Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
931,357,921 RECORDS BREACHED
(Please see explanation about this total.)
from 4,449 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
November 25, 2014 Texas Health and Human Services
Houston, Texas
GOV DISC

2 million

The Texas Health and Human Services department discovered a data breach it appears by "chance" after terminating their relationship with Xerox Corporation.

"In August, after the transition to a new Medicaid vendor, the Texas commission filed a lawsuit against Xerox, alleging that the contractor had failed to turn over computer equipment, as well as paper records, containing Medicaid and health information for 2 million individuals, "putting the state out of compliance with federal regulations and at risk of massive federal fines," says a statement issued by Texas HHSC in August."

The Texas Health and Human Services department has notified individuals of the data breach communicating that their information may have been compromised. The information includes "Medicaid clients' names, birthdates, Medicaid numbers, and medical and billing records related to care provided through Medicaid, such as reports, diagnosis codes and photographs."

More Information: http://www.govinfosecurity.com/breach-reported-after-vendor-dispute-a-7605

 

 
Information Source:
Media
records from this breach used in our total: 0

November 24, 2014 Sony Pictures
New York, New York
BSO HACK

Unknown

Sony Pictures Entertainment has suffered a data breach when hackers posted threatening messages on company computers.

According to a report the threat "began with a skull appearing on screens, and then a strangely ominous message telling users they’d been hacked by something called #GOP. It gets more bizarre as the message claims this is just the beginning and then threatens to release documents by 11 PM this evening."

The company has completely shut down all email communications and employees are not allowed to use company computers while the entertainment giant works through where and what the threat is and if it is real. The original threat did not give specifics or communicate any kind of "ransom" for the data that had supposedly been hacked.

More Information: https://deadline.com/2014/11/sony-computers-hacked-skull-message-1201295...

 

 
Information Source:
Media
records from this breach used in our total: 0

November 17, 2014 US State Department
Washington, District Of Columbia
GOV HACK

Unknown

The US State Department shut down one of its computer networks when it was believed to have been hacked. Experts believe this is related to the breach to the White House's unclassified computer network.

On Monday Jeff Rathke, a State Department spokesperson said "the department had recently detected "activity of concern" in portions of the system handling non-classified emails, and the weekend maintenance included security improvements responding to the breach."

More Information: http://phys.org/news/2014-11-state-dept-hacked-email.html#inlRlv

on Monday, Rathke said the department had recently detected "activity of concern" in portions of the system handling non-classified emails, and the weekend maintenance included security improvements responding to the breach.

Read more at: http://phys.org/news/2014-11-state-dept-hacked-email.html#jCp
on Monday, Rathke said the department had recently detected "activity of concern" in portions of the system handling non-classified emails, and the weekend maintenance included security improvements responding to the breach.

Read more at: http://phys.org/news/2014-11-state-dept-hacked-email.html#jCp
 
Information Source:
Media
records from this breach used in our total: 0

November 14, 2014 Seattle Public Schools
Seattle, Washington
EDU DISC

8,000

The Seattle Public School District announced in a letter to parents Thursday about a data breach that involved their children's information.

"Late Tuesday night Seattle Public Schools learned that a law firm retained by the district to handle a complaint against the district inadvertently sent personally identifiable student information to an individual involved in the case. The district promptly removed the law firm from the case and is working to ensure that all improperly released records are retrieved or destroyed."

Over 800 special education students were involved in a breach. The information involved in the breach included their names, addresses, student identification numbers, test scores and disabilities.

More Information: http://www.king5.com/story/news/local/seattle/2014/11/14/seattle-public-...

 
Information Source:
Media
records from this breach used in our total: 0

November 14, 2014 Cone Health
Greensboro, North Carolina
MED DISC

2,076

Cone Health notified patients to a data breach when after letters sent from one of its facilities were addressed to the wrong patients.

The information on 2,076 patients included names, Social Security numbers, dates of birth and insurance information.

More Information: http://www.wfmynews2.com/story/news/local/2014/10/09/cone-health-admits-...

 
Information Source:
Media
records from this breach used in our total: 2,076

November 13, 2014 U.S. Weather System
Washington, District Of Columbia
GOV HACK

Satellite systems that forecast weather

Officials from the National Oceanic and Atmospheric Administration (NOAA), which includes the National Weather Service, have notified officials of a data breach to the National Weather Service's satellite network.

Reports are stating "hackers from China breached the federal weather network recently, forcing cybersecurity teams to seal off data vital to disaster planning, aviation, shipping and scores of other crucial uses, officials said."

It appears the system was affected in September, but officials did not communicate that there was a problem until late October. an NOAA spokesman Scott Smullen did confirm that there were hacks and communicated that "incident response began immediately".

More Information: http://www.washingtonpost.com/local/chinese-hack-us-weather-systems-sate...

 

 
Information Source:
Media
records from this breach used in our total: 0

November 12, 2014 Onsite Health Diagnostics
Dallas, Texas
MED HACK

60,582

Dallas-based Onsite Health Diagnostics, a third party contractor with state of Tennessee,  who completes medical testing and health screenings for various government insurance plans has suffered a data breach. The company discovered hackers had gained access to a computer system that houses personal information for members of the Tennessee's State Insurance Plan, Local Government Insurance Plan and Local Education Insurance plan.

The information affected in the breach included health benefit member names, dates of birth, addresses, emails, phone numbers and gender.

More Information: http://www.healthcareitnews.com/news/hackers-swipe-data-60k-vendor-hipaa...

 

 
Information Source:
Media
records from this breach used in our total: 0

November 10, 2014 US Postal Service
Washington, District Of Columbia
GOV HACK

800,000

The US Postal Service is releasing information today that they have been the victim of a cyber attack with Chinese hackers being suspected of hacking into their computer networks compromising the information of over 800,000 employees.

Currently the FBI is investigating the breach and it appears that information obtained included names, dates of birth, Social Security numbers, addresses, dates of employment. According to officials, all postal service employees were affected and they are not yet clear why their information was of interest to these hackers. They are not seeing any evidence of customer information being compromised. The investigators are calling the hackers "sophisticated actors".  More information will be posted as additional information comes out with the investigation.

More Information: http://www.washingtonpost.com/blogs/federal-eye/wp/2014/11/10/china-susp...

 
Information Source:
Media
records from this breach used in our total: 800,000

November 10, 2014 Anthem Blue Cross
Southern and Northern California cities, California
BSF DISC

Unknown

Anthem Blue Cross in California sent text emails with personal details about individuals health information and member specific demographic information such as age, language spoken, specific medical test received or not received as part of the text message.

The company is reviewing whether or not they have to report this information as part of the specific notification laws in California, which does include the breach of medical history, mental or physical condition, medical treatment or diagnosis by a health care professional.

A spokesperson for Blue Cross stated that they are investigating the incident.

More Information: http://bits.blogs.nytimes.com/2014/11/10/oops-health-insurer-exposes-mem...

 

 
Information Source:
Media
records from this breach used in our total: 0

November 10, 2014 Central Dermatology Center
Chapel Hill, North Carolina
MED HACK

Unknown

Central Dermatology Center notified patients of a data breach to their system when malware was found on one of their servers.

The information compromised included patient names, addresses, phone numbers, dates of birth, Social Security Numbers, sex, treatment dates, account balances, email addresses, insurer, providers, employers and race.

Currently, the center has hired an forensic IT firm to investigate the breach. They did not provide the number of individuals at risk.

More Information: http://healthitsecurity.com/2014/11/10/potential-health-data-breach-hits...

 

 
Information Source:
Media
records from this breach used in our total: 0

November 7, 2014 Jessie Trice Community Health Center
Miami, Florida
MED HACK

8,000

Jessie Trice Community Health Center announced a data breach when members of an identity theft ring accessed the personal information of 8,000 patients.

The informaton accessed included names, dates of birth and Social Security Numbers. No medical information was compromised according to the facility.

The FBI and the IRS are currently investigating the breach.

More Information: http://www.clinical-innovation.com/topics/privacy-security/identity-thef...

 
Information Source:
Media
records from this breach used in our total: 8,000

November 3, 2014 Fidelity National Financial
Jacksonville, Florida
BSF HACK

Unknown

Fidelity National Financial, Inc (FNF) informed customers of a breach to their system due to a targeted phishing attack to certain employees.

FNF is the parent company of Ticor Title Company of Oregon, Ticor Title of Nevada, Inc., Lawyers Title Company, and Lawyers Title of Oregon, LLC, which provides title insurance and real estate settlement services in Oregon, Nevada, and/or California.

From April 14, 2014 and April 16, 2014 a certain number of employees were targeted in a phishing attack that allowed the hackers to obtain username and password information for employees of the company. The company hosts their email with a third party vendor and after investigating did not find any evidence that the hackers were able to breach FNF's internal network or systems.

However, the investigation did reveal that personal information was obtained including Social Security numbers, bank account numbers, credit/debit card numbers and driver's license numbers.

The company is offering 12 months free of AllClear ID to those affected. Those affected can call 1-877-676-03741-877-676-0374 to reach an AllClear investigator.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47112

 
Information Source:
California Attorney General
records from this breach used in our total: 0

November 3, 2014 Palm Springs Federal Credit Union
Palm Springs, California
BSF PORT

Unknown

The Palm Springs Federal Credit Union was conducting an audit of their systems and realized that one of their external hard drives that contained customer data was missing.

The information contained on the drive included customer names, addresses, Social Security Numbers and account numbers.

The credit union is offering AllClearID and AllClearID Pro for 12 months at no cost to those who were affected by this breach. For those with questions they can call 1-866-979-25951-866-979-2595 or the credit union at dpitigliano@palmspringsfcu.com.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47289

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 23, 2014 Reeves International Inc/ Breyer Horses
Pequannock, New Jersey
BSR HACK

Unknown

Reeves International Inc. is informing customers of a data breach of one of their online retail sites called Breyer Horses (www.breyerhorses.com). On September 9, 2014 the company discovered an unauthorized party installed malware on the server hosting the Breyer Horse website, the malware compromised customers' personal data. The dates of the attack were from March 31, 2013 through October 6, 2014.

The information compromised includes names, addresses, website usernames and passwords, payment card account numbers, card expiration dates, and payment card security codes.

For anyone affected or those with questions call 1-877-572-06281-877-572-0628 twenty-four hours a day Monday through Sunday (excluding holidays).

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47096

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 23, 2014 American Soccer Inc./SCORE
Wilmington, California
BSR HACK

Unknown

On October 21, 2014 SCORE discovered an unauthorized access to their server that processes customer payment information.

According to the company on September 4, 2014 unauthorized access to their website compromised personal information of individuals who completed a transaction.

The information includes names, payment card account numbers, expiration dates of cards, SCORE account numbers. Those who were affected conducted a transaction between June 1, 2014 and September 4, 2014. There was no evidence that customer addresses or security codes being compromised after an investigation was conducted.

For those with questions or concerns call 1-800-626-77741-800-626-7774.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46986

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 20, 2014 Staples Inc.
Framingham, Massachusetts
BSR HACK

Unknown

Several large banks notified Staples Inc. of unusual activity on credit and debit cards used at several locations in Northeastern United States. According to Brian Krebs, Krebs on Security "According to more than a half-dozen sources at banks operating on the East Coast, it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey". Staples Inc. has more than 1800 stores nationwide and is currently investigating the potential breach.

More Information: http://krebsonsecurity.com/2014/10/banks-credit-card-breach-at-staples-s...

UPDATE (11/17/2014): It appears that the breach that happened at Staples was conducted by the same cyber criminals that infiltrated Michaels stores. According to Krebs On Security "Multiple banks interviewed by this author say they’ve received alerts from Visa and MasterCard about cards impacted in the breach at Staples, and that to date those alerts suggest that a subset of Staples stores were compromised between July and September 2014."

More Information: http://krebsonsecurity.com/2014/11/link-found-in-staples-michaels-breach...

 
Information Source:
Krebs On Security
records from this breach used in our total: 0

October 17, 2014 Sourcebooks Inc.
Naperville, Illinois
BSR HACK

Unknown

Sourcebooks Inc. has informed customers of a breach of their shopping cart software that supports several of their websites. The breach dates were from April 16, 2014 and June 19, 2014. An unauthorized party gained access to specific customer purchase information.

The information breached includes first names, last names, email addresses, phone numbers, addresses, account passwords, credit card numbers, expiration dates of credit cards, cardholder names and card verification values.

The company is conducting an investigation including a forensic audit to determine the full extent of the breach.

For those with questions or concerns call 1-844-810-1155 between 8:30 a.m and 5:30 p.m Central Standard Time or go to http://www.sourcebooks.com/cardfaq.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47029

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 14, 2014 Cyberswim.com
Pen Argyl, Pennsylvania
BSR HACK

Unknown

Cyberswim.com notified customers of a data breach to their online ecommerce store and the discovery of customers' personal information being breached.

On September 24, 2014 the company confirmed that an unauthorized individual(s) or entities installed malware on the server hosting their website. This malware was able to access personal information entered by customers when completing a purchase on the site.

Information breached includes names, addresses, website usernames and passwords, payment card account numbers, card expiration dates, and payment card security codes.

Purchases made between May 12, 2014 and August 28, 2014 are the dates this breach occurred.

For those with questions call 1-844-286-4855 between 9:00 a.m and 5:00 p.m Easter time, Monday through Friday (excluding holidays).

More Information: oag.ca.gov/ecrime/databreach/reports/sb24-46986

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 14, 2014 Novant Health Gaffney Family Medical Care
Gaffney, South Carolina
MED PORT

Unknown

Novant Health Gaffney Family Medical Care informed patients of a data breach when their offices were broken into and two of the facilities laptops were stolen.

The information on the laptops was not disclosed.

More Information: http://www.wspa.com/story/26681323/laptops-with-patient-data-stolen-from...

 
Information Source:
Media
records from this breach used in our total: 0

October 13, 2014 Snapsaved.com
Unknown,
BSO HACK

200,000

Snapsaved.com, a third party vendor to Snapchat, announced that their servers were hacked, which in turn caused thousands of photos and videos from the third party service to show up on the Internet.

"On Sunday, thousands of photos and videos from the Snapchat service were put online, apparently taken from sites including Snapsaved.com, which had allowed people to log in using their Snapchat username and password to offer desktop-based rather than handset-based access to the site - and also the chance to store photos, which are meant to be deleted within seconds of being viewed."

Snapsaved posted on Facebook the following:

"I would like to inform the public that snapsaved.com was hacked” due to a mistake in the setup of its web server. “As soon as we discovered the breach in our systems, we immediately deleted the entire website and the database associated with it,” the unsigned statement continues. “As far as we can tell, the breach has effected [sic] 500MB of images, and 0 personal information from the database.”

More Information: http://www.theguardian.com/technology/2014/oct/13/third-party-snapchat-s...

 
Information Source:
Media
records from this breach used in our total: 0

October 13, 2014 University of California Davis Medical Center
Sacramento, California
MED HACK

Unknown

The University California Davis Medical Center discovered abnormal activity in the email account of one of their providers. An investigation determined that the provider's email was compromised by an unknown source. As a result, an unauthorized use and access to their system giving them access to communication between the provider and the patients.

For additional questions regarding the incident contact 1-916-734-8808 or email privacyprogram@ucdmc.ucdavis.edu

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46960

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 13, 2014 Penn Highlands Brookville
Brookville, Pennsylvania
MED HACK

Unknown

The office of Dr. Barry J. Snyder at Penn Highlands Brookville, a healthcare service provider for the Brookville area in Pennsylvania, notified patients of a data breach when a third party accessed the third party vendor's server who maintains records for Dr. Snyder.

The information compromised included patient names, addresses, dates of birth, driver's license numbers, Social Security numbers, phone numbers, insurance information, medical informatino and genders.

The facility is offering free identity monitoring and identity protection services to affected individuals through Kroll Inc. Those affected can call 1-855-401-2640.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 10, 2014 Sears Holding Company/K-Mart
Hoffman Estates, Illinois
BSR HACK

Unknown

Sears Holding Corp announced Friday that a data breach occurred at their K-Mart stores starting last month, with malicious software targeting their Point of Sale systems that  compromised customers' credit card information.

Currently, Sears Holding Corp is not clear as to the number of affected customer cards and the breach is currently under investigation. K-Mart has said that they were able to remove the malware from their systems.

K-Mart is working currently working with federal investigators.

For those with questions, they are asked to call K-Mart's Customer Care Center at 1-888-488-5978.

More Information: http://abcnews.go.com/Business/wireStory/kmart-latest-victim-data-breach...

 
Information Source:
Media
records from this breach used in our total: 0

October 10, 2014 Sausalito Yacht Club
Sausalito, California
BSO HACK

Unknown

The Sausalito Yacht Club notified its members of a data breach to their online member roster. The information on the roster included member names linked to private Sausalito Yacht Club member numbers. These two pieces of information together allows for the charging of beverages, goods, services and meals at the club. Additionally, members personal contact information, financial information, including accounts receivable information could have been obtained.

Currently, the breach is under investigation and depending upon what is found, the club may issue new cards and account numbers.

For those affected with questions they may call General Manager, Dave Martel at 1-415-332-7400 or by e-mail at gm@sausalitoyachtclub.org.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 10, 2014 Oregon Employment Department/WorkSource Oregon
Portland, Oregon
GOV HACK

850000

The Oregon Employment Department, specifically WorkSource Oregon, discovered a data breach of a data base that contained personal information of individuals searching for jobs when an anonymous tip came in alerting officials of the breach.

Social Security numbers of more than 850,000 individuals were compromised in the breach. Officials shut down the website and were investigating the breach.

More Information: http://www.oregonlive.com/money/index.ssf/2014/10/security_breach_discov...

 
Information Source:
Media
records from this breach used in our total: 850,000

October 10, 2014 Georgia Department of Behavioral Health and Developmental Disabilities (DBHDD)
Atlanta, Georgia
GOV PORT

3,397

The Georgia Department of Behavioral Health and Developmental Disabilities (DBHDD) notified individuals of a data breach when one of their departments laptops was stolen out of a car of an employee who was attending a conference.

The laptop contained personal information of over 3,000 patients including names, addresses, phone numbers, dates of birth, names of guardians, marital status, Social Security numbers, Medicaid numbers, diagnosis, behavioral data and other personal information.The laptops were not encrypted.

For those who might have been affected, they can call DBHDD at 844-888-5998 until January 9, 2015

More Information: http://www.phiprivacy.net/2014/10/page/12/

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 3,397

October 10, 2014 Department of Human Services' Office of Behavioral Health, Denver
Denver, Colorado
GOV DISC

15,000

The Department of Human Services' Office of Behavioral Health in Denver Colorado notified individuals of a data breach when a postcard mailing went out to individuals as part of a survey. The cards were specifically addressed to individuals receiving behavioral health services through DHS office and mailed in post-card format.

This information is considered to be protected health information. According to the DHS no Social Security numbers or financial information was on the cards.

More Information: http://www.9news.com/story/news/local/2014/10/10/colorado-health-officia...

 
Information Source:
Media
records from this breach used in our total: 0

October 9, 2014 Evolution Nature Corp. dba The Evolution Store
Manhattan, New York
BSR HACK

Uknown

Evolution Nature Corp., dba The Evolution Store contacted customers regarding a data breach to their online stores affecting customer credit card information.

The company received a complaint of credit card fraud from a customer and launched an investigation by a data forensics expert. The investigation revealed that the administrative portion of the Evolution e-commerce site was accessed by an unauthorized third party that was using administrative credentials exposing customer order information.

The information exposed included names, email addresses, phone numbers, billing addresses, shipping addresses, order information, and credit/debit card information, including the CVV numbers on the backs of the cards.

For those affected, the company is offering AllClear Secure for 12 months at no cost. For those with questions, call 1-877-322-82281-877-322-8228.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46935

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 9, 2014 South Texas Veterans Health Care System
San Antonio, Texas
MED DISC

4,000

The South Texas Veterans Health Care System informed 4,000 patients of a data breach to their personal information. 

"South Texas Veterans Health Care tried to send veterans notices on September 15 to explain a new federal rule of Hydrocodone combination they need to be aware of. But in the process of printing the letters, they mistakenly came out double-sided and had one unique veteran’s information on one side and another veteran’s on the other."

The information breach included full names, addresses and the type of prescription drugs.

More Information: http://healthitsecurity.com/2014/10/09/south-texas-va-reports-printing-e...

 
Information Source:
Media
records from this breach used in our total: 0

October 9, 2014 U.S. Health Holdings, Ltd.
Detroit, Michigan
MED DISC

Unknown

U.S Health Holdings, Ltd. on behalf of Macomb County Michigan has suffered a breach when an accidental disclosure of of personal informaton was posted on the Michigan Inter-Governmental Trade Network ("MITN") website.

The information exposed included names, dates of birth, Social Security numbers, zip codes, cities, and Plan carrier names.

More Information: http://www.phiprivacy.net/2014/10/page/13/

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 9, 2014 Albertina Kerr Centers
Gresham, Oregon
MED PORT

1,300

The Albertina Kerr Centers have notified individuals of a breach when two of their laptop computers and a cell phone were stolen from the Albertina Kerr's campus.

The laptops contained medical information identifying individuals, the diagnoses they received and treatements applied. The theft took place in August of 2014 when an individual or individuals broke into one the facilities offices at the Kerr's crisis psychiatric care facility. According to the facility these laptops did not contain Social Security numbers or financial information.

The center is offering a year of free identity theft security monitoring. For those affected they can call 1-888-276-0529.

More Information: http://www.oregonlive.com/gresham/index.ssf/2014/10/laptops_stolen_from_...

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 7, 2014 Municipal Bond Insurance Association (MBIA)
Purchase, New York
BSF DISC

Unknown

Brian Krebs of Krebs On Security notified MBIA of a breach that exposed numerous customer account numbers, balances and various other sensitive data due to a misconfiguration on a company Web server.

"Much of the information had been indexed by search engines, including a page listing administrative credentials that attackers could use to access data that wasn’t already accessible via a simple Web search."

MBIA is one of the largest bond insurers, that offers municipal bond insurance and investment management products and services companies such as Aetna and Fireman's Fund.

The company has since shut this website down and is currently investigating. No information is available to the number of individuals that may have been affected by the breach.

More Information:http://krebsonsecurity.com/2014/10/huge-data-leak-at-largest-u-s-bond-insurer/

 
Information Source:
Krebs On Security
records from this breach used in our total: 0

October 6, 2014 AT&T
Dallas, Texas
BSR INSD

1600

AT&T is at the center of another data breach to their system, this time, by an internal employee.

AT&T has announced that one of its staff members accessed account information of customers, which included Social Security Numbers, drivers license numbers, unique customer numbers, known as Customer Proprietary Network Information (CPNI), which includes information such as times, dates, durations and destination numbers of every call made. No specific numbers have yet been released.

More Information: http://www.zdnet.com/at-and-t-hit-by-insider-data-breach-unspecified-num...

UPDATE (10/7/2014): The Vermont Attorney General posted that 1,600 letters went out to customers regarding the recently announced data breach that happened in August of 2014 by an employee of AT&T. The employee has since been fired and the breach is still under investigation.

More Information:http://www.reuters.com/article/2014/10/07/us-at-t-cybersecurity-idUSKCN0HW02Y20141007

 
Information Source:
Media
records from this breach used in our total: 1,600

October 3, 2014 Mount Sinai Beth Israel
New York, New York
MED PORT

10,790

Mount Sinai Beth Israel announced a data breach when a laptop computer was stolen from a staff room. According to the facility the laptop was password-protected but not encrypted.

The patient information housed on the laptop included patient names, dates of birth, medical record numbers, dates of service, procedure codes and description of procedures along with clinical information about patient care received. The facility has stated that patient Social Security numbers, insurance information, addresses and phone numbers were not stored on this particular laptop.

More Information: http://www.mountsinaihealth.org/about-the-health-system/news-releases/st...

 
Information Source:
Media
records from this breach used in our total: 0

October 3, 2014 Touchstone Medical Imaging
Brentwood, Tennessee
MED DISC

Unknown

Touchstone Medical Imaging notified patients of a data breach as a "result of an open share that was exposed to the Internet."

The information exposed included Social Security numbers, names, addresses, dates of birth, and phone numbers. The center stated that no medical information was stored in this exposed folder. They are not sure if any financial information was contained in this folder.

More Information: http://www.csoonline.com/article/2691601/data-breach/touchstone-medical-...

 
Information Source:
Media
records from this breach used in our total: 0

October 2, 2014 Community Technology Alliance
San Jose, California
NGO PORT

Unknown

Community Technology Alliance (CTA) is notifying individuals of a potential compromise of their personal information, when an employee's laptop was stolen on July 28, 2014.

CTA is a non-profit organization that administers the Bay Area Homeless Management Information Systems (HMIS) and helps hundreds of partner agencies. The information in HMIS can include names and Social Security Numbers, and various other pieces of personal information.

If services were being received from an HMIS Partner Agency in Santa Cruz California, those individuals are the ones at risk. The partner agencies include the following:

Community Action Board, Families in Transition, Homeless Services Center, Salvation Army of Watsonville, Pajaro Valley Shelter Services, Housing Authority of the County of Santa Cruz, Encompass, Front Street Housing, Inc., Mountain Community Resource Center, Catholic Charities, Veterans Resource Center, Santa Cruz County Office of Education, Santa Cruz County Health and Human Services Agency, Housing Services Center, Pajaro Rescue Mission, and New Life Community Services.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46834

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 1, 2014 Flinn Scientific, Inc.
Batvia, Illinois
BSR HACK

Unknown

Flinn Scientific, an ecommerce site focused on scientific materials for teachers and students, notified customers of a data breach to their online payment system when a cyber attacker inserted malware to gain access to the server that hosts payment information.

The information breached includes payment card numbers, card verification codes, expiration dates, names, addresses, and email addresses.

The company has set up credit monitoring with AllClearID for 12 months for those individuals affected by the breach. For questions individuals can call 1-866-979-2595 to get credit monitoring started.

More Information:http://oag.ca.gov/ecrime/databreach/reports/sb24-46816

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 1, 2014 Provo City School District
Provo, Utah
EDU HACK

1,400

The Provo City School District notified employees of a "phishing" attack Monday September 29, 2014 which allowed access to employees email accounts. Some employee email accounts contained files that may have had personally identifiable information.

Currently the school district is investigating the breach and notifying those affected.

More Information: http://fox13now.com/2014/10/01/provo-city-school-district-warning-employ...

 
Information Source:
Media
records from this breach used in our total: 0

October 1, 2014 Fort Hays State University
Hays, Kansas
EDU DISC

138

Fort Hays State University has notified 138 of it's graduates that their personal information may have been compromised when personal information was "accidentally" exposed on the Internet. The information exposed included Social Security Numbers and various other pieces of personal information.

The university stopped storing Social Security Numbers of students five years ago, however anyone who attended the university prior to 5 years ago, their SSN information is still part of the university database.

More Information: http://ksn.com/2014/10/01/fort-hays-state-university-experiences-data-br...

 
Information Source:
Media
records from this breach used in our total: 138

September 29, 2014 Albertson's LLC (AB Acquisition LLC)
Spokane, Washington
BSR HACK

Unknown

AB Acquisition LLC announced the discovery of a separate criminal investigation involving payment cards of customers who shopped at Albertsons stores, ACME Markets, Jewel-Osco, Shaw's and Star Markets. The company has discovered that a different malware was used in some of the stores than what was discovered in the recent data breach incident on August 2014. This breach is more recent than the August breach and appears to have happened at the end of August, beginning of September 2014.

This newer breach reportedly captured account numbers, expiration dates, other numerical information and/or cardholder names.

The company has different point of sale systems at the different locations. Reportedly Albertson stores in Arizona, Arkansas, Colorado, Florida, Louisiana, New Mexico, Texas and their two Super Saver Food Stores in Northern Utah were not affected.

Those stores that were affected includes Albertsons stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah. In addition, ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey were affected, along with Jewel-Osco stores in Iowa, Illinois and Indiana and Shaw's and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island.

The timeframes of the breach are August 27, 2014 through September 21, 2014. The company is offering free credit monitoring for one year  with AllClearID at no cost to those who were affected. For questions, call 1-855-865-4449.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46749

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 29, 2014 American Family Care
Birmingham, Alabama
MED PORT

Unknown

"American Family Care of Birmingham is alerting customers following the theft of two laptops containing sensitive information from an employee’s vehicle earlier this summer".

The information on the laptops contained personal information of patients specifically related to work injuries, physicals, immunizations and drug screens. The lap top also included the names, dates of birth, addresses, phone numbers, medical record numbers, Social Security Numbers, additional medical information, insurance information, driver's license numbers and dates of service.

Those with questions concerning the incident can call (800) 258-7535(800) 258-7535 extension 2588 or e-mail ComplianceOfficer@americanfamilycare.com.

More Information: http://www.phiprivacy.net/american-family-care-alerts-customers-of-stole... and http://www.bizjournals.com/birmingham/morning_call/2014/09/american-fami...

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 29, 2014 Texas Wellness Incentives and Navigation (WIN) Project- University of Florida and Texas Health and Human Services Commission
Gainesville, Florida
MED DISC

Unknown

The University of Florida and Texas Health and Human Services Commission (HHSC) a cooperative project called the Texas Wellness Incentives and Navigation (WIN) Project for Medicaid patients, notified patients of a data breach.

The University of Florida, acting as a partner of HHSC, sent letters to Houston area physicians requesting health records. Unfortunately, due to a database merging error, some of those health record requests were sent to the wrong physicians.

The information shared with the incorrect physician included names, Medicaid STAR+PLUS identification numbers, and dates of birth.

Those affected with questions can call 1-866-876-HIPA1-866-876-HIPA (4472).

More Information: http://www.phiprivacy.net/university-of-florida-and-texas-hhsc-notify-te... and http://privacy.ufl.edu/wp-content/uploads/2014/09/Brch-letr-ICHP-KCase-P...

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 26, 2014 BayBio
San Francisco, California
NGO HACK

Unknown

BayBio.org has notified individuals of a data breach to their online payment system. The non-profit organization has notified that the hacking to their payment system compromised credit card numbers in process.

The hacker inserted files that captured keystrokes of visitors to their site which included credit card numbers when individuals were either paying for a membership or an event being held by the non-profit. Payments are being taken by phone until the breach has been repaired.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46727

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 25, 2014 Pacific BioSciences of California Inc.
Menlo Park, California
BSO PORT

Unknown

Pacific BioSciences of California Inc. has notified patients of a data breach when an employee laptop was stolen from their home that contained some of their personal information.

The information included names, birthdates, and Social Security numbers.

The company has arranged credit monitoring services through AllClearID for one year at no charge. For those affected they can call 1-866-979-2595.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46702

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 22, 2014 Viator Inc
San Francisco, California
BSO HACK

Unknown

Viator Inc, was notified of a data breach by their credit card service provider when they had received numerous complaints of erroneous charges to accounts. Their investigation lead to seeing fraudulent charges to Viator customers via their online payment processing system.

The breach includes the compromise of customer credit card and debit card data, card expirations, names, billing addresses, email addresses and Viator "nicknames".

The company is offering 12 month of credit monitoring services at no cost. For those affected they can call 1-888-680-0710 to speak with someone.

The company is also asking customers to go into their accounts and change their passwords.


More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46657

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 15, 2014 Tim McCoy & Associates/ dba.NEAT Management Group
Austin, Texas
BSF PORT

Unknown

Tim McCoy and Associates, also known as NEAT Management Group informed customers of a data breach when the laptop belonging to one of the company's software engineers was stolen on August 27, 2014.

The information on the laptop included names,  Social Security Numbers, dates of birth, addresses, phone numbers, employer identification numbers and email addresses.

The company is providing a free membership for a year to ProtectMyID. For those who were affected, they can call 1-888-829-6550.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46601

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 12, 2014 Health and Human Services Agency, Napa
Napa, California
GOV PORT

Unknown

The Napa Health and Human Services Department, specifically In Home Supportive Services (IHSS) notified patients of a data breach when one of their flash/thumb drives was missing from their offices on Coombs Street. This portable drive contained information specifically related to their Comprehensive Services for Older Adults Division of HHS.

The discovery was made of the missing drive when clean-up was happening to their offices after the recent Napa earthquake. The offices have not been occupied since the earthquake. The information on the drive included names, addresses, phone numbers and information regarding patients status in the IHSS program. The agency is reporting that no financial or Social Security information was on the flash/thumb drive.

They agency has reported the incident to the police and are treating the missing flash/thumb drive as a burglary.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46595

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 10, 2014 Bartell Hotels
San Diego, California
BSO HACK

55,000

Bartell Hotels, who operates several hotels in San Diego, has announced that they have suffered a data breach of customer credit card information.

The Best Western Plus Island Palms Hotel & Marina, The Dana on Mission Bay, Humphreys Half Moon Inn & Suites, Pacific Terrace Hotel and Days Hotel – Hotel Circle had names, credit card numbers and credit card expiration dates of customers who stayed at these hotels between February 16, 2014 and May 13, 2014 breached. 

The breach could have affected up to 55,000 individuals.

For those affected, they can contact a representative at  877-437-4010 Monday through Saturday 8 a.m. to 8 p.m. CT with questions or concerns.


More Information
: http://www.nbcsandiego.com/news/local/Data-Security-Breach-Reported-at-San-Diego-Hotels-274421341.html#ixzz3CvzjLpSG

 
Information Source:
Media
records from this breach used in our total: 55,000

September 9, 2014 Beef O'Brady's Restaurants
North Port, Florida
BSO HACK

Unknown

Beef O'Brady restaurants appear to have been a victim of a data breach to their point of sale system, when unauthorized credit card transactions begain appearing on financial statement of customers. These transactions were from numerous vendors in Texas, New York, and Massachusetts. The restaurant chain is located in Florida.

Reportedly, a minimum of four Florida Beef O'Brady's restaurant locations have been compromised.

The information compromised included credit and debit card information.

The company is currently working with local law enforcement to further investigate the breach.

 

More Information: http://www.wtsp.com/story/news/local/2014/09/09/potential-data-breach-at...

 
Information Source:
Media
records from this breach used in our total: 0

September 5, 2014 California State University, East Bay
Hayward, California
EDU HACK

Unknown

California State University, East Bay has notified individuals of a data breach that has occurred on August 11, 2014 when the University discovered unauthorized access to individuals information when an overseas IP address appears to have used a software tool designed to access information on a server without being detected. The server targeted contained personal information on various employment record transactions and some extended learning course information.

The specific information breached included names, addresses, Social Security Numbers and dates of birth.

The University has set up 12 months free of Experian's ProtectMyID for those affected. For additional questions or concerns individuals can contact (888) 738-3759 a toll free number specifically set up to deal with questions/concerns regarding this breach.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46513

 
Information Source:
California Attorney General
records from this breach used in our total: 0

Breach Total
931,357,921 RECORDS BREACHED
(Please see explanation about this total.)
from 4,449 DATA BREACHES made public since 2005
Showing 1-50 of 4449 results


X

Sign In!

Loading