Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
872,715,019 RECORDS BREACHED
(Please see explanation about this total.)
from 4,391 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
August 28, 2014 J.P Morgan Chase
New York, New York
BSF HACK

Unknown

The FBI is investigating a sophisticated hacking attack on JP Morgan Chase and potentially four other large American banks.

The hackers, who are reportedly Russian, gained enough personal information to completely wipe out bank accounts. The sophisticated and coordinated attacks go beyond the typical criminal hacker (s) according to authorities. Investigators are looking into the reasons behind the coordinated attack.

More Information: http://www.foxnews.com/politics/2014/08/28/fbi-reportedly-probing-hack-j...

 
Information Source:
Media
records from this breach used in our total: 0

August 27, 2014 Dairy Queen
Edina, Minnesota
BSR HACK

Unknown

Dairy Queen has reported a data breach of their POS (Point of Sale) system when malware authorities are calling "Backoff" was found on the system. This same malware authorities are attributing to the Target and Supervalu Inc. data breaches.  Currently the restaurant chain is unclear as to how many stores were affected. 

Dairy Queen operates 6,300 restaurants across the US, many of which are franchisees that are not required to report fraud to Dairy Queens headquarters.

Currently Dairy Queen is working with authorities to uncover the specifics.

 

More Information: http://bringmethenews.com/2014/08/27/dairy-queen-confirms-potential-brea...

 
Information Source:
Media
records from this breach used in our total: 0

August 26, 2014 Milpitas Knights PAL Youth Football
Milpitas, California
BSO PHYS

80

Parents of 80 youth football players were notified of a data breach, when a bag of registration materials required by the league were stolen from the back seat of a volunteers car.

The information included original birth certificates and physical forms. The league did not comment on what information was entered on the physical form.

 

More Information: http://www.mercurynews.com/sports/ci_26375263/milpitas-youth-football-pl...

 
Information Source:
Media
records from this breach used in our total: 0

August 26, 2014 The Hand Care Center/Shoulder and Elbow Institute
Orange., California
MED PHYS

10,000

The Hand Care Center/Shoulder and Elbow Institute in Orange California notified patients of data breach when they were notified by Iron Mountain Record Management, a facility where the medical practice stores old files, that 25 boxes of X-rays were stolen by two employees of the storage company.  The employees sold the X-rays to a recycler who melted them down to recover the silver. 

The information in the X-ray files included patient names, dates of birth, gender, treating physician, medical record numbers and the image on the X-ray itself.

For those possibly affected, they can call the center at 1-877-615-3762. The center is reporting that any X-rays taken after 2002 were most likely not affected.

 

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 26, 2014 Long Beach Internal Medical Group
Long Beach, California
MED PHYS

Unknown

The Long Beach Internal Medical Group, Inc. in Long Beach California notified patients of data breach when they were notified by Iron Mountain Record Management, a facility where the medical practice stores old files, that boxes of records were stolen by two employees of the storage company.  Reportedly the employees sold X-rays files to a recycler who melted them down to recover the silver. 

The information in the files stored by the medical practice included names, sex, addresses, dates of birth, telephone numbers, account numbers, office charges, insurance information, diagnosis information, Social Security numbers.

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 26, 2014 Geekface LLC
Pawcatuck, Connecticut
NGO HACK

Unknown

Geekface LLC, which runs the online sites Hatchwise.com and eLogoContest.com notified customers of a data breach to their server that compromised personal information.

The information breached included names, addresses, birth dates, usernames, passwords, and Social Security numbers.

For those with questions or needing further assistance they can call 1-800-303-09111-800-303-0911 between 10:00 a.m and 5:00 p.m. EST Monday through Friday or visit hatchwise.com.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 26, 2014 Imhoff & Associates, PC
Los Angeles, California
BSO PORT

Unknown

Imhoff and Associates, a criminal defense lawfirm notified clients of a data breach when a backup hard drive was stolen from a locked trunk of an employee's vehicle.

The personal information contained on the backup hard drive may have included names, birth dates Social Security numbers, driver's license numbers, addresses, emails and phone numbers.

The firm is offering those affected 12 months of AllClear ID at no cost. Those individuals with questions can call 1-877-615-3769 to reach an AllClear ID representative, Monday through Saturday 8:00 a.m to 8:00 p.m Central Standard Time..

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 25, 2014 BioReference Laboratories, Inc./CareEvolve, Inc.
Ann Arbor, Michigan
MED DISC

3,334

CareEvolve Inc, a subsidiary of BioReference Laboratories, Inc. have notified patients of a data breach to their system that may have inadvertently exposed personal information of patients.

CareEvolve, Inc. was reconfiguring a test server and accidentally exposed the server, making it accessible via the Internet. This particular server included patient names, home addresses, telephone numbers, ages, patient/medical record numbers, clinical tests, collection dates, dates of birth and Social Security numbers (196 SSN's exposed according to CareEvolve Inc).

Automated search engine data mining applications did access this information starting on February 2, 2014 and ended when the breach was discovered on March 19, 2014.

For those that may have been affected can call 1-800-229-52271-800-229-5227 ext. 8433 or email compliancedepartment@bioreference.com.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 196

August 22, 2014 US Investigations Services (USIS)
Falls Church, Virginia
GOV HACK

25,000

The US Investigations Services (USIS), a firm that performs background checks for U.S government employees had a breach in their data base. Cyber criminals were able to hack their system to gain personal information on employees with the Department of Homeland Security, U.S Immigration and Customs Enforcement and U.S Customs and Border Protection units.

The information breached included Social Security numbers, education and criminal history, birth dates, information on spouses, other relatives and friends including names and addresses.

Officials say the number may increase as the investigation continues.

 

More Information: http://www.reuters.com/article/2014/08/22/us-usa-security-contractor-cyb...

 
Information Source:
Media
records from this breach used in our total: 25,000

August 22, 2014 Cedars-Sinai Medical Center, Los Angeles
Los Angeles, California
MED PORT

500

Cedars-Sinai Medical Center in Los Angeles California has reported a data breach of at least 500 patients at the facility when an employees laptop computer was stolen from their home during a burglary in June 2014. The laptop was password protected.

The records on the laptop included specific patient data such as lab testing, treatment and diagnosis, Social Security numbers and other personal information.

 

More Information: http://www.latimes.com/business/la-fi-cedars-breach-20140823-story.html

 
Information Source:
Media
records from this breach used in our total: 500

August 22, 2014 ManagedMed Inc (A Psychological Corporation)
Los Angeles, California
MED DISC

Unknown

ManagedMed Inc.(A Psychological Corporation) notified patients and the Attorney General's office of a data breach of their patient scheduling system.

According to the facility patient scheduling information was viewed via an unsecured webpage by at least two non-ManagedMed individuals. This information was visible from March, 2013 through May 15, 2014. The breach allowed unauthorized persons to access the facilities calendaring system and view the information.

This information included patient scheduling information, patient names, telephone numbers, names of providers, notes on the patient which could have included information on the type of visit scheduled or medication/test scheduled for the patient, and dates of appointments.  According to the facility no SSN's, credit card or medical records information were exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 20, 2014 The UPS Store
Atlanta, Georgia
BSR HACK

Unknown

The UPS Store, Inc has notified customers of a data breach when they discovered malware in their systems targeting UPS retailers. UPS retained a security firm to review their systems and found malware at 51 locations in 24 states. UPS has a total of 4,470 franchised center locations within the US.

The company announced that both credit and debit card purchases were impacted at the franchised locations from January 20, 2014 through August 11, 2014. The company has since removed the malware from their system.

The company put out the following information: 

For those affected with questions,  please call us at 1-855-731-6016."

 

For more information http://oag.ca.gov/system/files/California%20Distribution_0.pdf?

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 18, 2014 Community Health Systems
Franklin, Tennessee
MED HACK

4.5 million

Community Health Systems out of Franklin Tennessee has announced a large data breach of their medical system. The breach occured when hackers infiltrated the server of the health system compromising Social Security numbers, names and addresses for 4.5 million patients. Authorities believe that the hackers were based out of China and the attacks happened from April 2014 through June 2014.

The company operates 206 hospitals in 29 states and is currently doing further investigations regarding the attack.

 

More Information:  http://bits.blogs.nytimes.com/2014/08/18/hack-of-community-health-system...

 

UPDATE (8/26/2014): Five Alabama residents have filed a class-action lawsuit against Community Health Systems following last week's announcement of the data breach of 4.5 million patients.

 

 
Information Source:
Media
records from this breach used in our total: 4,500,000

August 18, 2014 MeetMe, Inc.
New Hope, Pennsylvania
BSO HACK

Unknown

MeetMe, Inc. has announced a data breach of their system when hackers gained access to their customer information. The information included names, emails addresses, and passwords.

The company reported that they have contacted their customers to change their usernames and passwords.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 15, 2014 Albertsons/AB Acquisitions LLC
Boise, Idaho
BSO HACK

Unknown

The Albertsons grocery chain in Southern California announced a data breach when hackers attempted to obtain customer credit and debit card information from its approximately 180 Southern California stores, as well as stores in several other states.

AB Acquisition LLC which operates Albertson stores, ACME Markets, Jewel-Osco, Shaw’s and Star Markets all under New Albertson’s, Inc. confirmed that the data breach started as early as June 22, 2014 and ended July 17, 2014.

"Albertson stores in Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and southern Utah were also affected. In addition, ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; Jewel-Osco stores in Iowa, Illinois and Indiana; and Shaw’s and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island were all impacted by this incident".

The company is offering customers who may have been affected by the breach a year of complimentary identity-protection services. For more information, customers can call (877) 932-7948 or visit Albertsons' website.

More Information: http://www.latimes.com/business/la-fi-breach-alberstons-20140815-story.html
 
Information Source:
Media
records from this breach used in our total: 0

August 15, 2014 Supervalue
Eden Prairie, Minnesota
BSO HACK

Unknown

Supervalu, which operates 3,763 outlets, both corporate and franchised stores, has reported a data breach in their point-of-sale system which affected some of its retail food stores, along with several of its stand-alone liquor stores. The information compromised includes account numbers and other information on customer payment cards used at the point-of-sale systems. The data breach occurred from June 22, 2014 through July 17, 2014 according to company spokesperson. The retail grocery chain has notified authorities and the breach is currently under investigation.

 

More Information: http://www.cnbc.com/id/101922584# 

 
Information Source:
Media
records from this breach used in our total: 0

August 12, 2014 Freedom Management Group, LLC dba The Natural
Hauppauge, New York
BSR HACK

Unknown

The Natural, an online store, notified customers of a data breach to their system when an unauthorized party accessed customer payment card data. The unauthorized access occurred from 4/22/2014 to 7/17/2014.

The information accessed included customer credit and debit card numbers, expiratin dates, names, addresses, and phone numbers, account numbers, and passwords.

The company has recommended that those affected change their online passwords to their online account. The company is offering AllClear ID at no cost for 12 months. For those affected they may contact the AllClear ID team at 1-877-615-3771.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 12, 2014 Orthopaedic Specialty Institute Medical Group
Orange, California
MED PHYS

49,000

Orthopaedic Specialty Institute Medical Group has reported a data breach when it was discovered that 742 boxes of patient X-rays were stolen from an Iron Mountain Record Management storage facility. After an investigation by the authorities, it was discovered that two Iron Mountain Record Management employees stole the files and melted them down for the silver.

The information in the records, which are 10 to 15 years old,  and could have included patient names, birth dates and medical record numbers.

For those who might have been affected they can call the medical group at 1-714-937-48251-714-937-4825 .

 

More Information: http://www.ocregister.com/articles/medical-631456-rays-group.html

 
Information Source:
Media
records from this breach used in our total: 0

August 7, 2014 University California Santa Barbara
Santa Barbara, California
EDU HACK

Unknown

The University California Santa Barbara has notified unauthorized access to some archival payroll data that included names, social security numbers and direct deposit banking information.

The University has contracted with ID Experts to provide free credit monitoring service, and insurance for identity theft restoration.

If you need assistance enrolling or have additional questions, the University is requesting individuals call the UCSB / ID Experts team at 1-877-919-9184, between the hours of 6:00 am and 6:00 pm Pacific Time.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 7, 2014 Anderson & Murison
Los Angeles, California
BSF DISC

Unknown

Anderson & Murison, a wholesale insurance broker, notified individuals of a data breach when individual retail insurance agents applied for personal umbrella insurance policies for their customers via Anderson & Murison's online umbrella rating system.

When the retail agents requested an estimate through this online system, specific information regarding their customers was necessary to obtain the quote/estimate. Information such as first and last names, addresses, policy dates, policy numbers, premium costs, policy amounts, types of policies, dates of birth, all real estate owned and addresses, types of automobiles, other motorized equipment such as watercraft, occupations of both individuals and spouses, employer names and addresses, general information such as traffic violations, etc.

The company is offering identity theft protection through Kroll for one year at no cost.  Those affected can call 1-844-263-8605.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 7, 2014 San Mateo Medical Center
San Mateo, California
MED INSD

Unknown

San Mateo Medical Center (SMMC) notified individuals of a potential data breach when the facility discovered that an employee who was hired in the payroll unit of the facility failed to disclose a prior conviction for identity theft.

The employee was terminated immediately, but the individual had access to SMMC employee information including names, contact information, Social Security numbers and dates of birth.

The facility reported that they found "no evidence indicating that the employee misused confidential information from SMMC employee records".

SMMC has engaged Kroll to provide identity theft protection for one year at no cost. For those affected they can contact the county at 1-844-530-4127 from 6:00 a.m. to 3:00 p.m. PDT.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 5, 2014 Vibram
Concord, Massachusetts
BSR HACK

Uknown

Vibrum USA Inc had notified customers of a data breach in their online ordering system. The compay contracts with a third party web hosting provider vibramfivefinger.com whose systems were compromised when an unauthorized party accessed their system that manages online transactions and inserted malicious code.

The information that may have been compromised included credit card numbers.

The company has set up credit monitoring services through Experian. Those affected can call 1-877-371-7902

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 5, 2014 Russian hacking discovered by Hold Security
Unknown, Wisconsin
BSO HACK

1 billion

"A gang of Russian hackers has amassed over 1 billion username and password combinations and more than 500 million email addresses, a security firm reported late Tuesday, calling it the largest-ever haul of stolen Internet credentials.

The massive trove — stolen from hundreds of thousands of websites — was discovered by the Milwaukee firm Hold Security, according to a post on its website".

According to reports by Hold Security,  it took over seven months to identify the gang, "whom the firm dubbed CyberVor, or cyber-thief in Russian".

 

It appears that no payment card information or Social Security numbers were threatened.

PRC will provide updates as the story unfolds.

 

 

*note: state location provided is that of Hold Security LLC.

 
Information Source:
Media
records from this breach used in our total: 0

July 31, 2014 Recreational Equipment Inc. (REI)
Kent, Washington
BSR HACK

Unknown

On July 23, REI discovered that a third-party may have accessed REI customer accounts without authorization obtaining email addresses and passwords.

For those affected who have further questions about this incident, please contact them at privacy@rei.com or 1-800-426-48401-800-426-4840 Monday through Sunday 4 a.m. to 11 p.m. Pacific Time.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 30, 2014 CVS/Caremark
Atlanta, Georgia
BSR DISC

350

As reported by a local news station in Atlanta Georgia reported a breach by CVS/Caremark when a mailing went out to CVS Caremark customers offering a switch to a 90-day prescription supply.

Unfortunately the mailings went out to the wrong addresses. "CVS Caremark is in the process of notifying the affected members that due to a programming error, letters intended for fewer than 350 plan members were sent to incorrect addresses".
 
The company said they sent the mailings July 15 and fixed the error after getting complaints. The information exposed were individual names, addresses and what prescriptions the individuals were on.

 
Information Source:
Media
records from this breach used in our total: 0

July 30, 2014 Rite Aid Pharmacy
Milton, Washington
BSR PHYS
521

Rite Aid Pharmacy in Milton Washington notified customer of a data breach, when someone stole a" stack of expired prescription records from a Rite Aid pharmacy in Milton, the company announced Wednesday".

"The records did not contain Social Security numbers or credit card numbers, and there has been no sign of resulting identity theft", spokeswoman Ashley Flower said.

The theft occurred on June 30 when a burglar entered a back room where the records were stored.

"Flower said 521 customers were notified of the theft via mail. She did not know how many records were stolen. The affected customers were offered a free identity theft consultation".

Those who were affected can contact Kroll Inc. at 855-269-6547 or Rite Aid at 800-RITE-AID.


Read more here: http://www.thenewstribune.com/2014/07/30/3309632/expired-prescription-records-stolen.html#storylink=cpy

 
Information Source:
Media
records from this breach used in our total: 0

July 30, 2014 Lasko Group, Inc.
West Chester, Pennsylvania
BSR HACK

Unknown

Lasko Group Inc. announced a data breach of customers who purchased on-line parts from them and Air King America Inc. Both companies were the victims of "phishing" emails from an unknown third party. These fraudulent emails led to unauthorized access to their computer network. 

Information breached included names, email addresses, phone numbers, credit card numbers, and credit card expiration dates.

The company is offering AllClearID protect your identity for one year at no cost to those affected. For those who are affected they can sign-up by calling 1-866-979-2595 or at enroll.allclearid.com. The company has also established a confidential assistance line for questions or concerns at 1-877-218-0052 from 9:00 a.m. to 7:00 p.m. EST.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 29, 2014 Northern Trust Company
Chicago, Illinois
BSO DISC

Unknown

The Northern Trust Company communicated a data breach to customers that involved their personal information. Northern Trust Company "provides or previously provided payment services for an employee benefits plan or program in which you participate or participated through. In that capacity, Northern Trust is responsible for maintaining certain personal information about you as a participant of that plan. Regrettably, we are writing to inform you about an inadvertent disclosure by Northern Trust of some of that information".

"As part of normal procedures, Northern Trust sends participant information to record-keeping companies that assist in administering those benefit plans and programs. In late May, a Northern Trust employee transmitted a file containing your information to one of our record-keeping companies that was not responsible for the plan in which you participate (d). The information included your name, address, Social Security number, and benefits plan or program account number, as well as other information about your benefits plan or program account, such as your payment /deduction amounts and, in some situations, bank routing and account numbers used for direct deposits".

 
Information Source:
records from this breach used in our total: 0

July 28, 2014 Backcountry Gear
Eugene, Oregon
BSR HACK

Unknown

Backcountry Gear notified customers of a data breach with a server that handles credit card information. The company discovered malware that was put onto their server that was able to gain customer names, addresses, purchase information, and credit card/debit card information.

The company has stated they do not collect pin numbers or bank account numbers in a transaction so those would not have been compromised in the breach.

For those who were affected and have questions can call 1-800-953-5499 ext. 5 or email at data@backcountrygear.com.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 23, 2014 Wall Street Journal
New York, New York
BSO HACK

Uknown

The Wall Street Journal was compromised by a Russian hacker who posted images of a list of user accounts claiming they were from the Wall Street Journal. The Wall Street Journal claimed they had an intrusion but that no data was affected.

The information has yet to be confirmed that it was from the Wall Street Journal, however the same type of intrusion was recently confirmed when this same hacker claimed an intrusion to CNET.

 
Information Source:
Media
records from this breach used in our total: 0

July 22, 2014 Vice.com
Brooklyn, New York
BSO HACK

Unknown

Reportedly a "Russian hacker group known as W0rm tweeted, along with screenshots, that it had hacked popular news, arts and culture site Vice.com and The Wall Street Journal website, and would sell each stolen database for Bitcoin."

The company has communicated that a hacker was able to access a list of Vice.com CMS users. This list included email addresses and hashed passwords. The company communicated that they since have patched the vulnerablity.

 
Information Source:
Media
records from this breach used in our total: 0

July 21, 2014 Dominion Resources Inc.
Richmond, Virginia
BSO HACK

1,700

Personal information of more than 1,700 people at Dominion Resources Inc. were compromised when unauthorized parties hacked the employee wellness plan. The hacker gained access via a subcontractor's system, StayWell Health Management LLC who runs Dominions "Well on Your Way" program which includes a health screening, to gain the information hacked.

The hacking actually occurred at a vendor Stay Well uses, Onsite Health Diagnostics, based in Irvine, Texas, that provideds the sign-up mechanism for "Well on Your Way's" health-screening appointments.

The information included individuals' names, addresses, email addresses, phone numbers, gender and dates of birth of employees, spouses and domestic partners who went online to schedul a health-screening appointment going back to 2012.

"Dominion Resources said the company was notified of the breach on June 24 but didn't learn the identities of those affected until July 7th. Dominion Resources is investigating why it took so long for the company to be notified. They are no longer using Onsite Health Diagnostics for scheduling".

 
Information Source:
Media
records from this breach used in our total: 0

July 18, 2014 Penn Medicine Rittenhouse
Philadelphia, Pennsylvania
MED PHYS

661

Penn Medicine had to announce a data breach involving receipts that were stolen last month from a locked office in Pennsylvania Hospital.

The information on the receipts included combinations of patient names, dates of birth and the last four digits of credit card numbers.

 
Information Source:
Media
records from this breach used in our total: 0

July 17, 2014 Total Bank
Miami, Florida
BSF HACK

72,500

Total Bank,  a subsidiary of Banco Popular that has 21 locations in South Florida, is notifying 72,500 customers that their account information was potentially exposed after an unauthorized third party gained access to the bank's computer network.

Information obtained by this unauthorized third party included names, addresses, account numbers, account balances, Social Security numbers and driver's license numbers.

The bank is offering 12 months free of credit monitoring services for those that were affected.

 
Information Source:
Media
records from this breach used in our total: 72,500

July 17, 2014 Bank of America
Baltimore, Maryland
BSF DISC

Unknown

Aon Hewitt, a human resources benefits service provider for Bank of America, was made aware that a vendor's former employee (Hexaware) saed a copy of certain files and inadvertently uploaded them to an FTP site.

The file contained names and Social Security numbers.

 

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 0

July 17, 2014 Freshology
Burbank, California
BSR HACK

Unknown

Only July 1, 2014 Freshology was performing a routine review of its Internet website and discovered unauthorized code. This code may have compromised billing names, addresses and credit/debit card information of customers.

 

 
Information Source:
New Hampshire Attorney General
records from this breach used in our total: 0

July 16, 2014 Central City Concern
Portland, Oregon
NGO DISC

15

Central City Concern in Oregon suffered a data breach when an unauthorized access resulted in the breach of clients data.

"On April 2, 2014, a federal law enforcement official notified Central City Concern that a former Central City Concern employee has been accused of improperly copying information from approximately 15 Central City Concern clients from its Employment Access Center (EAC) program with the intent of processing fraudulent tax returns in their names".

The information breached included names, dates of birth, Social Security numbers, addresses, and health information of EAC clients.

Client inquiries regarding this incident may be directed to 866-778-1144866-778-1144, Monday through Friday from 6:00 AM to 6:00 PM Pacific Time. 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 15

July 16, 2014 Bay Area Pain Medical Associates
Sausalito, California
MED STAT

2,780

Bay Area Pain Medical Associates have notified patients of a data breach when several of their desktop computers were stolen.

There were approximately 2,780 patients first and last names, number of years the patients had been seen at their practice. The are reporting that the computer data was encrypted and inaccessible, there was an Excel spreadsheet that containing this information that could have possibly been accessed. No Social Security numbers, dates of birth, financial information, contact information or medical information was exposed.

The facility is offering 12 months free of AllClearID. Those affected can call 1-877-579-2269.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 16, 2014 Apple Valley Christian Care Center
Apple Valley, California
MED DISC

500

Apple Valley Christian Care Center has notified individuals of a security breach of their system when a "technical glitch" occurred. The center communicated that the compromised data varied greatly.

The information included Social Security numbers, dates of birth, home addresses, dates of stays, Medi-Cal ID numbers, Medicare ID numbers, and/or other insurance information such as Medi-Cal appeals, diagnosis codes, treatment information and medical history.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 500

July 16, 2014 Douglas County School District
Castle Rock, Colorado
EDU PORT

Unknown

Douglas County School District notified employees of a data breach of their personal information when a laptop containing their personal information was stolen.

In a letter sent to district employees, the district stated that the stolen computer contained some workers' Social Security numbers and bank account information.

The district is currently investigating the breach.

 
Information Source:
Media
records from this breach used in our total: 0

July 15, 2014 Atlantic Automotive Corporation/dba One Mile Automotive
Towson, Maryland
BSO HACK

Unknown

One Mile Automotive is notifying customers of a data breach of one of their third party vendors, Trade Motion who operates automobile websites and has notified One Mile Automotive that this breach could have included personal information of some of its customers.

The information included names, addresses, email addreasses, telephone numbers, credit card information.

Those who are affected should call 1-855-505-2774.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 15, 2014 City of Encinitas/San Dieguito Water District
Encinitas, California
GOV DISC

Unknown

"City of Encinitas and San Dieguito Water District recently were made aware that a Cal-PERS payment document containing Social Security numbers with corresponding employee and former employee names had inadvertently been made accessible to the public on the City’s website on or about May 13, 2014 to July 3, 2014. Based on our research, we found the exposure has been limited to (16) people that accessed the document during that period."

The document contained information of employees and former employees who were enrolled in Cal-PERS during the following timeframes:

City of Encinitas–July 1993-October 2011

City of Encinitas Fire Safety/Fire Protection District–July 1986–October 2011

San Dieguito Water District-July 1989–October 2011

The city of Encinitas is offering 1 year free membership of Protect MyID Alert from Consumer Info.com by Experian.

For those affected with questions contact Courtney Barrett at 760-633-2631 or Jace Schwarm at 760-633-2636.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 15, 2014 Bank of The West
San Francisco, California
BSF HACK

Unknown

Bank of The West notified customers of an email scam that involved two employees' remote bank email login credentials being compromised. As a result of this unauthorized access, customer information could be at risk.

The information includes names, account numbers, loan numbers, Social Security numbers.

The bank if offering one year free of First Watch ID for those affected. For those with questions regarding the service they can call 1-866-310-7373 or 1-800-488-2265.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 14, 2014 Orangeburg-Calhoun Technical College
Orangeburg, South Carolina
EDU PORT

20,000

"Orangeburg-Calhoun Technical College in South Carolina is notifying 20,000 former and current students and faculty members that an unencrypted laptop computer stolen this month from a staff member's office contained their personal information."

The information contained on the laptops included names, birth dates and Social Security numbers of individuals.

The college stated that the information goes back 6 or 7 years and that they believe the thief was after the hardware, not the data stored on it. The college neglected to comment on whether or not they are providing credit monitoring services for those affected.

 
Information Source:
Media
records from this breach used in our total: 20,000

July 14, 2014 Goodwill Industries International Inc.
Rockville, Maryland
BSR HACK

Unknown

Financial institutions are tracking what appears to be fraudulent activity at numerous Goodwill retail stores. The fraudulent activity involves credit card breaches and that the compromised credit cards appear to have started at Goodwill stores across the country. The credit card information is then showing up at other retail establishments, similar to the breaches that occurred at Target, Neiman Marcus, P.F. Changs, etc.

“Goodwill Industries International was contacted last Friday afternoon by a payment card industry fraud investigative unit and federal authorities informing us that select U.S. store locations may have been the victims of possible theft of payment card numbers,” the company wrote in an email.

“Investigators are currently reviewing available information,” the statement continued. “At this point, no breach has been confirmed but an investigation is underway. Goodwills across the country take the data of consumers seriously and their community well-being is our number one concern. Goodwill Industries International is working with industry contacts and the federal authorities on the investigation. We will remain appraised of the situation and will work proactively with any individual local Goodwill involved taking appropriate actions if a data compromise is uncovered.”

Goodwill Industries stated they learned of the potential breach on July 18th and is working with federal investigators to determine if the breach is legitimate and if legitimate. how many stores were affected.

 
Information Source:
Krebs On Security
records from this breach used in our total: 0

July 14, 2014 CNET
New York, New York
BSO HACK

Unknown

Russian hackers infiltrated servers of CNET by the name of W0rm and the Twitter handle @rev-priv8, who "posted an image of remote access to a CNET.com server, with a screenshot of a shell proving a compromise of the site".

CNET would not comment on the nature of the attack or what information was compromised, they have just communicated that they have fixed the problem.

"The image posted on Twitter would indicate the hacker could access and upload files to the website. It's pretty difficult to say how they did it, though. One source suggested it was likely a content management system breach - something like a WordPress or Joomla exploit".

 
Information Source:
Media
records from this breach used in our total: 0

July 11, 2014 Boeing
Seattle, Washington
BSO HACK

Unknown

"Federal prosecutors have charged the owner of a Chinese aviation firm with trying to steal data about U.S. military aircraft by hacking into the computer networks of Boeing and other U.S. companies, according to a federal complaint unsealed in Los Angeles this week.

According to authorities, the individuals allegedly stole information on  Boeing’s C-17 transport plane. Evidence shows that the Chinese hackers obtained large amounts of data on dozens of  military projects.

 
Information Source:
Media
records from this breach used in our total: 0

July 11, 2014 Lockheed Martin
Fortworth, Texas
BSO HACK

Unknown

"Federal prosecutors have charged the owner of a Chinese aviation firm with trying to steal data about U.S. military aircraft by hacking into the computer networks of Lockheed Martin and other U.S. companies, according to a federal complaint unsealed in Los Angeles this week".

Allegedly, the Chinese hackers stole information about Lockheed’s F-22 and F-35 fighter jets.  Large amount of data were stolen on a dozen U.S military projects.

 
Information Source:
Media
records from this breach used in our total: 0

July 11, 2014 University of Illinois, Chicago
Chicago, Illinois
EDU HACK

Unknown

The University Illinois Chicago (UIC) notified former students of a data breach to their system that included the exposure of personal data.

"A website security breach made two College of Business Administration documents from the 2002 spring semester accessible — a roster from a Special Topics in Accounting course and an advising list for all junior and senior accounting majors, according to a statement from the university".

Personal information was exposed, including Social Security numbers. The university has not stated how many students were affected, and the breach is currently under investigation.

 
Information Source:
Media
records from this breach used in our total: 0

July 10, 2014 University Development and Alumni Relations at the Penn State College of Medicine
Philadelphia, Pennsylvania
EDU HACK

1,176

Penn State has notified 1,176 individuals that a data breach of their personal information had been breached.  The Office of University Development and Alumni Relations at the Penn State College of Medicine was found to be "infected with malware that enabled it to communicate with an unauthorized computer outside the network".

The university used Social Security numbers as a personally identifiable number for students and these SSNs were found in an archived College of Medicine alumni list last used in 2005.

The university put out this information:

"For information about Penn State's efforts to minimize computer security risks, visit the University's Be Safe website at http://its.psu.edu/be-safe. For more detailed information about identity theft risks and prevention, visit http://www.ftc.gov/bcp/edu/microsites/idtheft/."

 

 
Information Source:
Media
records from this breach used in our total: 1,176

Breach Total
872,715,019 RECORDS BREACHED
(Please see explanation about this total.)
from 4,391 DATA BREACHES made public since 2005
Showing 1-50 of 4391 results


X

Sign In!

Loading