

UPDATE:(9/10/2014): Dairy Queen has announced that several of its stores will go to a "cash only" model in lieu of the current data breach the fast food restaurant chain suffered.The company stated that only a small portion of its 4,500 stores were affected, but they would not say how many or which restaurants will be going to a cash only system.

More Information: http://minnesota.cbslocal.com/2014/09/03/dairy-queen-taking-security-ste...

UPDATE: (10/10/2014): On Thursday, Dairy Queen confirmed that 400 stores and one Orange Julius location were compromised as a result of the point of sale malware first reported back in August. The investigation also confirmed that the hackers used compromised credentials of a third party vendor to infiltrate Dairy Queen's POS system.

More Information: http://www.dairyqueen.com/us-en/datasecurityincident/affected-stores/?lo...

 
Information Source:
Media
records from this breach used in our total: 0

August 26, 2014 Geekface LLC
Pawcatuck, Connecticut
NGO HACK

Unknown

Geekface LLC, which runs the online sites Hatchwise.com and eLogoContest.com notified customers of a data breach to their server that compromised personal information.

The information breached included names, addresses, birth dates, usernames, passwords, and Social Security numbers.

For those with questions or needing further assistance they can call 1-800-303-09111-800-303-0911 between 10:00 a.m and 5:00 p.m. EST Monday through Friday or visit hatchwise.com.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 26, 2014 Imhoff & Associates, PC
Los Angeles, California
BSO PORT

Unknown

Imhoff and Associates, a criminal defense lawfirm notified clients of a data breach when a backup hard drive was stolen from a locked trunk of an employee's vehicle.

The personal information contained on the backup hard drive may have included names, birth dates Social Security numbers, driver's license numbers, addresses, emails and phone numbers.

The firm is offering those affected 12 months of AllClear ID at no cost. Those individuals with questions can call 1-877-615-3769 to reach an AllClear ID representative, Monday through Saturday 8:00 a.m to 8:00 p.m Central Standard Time..

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 1, 2014 Apple
Cupertino, California
BSO HACK

Unknown

Apple's iCloud service

"A few days ago a group calling themselves hackappcom posted a proof of concept script on the popular code repository called Github that would allow for a user to attempt to breach iCloud and access a user account. This script would query iCloud services via the “Find My iPhone” API to guess username and password combinations. The problem here was that apparently Apple was not limiting the number of queries. This allowed for attackers to have numerous chances to guess password combinations without the fear of being locked out".

The number of celebrity photos or private information breached is still unknown.

 

More Information: http://www.forbes.com/sites/davelewis/2014/09/02/icloud-data-breach-hack...

 
Information Source:
Media
records from this breach used in our total: 0

June 4, 2014 Midwest Urological Group
Peoria, Illinois
MED PORT

Uknown

Midwest Urological Group notified patients of a data breach when a laptop was reported stolen when an employee may have inadvertently forgot to lock the cabinet that housed the laptop.  According to authorities the laptop contained patient information that included treatment information on the patients at the facility. No specific details were released as to the type of information involved.

 

More Information: http://www.pjstar.com/article/20140604/NEWS/140609564/10924/NEWS

 
Information Source:
Media
records from this breach used in our total: 0

August 29, 2014 Beachwood-Lakewood Plastic Surgery
Beachwood, Ohio
MED PORT

6,141

Beachwood-Lakewood Plastic Surgery and Dr. Stevem A. Golman, notified patients of a data breach when their office in the Parkway Medical complex were burglarized. The theives stole computer hardware that inlcuded patient information that included names and limited medical information.

The medical practice is offering you one year of credit monitoring at no cost. This service is provided by All Clear ID.

If you have any questions or would like to enroll in the credit monitoring service, call 1-877-615-3745.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 4, 2014 Healthcare.gov
Washington, District Of Columbia
GOV HACK

Unknown

Reportedly, Healthcare.gov has suffered a data breach to one of their test systems by hackers. Currently the Obama administration is communicating that no personal information was compromised, but authorities are investigating.

According to the administration, "“our review indicates that the server did not contain consumer personal information, data was not transmitted outside the agency and the website was not specifically targeted,” said Aaron Albright, a spokesman at the Centers for Medicare and Medicaid Services, which runs the website. “We have taken measures to further strengthen security.”"

"Mr. Albright said the hacking was made possible by several security weaknesses. The test server should not have been connected to the Internet, he said, and it came from the manufacturer with a default password that had not been changed.

In addition, he said, the server was not subject to regular security scans as it should have been".

More Information: http://www.nytimes.com/2014/09/05/us/hackers-breach-security-of-healthca...

 
Information Source:
Media
records from this breach used in our total: 0

September 9, 2014 Beef O'Brady's Restaurants
North Port, Florida
BSO HACK

Unknown

Beef O'Brady restaurants appear to have been a victim of a data breach to their point of sale system, when unauthorized credit card transactions begain appearing on financial statement of customers. These transactions were from numerous vendors in Texas, New York, and Massachusetts. The restaurant chain is located in Florida.

Reportedly, a minimum of four Florida Beef O'Brady's restaurant locations have been compromised.

The information compromised included credit and debit card information.

The company is currently working with local law enforcement to further investigate the breach.

 

More Information: http://www.wtsp.com/story/news/local/2014/09/09/potential-data-breach-at...

 
Information Source:
Media
records from this breach used in our total: 0

September 12, 2014 Health and Human Services Agency, Napa
Napa, California
GOV PORT

Unknown

The Napa Health and Human Services Department, specifically In Home Supportive Services (IHSS) notified patients of a data breach when one of their flash/thumb drives was missing from their offices on Coombs Street. This portable drive contained information specifically related to their Comprehensive Services for Older Adults Division of HHS.

The discovery was made of the missing drive when clean-up was happening to their offices after the recent Napa earthquake. The offices have not been occupied since the earthquake. The information on the drive included names, addresses, phone numbers and information regarding patients status in the IHSS program. The agency is reporting that no financial or Social Security information was on the flash/thumb drive.

They agency has reported the incident to the police and are treating the missing flash/thumb drive as a burglary.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46595

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 5, 2014 California State University, East Bay
Hayward, California
EDU HACK

Unknown

California State University, East Bay has notified individuals of a data breach that has occurred on August 11, 2014 when the University discovered unauthorized access to individuals information when an overseas IP address appears to have used a software tool designed to access information on a server without being detected. The server targeted contained personal information on various employment record transactions and some extended learning course information.

The specific information breached included names, addresses, Social Security Numbers and dates of birth.

The University has set up 12 months free of Experian's ProtectMyID for those affected. For additional questions or concerns individuals can contact (888) 738-3759 a toll free number specifically set up to deal with questions/concerns regarding this breach.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46513

 
Information Source:
California Attorney General
records from this breach used in our total: 0

Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,421 DATA BREACHES made public since 2005
Showing 4351-4400 of 4421 results


X

Sign In!

Loading