Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
868,045,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,347 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
July 21, 2014 Dominion Resources Inc.
Richmond, Virginia
BSO HACK

1,700

Personal information of more than 1,700 people at Dominion Resources Inc. were compromised when unauthorized parties hacked the employee wellness plan. The hacker gained access via a subcontractor's system, StayWell Health Management LLC who runs Dominions "Well on Your Way" program which includes a health screening, to gain the information hacked.

The hacking actually occurred at a vendor Stay Well uses, Onsite Health Diagnostics, based in Irvine, Texas, that provideds the sign-up mechanism for "Well on Your Way's" health-screening appointments.

The information included individuals' names, addresses, email addresses, phone numbers, gender and dates of birth of employees, spouses and domestic partners who went online to schedul a health-screening appointment going back to 2012.

"Dominion Resources said the company was notified of the breach on June 24 but didn't learn the identities of those affected until July 7th. Dominion Resources is investigating why it took so long for the company to be notified. They are no longer using Onsite Health Diagnostics for scheduling".

 
Information Source:
Media
records from this breach used in our total: 0

July 18, 2014 Penn Medicine Rittenhouse
Philadelphia, Pennsylvania
MED PHYS

661

Penn Medicine had to announce a data breach involving receipts that were stolen last month from a locked office in Pennsylvania Hospital.

The information on the receipts included combinations of patient names, dates of birth and the last four digits of credit card numbers.

 
Information Source:
Media
records from this breach used in our total: 0

July 17, 2014 Total Bank
Miami, Florida
BSF HACK

72,500

Total Bank,  a subsidiary of Banco Popular that has 21 locations in South Florida, is notifying 72,500 customers that their account information was potentially exposed after an unauthorized third party gained access to the bank's computer network.

Information obtained by this unauthorized third party included names, addresses, account numbers, account balances, Social Security numbers and driver's license numbers.

The bank is offering 12 months free of credit monitoring services for those that were affected.

 
Information Source:
Media
records from this breach used in our total: 72,500

July 16, 2014 Central City Concern
Portland, Oregon
NGO DISC

15

Central City Concern in Oregon suffered a data breach when an unauthorized access resulted in the breach of clients data.

"On April 2, 2014, a federal law enforcement official notified Central City Concern that a former Central City Concern employee has been accused of improperly copying information from approximately 15 Central City Concern clients from its Employment Access Center (EAC) program with the intent of processing fraudulent tax returns in their names".

The information breached included names, dates of birth, Social Security numbers, addresses, and health information of EAC clients.

Client inquiries regarding this incident may be directed to 866-778-1144866-778-1144, Monday through Friday from 6:00 AM to 6:00 PM Pacific Time. 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 15

July 16, 2014 Bay Area Pain Medical Associates
Sausalito, California
MED STAT

2,780

Bay Area Pain Medical Associates have notified patients of a data breach when several of their desktop computers were stolen.

There were approximately 2,780 patients first and last names, number of years the patients had been seen at their practice. The are reporting that the computer data was encrypted and inaccessible, there was an Excel spreadsheet that containing this information that could have possibly been accessed. No Social Security numbers, dates of birth, financial information, contact information or medical information was exposed.

The facility is offering 12 months free of AllClearID. Those affected can call 1-877-579-2269.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 16, 2014 Apple Valley Christian Care Center
Apple Valley, California
MED DISC

500

Apple Valley Christian Care Center has notified individuals of a security breach of their system when a "technical glitch" occurred. The center communicated that the compromised data varied greatly.

The information included Social Security numbers, dates of birth, home addresses, dates of stays, Medi-Cal ID numbers, Medicare ID numbers, and/or other insurance information such as Medi-Cal appeals, diagnosis codes, treatment information and medical history.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 500

July 16, 2014 Douglas County School District
Castle Rock, Colorado
EDU PORT

Unknown

Douglas County School District notified employees of a data breach of their personal information when a laptop containing their personal information was stolen.

In a letter sent to district employees, the district stated that the stolen computer contained some workers' Social Security numbers and bank account information.

The district is currently investigating the breach.

 
Information Source:
Media
records from this breach used in our total: 0

July 15, 2014 Atlantic Automotive Corporation/dba One Mile Automotive
Towson, Maryland
BSO HACK

Unknown

One Mile Automotive is notifying customers of a data breach of one of their third party vendors, Trade Motion who operates automobile websites and has notified One Mile Automotive that this breach could have included personal information of some of its customers.

The information included names, addresses, email addreasses, telephone numbers, credit card information.

Those who are affected should call 1-855-505-2774.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 15, 2014 City of Encinitas/San Dieguito Water District
Encinitas, California
GOV DISC

Unknown

"City of Encinitas and San Dieguito Water District recently were made aware that a Cal-PERS payment document containing Social Security numbers with corresponding employee and former employee names had inadvertently been made accessible to the public on the City’s website on or about May 13, 2014 to July 3, 2014. Based on our research, we found the exposure has been limited to (16) people that accessed the document during that period."

The document contained information of employees and former employees who were enrolled in Cal-PERS during the following timeframes:

City of Encinitas–July 1993-October 2011

City of Encinitas Fire Safety/Fire Protection District–July 1986–October 2011

San Dieguito Water District-July 1989–October 2011

The city of Encinitas is offering 1 year free membership of Protect MyID Alert from Consumer Info.com by Experian.

For those affected with questions contact Courtney Barrett at 760-633-2631 or Jace Schwarm at 760-633-2636.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 15, 2014 Bank of The West
San Francisco, California
BSF HACK

Unknown

Bank of The West notified customers of an email scam that involved two employees' remote bank email login credentials being compromised. As a result of this unauthorized access, customer information could be at risk.

The information includes names, account numbers, loan numbers, Social Security numbers.

The bank if offering one year free of First Watch ID for those affected. For those with questions regarding the service they can call 1-866-310-7373 or 1-800-488-2265.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 14, 2014 Orangeburg-Calhoun Technical College
Orangeburg, South Carolina
EDU PORT

20,000

"Orangeburg-Calhoun Technical College in South Carolina is notifying 20,000 former and current students and faculty members that an unencrypted laptop computer stolen this month from a staff member's office contained their personal information."

The information contained on the laptops included names, birth dates and Social Security numbers of individuals.

The college stated that the information goes back 6 or 7 years and that they believe the thief was after the hardware, not the data stored on it. The college neglected to comment on whether or not they are providing credit monitoring services for those affected.

 
Information Source:
Media
records from this breach used in our total: 20,000

July 14, 2014 Goodwill Industries International Inc.
Rockville, Maryland
BSR HACK

Unknown

Financial institutions are tracking what appears to be fraudulent activity at numerous Goodwill retail stores. The fraudulent activity involves credit card breaches and that the compromised credit cards appear to have started at Goodwill stores across the country. The credit card information is then showing up at other retail establishments, similar to the breaches that occurred at Target, Neiman Marcus, P.F. Changs, etc.

“Goodwill Industries International was contacted last Friday afternoon by a payment card industry fraud investigative unit and federal authorities informing us that select U.S. store locations may have been the victims of possible theft of payment card numbers,” the company wrote in an email.

“Investigators are currently reviewing available information,” the statement continued. “At this point, no breach has been confirmed but an investigation is underway. Goodwills across the country take the data of consumers seriously and their community well-being is our number one concern. Goodwill Industries International is working with industry contacts and the federal authorities on the investigation. We will remain appraised of the situation and will work proactively with any individual local Goodwill involved taking appropriate actions if a data compromise is uncovered.”

Goodwill Industries stated they learned of the potential breach on July 18th and is working with federal investigators to determine if the breach is legitimate and if legitimate. how many stores were affected.

 
Information Source:
Krebs On Security
records from this breach used in our total: 0

July 11, 2014 Boeing
Seattle, Washington
BSO HACK

Unknown

"Federal prosecutors have charged the owner of a Chinese aviation firm with trying to steal data about U.S. military aircraft by hacking into the computer networks of Boeing and other U.S. companies, according to a federal complaint unsealed in Los Angeles this week.

According to authorities, the individuals allegedly stole information on  Boeing’s C-17 transport plane. Evidence shows that the Chinese hackers obtained large amounts of data on dozens of  military projects.

 
Information Source:
Media
records from this breach used in our total: 0

July 11, 2014 Lockheed Martin
Fortworth, Texas
BSO HACK

Unknown

"Federal prosecutors have charged the owner of a Chinese aviation firm with trying to steal data about U.S. military aircraft by hacking into the computer networks of Lockheed Martin and other U.S. companies, according to a federal complaint unsealed in Los Angeles this week".

Allegedly, the Chinese hackers stole information about Lockheed’s F-22 and F-35 fighter jets.  Large amount of data were stolen on a dozen U.S military projects.

 
Information Source:
Media
records from this breach used in our total: 0

July 11, 2014 University of Illinois, Chicago
Chicago, Illinois
EDU HACK

Unknown

The University Illinois Chicago (UIC) notified former students of a data breach to their system that included the exposure of personal data.

"A website security breach made two College of Business Administration documents from the 2002 spring semester accessible — a roster from a Special Topics in Accounting course and an advising list for all junior and senior accounting majors, according to a statement from the university".

Personal information was exposed, including Social Security numbers. The university has not stated how many students were affected, and the breach is currently under investigation.

 
Information Source:
Media
records from this breach used in our total: 0

July 10, 2014 University Development and Alumni Relations at the Penn State College of Medicine
Philadelphia, Pennsylvania
EDU HACK

1,176

Penn State has notified 1,176 individuals that a data breach of their personal information had been breached.  The Office of University Development and Alumni Relations at the Penn State College of Medicine was found to be "infected with malware that enabled it to communicate with an unauthorized computer outside the network".

The university used Social Security numbers as a personally identifiable number for students and these SSNs were found in an archived College of Medicine alumni list last used in 2005.

The university put out this information:

"For information about Penn State's efforts to minimize computer security risks, visit the University's Be Safe website at http://its.psu.edu/be-safe. For more detailed information about identity theft risks and prevention, visit http://www.ftc.gov/bcp/edu/microsites/idtheft/."

 

 
Information Source:
Media
records from this breach used in our total: 1,176

July 9, 2014 Office of Personnel Management
Washington, District Of Columbia
GOV HACK

Unknown

In March 2014, it has been reported that Chinese hackers broke into the computer networks of the United States government, specifically The Office of Personnel Management, which houses personal information of all federal employees. The hackers appeared to be targeting the files on "tens of thousands of employees who have applied for top-secret security clearance."

"The hackers gained access to some of the databases of the Office of Personnel Management before the federal authorities detected the threat and blocked them from the network, according to the officials. It is not yet clear how far the hackers penetrated the agency’s systems, in which applicants for security clearances list their foreign contacts, previous jobs and personal information like past drug use."

This particular hacking is unusual as the US computer systems are constantly being hacked by international hackers, but up until this point, have been stopped before any information was compromised.

Currently, officials are investigating to pinpoint exactly where these attacks came from.

 
Information Source:
Media
records from this breach used in our total: 0

July 8, 2014 Heartland Automotive/Jiffy Lube
Irving, Texas
BSO PORT

Uknown

Heartland Automotive (Jiffy Lube) has notified customers of a data breach that has occured when one of their company owned laptop was stolen with personal information on it.

The information included names, addresses, dates of birth, Social Security numbers.

The company is offering 12 months free of AllClearID. For those affected call 1-877-437-4004.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 8, 2014 The Houstonian Hotel, Club and Spa
Houston, Texas
BSO HACK

Unknown

Secret Service notified The Houstonian Hotel, Club and Spa regarding a breach to their system that houses customer credit card information.

Once the notification happened, the company launched a forensics investigation and discovered that their POS system had been accessed by an unauthorized third party from December 2013 through June 2014, and that the credit card information stored on these systems were compromised.

The company has since stopped the intrusions, but has not communicated how many individuals were affected by the breach. The company is offering 12 months free of credit monitoring services for those affected.

 
Information Source:
Media
records from this breach used in our total: 0

July 8, 2014 Aecom
Los Angles, California
BSO HACK

Unknown

Aecom has notified current and prior employees of a data breach that exposed employee personnel files. Hackers were able to penetrate their corporate network, which included the employee payroll system for the US specifically.

The information exposed inlcuded names, addresses, Social Security numbers, personal bank account numbers and routing numbers.

The company has set up 12 months of All ClearID at no cost. For those affected they can call which can be reached at 1-877-615-3770.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 7, 2014 Legal Sea Foods
Boston, Massachusetts
BSO HACK

Unknown

Legal Sea Foods informed customers of a data breach that occured on June 5, 2014 that a segment of their mail order web sales and e-commerce environment, that an unauthorized person gained access to a server that contained information from mail order web customer transactions.

After an investigation, transactions made between Jaunary 1, 2014 and May 21, 2014 were potentially affected, which included transactions used with credit cards. Names, credit card numbers, card expiratin dates, and card verification values may have been breached.

The company has informed their payment processing company of the breach and the processor has been working with the credit card companies to provide them the card numbers of those affected.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

July 4, 2014 St. Vincent Breast Center
Indianapolis, Indiana
MED DISC

63,000

St. Vincent Breast Center have announced that patient's health information may have been breached after the center sent around 63,000 letters to the wrong patients. The letters included patient names, addresses and in certain references to scheduled appointments. Reportedly no Social Security numbers, financial information or clinical information.

"St.Vincent Breast Center entered into an agreement with Indianapolis Breast Center P.C. and Solis Women’s Health Breast Imaging Specialists of Indiana P.C. after they both closed last year.

On May 5, St.Vincent Breast Center mailed letters intended for prior patients of the Indianapolis Breast Center and Solis Women’s Health to inform them that St.Vincent was available to provide care. Some letters also welcomed patients who had previously scheduled healthcare services.

Officials said on May 15, people who had accidentally received another person’s letter began calling St.Vincent".

For those affected they can call 1-877-216-3862 from Monday through Friday 9:00 a.m. to 7:00 p.m.

 
Information Source:
Media
records from this breach used in our total: 0

July 3, 2014 Watermark Retirement Communities
Tuscon, Arizona
BSO PORT

Unknown

Watermark Retirement Communities Inc. informed current and former employees of the facility of a data breach when a laptop was stolen on June 13, 2014. The information on these laptops included names, addresses, telephone numbers, email addresses, dates of birth and Social Security numbers. The laptop was password protected.

For those affected they can call 1-800-597-66181-800-597-6618.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 3, 2014 Blue Shield of California/Department of Managed Healthcare
San Francisco, California
BSF DISC

18,000

The Department of Managed Health Care informed individuals of a breach concerning their personal information. Health plans regulated by the Department of Managed Health Care (DMHC) are required to provide the DMHC periodically with current rosters of the medical providers the health plans contract with.

These plans are not supposed to include confidential or personal information in the rosters because these rosters are generally public documents.

"The DMHC discovered that Blue Shield of California had inadvertently included provider Social Security numbers in the rosters Blue Shield provided to the DMHC in February, March and April, 2013". Blue Shield neglected to inform the DMHC that the information was confidential or alert the DMHC that a mistake had been made on the documentation.

The information included Social Security numbers, providers' names, business addresses, business telephone numbers, medical groups, and practice areas.

For those affected Blue Shield is offering you a free-one-year membership in Experian's ProtectMyID Alert.  For those with questions they can call 1-877-371-7902.

 
Information Source:
California Attorney General
records from this breach used in our total: 18,000

July 2, 2014 Milford Schools
Milford, Massachusetts
EDU PORT

25

Up to  25 students at Milford Schools may have had their personal information stolen due to a data breach with a third party billing service, Multi-State Billing Services, located in Somersworth, New Hampshire, when an employee's laptop was stolen from their locked vehicle in May.

The laptop was password protected but not encrypted, contained information on nearly 3,000 students from 19 school districts in Central and Eastern Massachusetts.

The information on the laptop included names, addresses, Medicaid ID numbers and Social Security numbers.

Multi-State Billing will reimburse costs related to security freezes for the next three years. Information about reimbursement can be obtained by emailing customersupport@msb-services.com or phoning (855) 285-7433(855) 285-7433  . Because the children aren't actual victims of identity theft, the credit agencies may charge up to $5 each time to place, temporarily lift or permanently remove a security freeze.

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 25

July 2, 2014 Multi-State Billing Services
Somersworth, New Hampshire
BSF PORT

3,000

Multi-State Billing Services LLC has let 19 school districts that they service, that a laptop that was stolen from an employee's locked vehicle contained records on nearly 3,000 students in 19 different school districts in Central and Eastern Massachusetts. The Central districts include Uxbridge,  Ashburnham-Westminster Regional, Milford, Northboro, Northboro-Southboro Regional, Southboro and Sutton. Information on which Eastern school districts is currently unknown.

The information on the laptop included names, addresses, Medicaid ID numbers and Social Security numbers.

Multi-State Billing will reimburse costs related to security freezes for the next three years. Information about reimbursement can be obtained by emailing customersupport@msb-services.com or phoning (855) 285-7433(855) 285-7433 . Because the children aren't actual victims of identity theft, the credit agencies may charge up to $5 each time to place, temporarily lift or permanently remove a security freeze.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 3,000

July 2, 2014 Uxbridge School District
Uxbridge, Massachusetts
EDU PORT

Unknown

Students at Uxbridge School District may have had their personal information stolen due to a data breach with a third party billing service, Multi-State Billing Services, located in Somersworth, New Hampshire, when an employee's laptop was stolen from their locked vehicle in May.

The laptop was password protected but not encrypted, contained information on nearly 3,000 students from 19 school districts in Central and Eastern Massachusetts.

The information on the laptop included names, addresses, Medicaid ID numbers and Social Security numbers.

Multi-State Billing will reimburse costs related to security freezes for the next three years. Information about reimbursement can be obtained by emailing customersupport@msb-services.com or phoning (855) 285-7433(855) 285-7433  . Because the children aren't actual victims of identity theft, the credit agencies may charge up to $5 each time to place, temporarily lift or permanently remove a security freeze.

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 2, 2014 Goldman Sachs
New York, New York
BSF DISC

Unknown

 

Goldman Sachs Group Inc warned customers of a data breach that occured when an outside contractor emailed confidential client data to a stranger's Gmail account by mistake. The bank has asked a U.S. judge to order Google Inc to delete the email to avert a "needless and massive" breach of privacy.

 

"The breach occurred on June 23 and included "highly confidential brokerage account information," Goldman said in a complaint filed last Friday in a New York state court in Manhattan".

Goldman Sachs did not say how many people were affected and are asking Google to assist in tracking down who has access to the data.

The contractor meant to email a report to a gs.com account but inadvertently sent it to a similar email address with a gmail.com account. Goldman Sachs has not been able to retrieve the report and has not received a response back by the individual who owns the gmail account.

 
Information Source:
Media
records from this breach used in our total: 0

July 1, 2014 Vermont Health Exchange
Williston, Vermont
MED HACK

Unknown

A Romanian hacker accessed the Vermont Health Exchange's development server last December gaining access at least 15 times and going undetected for a month.

"CGI Group, the tech firm hired to build Vermont Health Connect, described the risk as “high” in a report about the attack. It also found possible evidence of sophisticated “counter-forensics activity performed by the attacker to cover his/her tracks.”"

"The report says that no private consumer information was stored on the hacked server, and that CGI Group had “verified that no additional servers [that may store private data] communicated with any of the identified attacker IP addresses.”"

This individual was able to gain access to the server because the defaut password on that server was never changed (in violation of guidelines laid out in the state’s official policy) along with the fact that the access to the server was never restricted to those users who were known and authorized to be on the server.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

June 30, 2014 Butler University
Indianapolis, Indiana
EDU HACK

163,000

Butler University in Indianapolis Indiana informed students, staff and alumni of a data breach to their system. Over 160,000 individuals may have been affected when hackers may have accessed their personal information.

The university was contacted by California officials to "inform them that they had arrested an identity theft suspect who had a flash drive with Butler employee's personal information on it". In a letter sent to those affected, the university has said that "someone hacked the school's network sometime between November 2013 and May 2014".

The school officials have discovered that the information exposed included birthdates, Social Security numbers and bank account information of approximately 163,000 students, faculty and staff, alumni, and prospective students who never enrolle in classes at Butler.

The university is offering a year of free credit monitoring.

 

 
Information Source:
Media
records from this breach used in our total: 163,000

June 27, 2014 Benjamin F. Edwards & Company
St. Louis, Missouri
BSF HACK

Unknown

On May 27, 2014 Benjamin Franklin Edwards & Company (BFE) discovered an unauthorized access to their database which may have resulted in personal information of it's customers being compromised. The company did not provide the exact information that was stored on their system, nor have they communicated how many individuals were involved.

For those that have an account and may have been affected the company is offering one year free of AllClearPro. They are asking individuals to contact their financial consultant for more information or go to www.enroll.allclearid.com to enroll.

 
Information Source:
records from this breach used in our total: 0

June 26, 2014 Sterne, Agee & Leach
Birmingham, Alabama
BSF PORT

Unknown

Sterne, Agee & Leach has contacted customers regarding a data security incident that occured between May 29th and 30th, 2014.

An employee of the brokerage firm was unable to locate their firm-issued laptop, which was password protected, but the data stored locally on the laptop was not encrypted. The data stored on the laptop included "account information utilized for mailing to certain Private Client Group customers whose accounts were opened between July1, 1992 and June 30, 2013".

The information may have included names, addresses, account numbers and Social Security numbers. The information did not include dates of birth, account holdings, account passwords or access codes.

The firm is offering a free one year membership to Experian's ProtectMyID. Those affected must enroll by September 30, 2014, and can visit the website to enroll at www.protecmyide.com/redeem and utilize the activation code in the letter sent by the firm.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 26, 2014 Record Assist LLC
Houston, Texas
BSO HACK

Unknown

Record Assist, LLC informed cstomers of an unauthorized access to their order processing system for ExpressVitals.com. The unauthorized access could have led to obtaining information such as the individuals name, address, credit card number, security code and Social Security number.

Those who are affected can contact the company at P.O Box 19686, Houston Texas 77224-9868 or call 1-844-245-5654.

 
Information Source:
records from this breach used in our total: 0

June 26, 2014 Orange Public School District
Orange, New Jersey
EDU HACK

Unknown

A 16 year old New Jersey teen has been charged with unlawfully accessing the Orange Public School District's database and changing final grades and attendance records.

The Orange High School sophomore is facing multiple counts of second-degree computer theft for unlawfully accessing and altering data an one cound of hindering apprehension.

Reportedly, the student accessed the computer system after obtaining the password of a staff member. Authorities do not know how the teen was able to gain the password information. An investigation is still underway.

 

 
Information Source:
Media
records from this breach used in our total: 0

June 26, 2014 Splash Car Wash
Greenwich, Connecticut
BSR HACK

120,000

Splash car wash has notified approximately 30,000 customers of a data breach to their system when malwar was found on their point of sale system at several of their locations affecting and potentially breaching credit card data.

The car wash operates 13 locations in New York and Connecticut and was alerted by American Express of the breach. As soon as customers swiped their cards, the information was stolen, not giving the companies system time to encrypt the data. The breach is being investigated by authorities.

 
Information Source:
Media
records from this breach used in our total: 120,000

June 24, 2014 Riverside County Regional Medical Center
Moreno Valley, California
MED PORT

Unknown

The Riverside Regional Medical Center has notified patients of the loss of a laptop computer that contained personal patient information. The laptop went missing from a diagnostic services office in the hospital sometime between June 17, 2014 and June 18, 2014.

The information on the missing laptop included names, dates of birth, medical record numbers and results of a nerve conduction study, and the names of the referring doctor and the doctor who performed the study.

The hospital did communicate that no Social Security numbers, health insurance information or home addresses were stored on this particular laptop.

For those who were affected, they have been asked to call Christina Quijada at 1-877-500-1255 or the Riverside County Privacy Office at 951-955-5757.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 23, 2014 Silk Road/U.S Marshall Service
Washington, District Of Columbia
BSF HACK

40

"U.S. Marshals Service accidentally CC’d 40 potential Silk Road Bitcoin bidders instead of BCC’ing them. Thanks to a phishing scheme that took advantage of this slipup, though, an Australian bidder lost 100 Bitcoin—worth an estimated $62,000—according to.

A total of 40 individuals received a phishing email on June 21st from someone who claimed to be from "BitFirm Productions". The email asked they these individuals participate in a survey for a client of the fake media firm and to click on a link that was supposed to be a GoogleDoc, instead the link contained malware.

Unfortunately one individual did click on the link that infected his computer and the hackers were able to transfer 100 Bitcoin out of his account.

 

 
Information Source:
Media
records from this breach used in our total: 0

June 20, 2014 UCDC, Washington Center
Washington, District Of Columbia
EDU HACK

Unknown

The University California, Washington Center received a notification of unsolicited emails being sent to alumni of the university. After an investigation, it was revealed that someone accessed the pre-enrollment system, GoSignMeUp.com, which is a cloud-based provider for the online course registration utilized by UCDC to host its online course registration process.

The information breach included usernames, passwords, addresses, principal e-mails, gender, birth dates and UCDC course information. The university has stated that they do not record or store any Social Security numbers or financial account information on any of its databases.

For those who were affected the university is recommending individuals change their password.

Those with questions are asked to contact techhelp@ucdc.edu

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 19, 2014 Rady's Childrens Hospital
San Diego, California
MED DISC

14,100

Rady's Children's Hospital has suffered a data breach when an employee inadvertently sent an email with a file attached to 6 potential job applicants. The applicants were meant to receive approved information for an internal evaluation, instead they received the original file with the information of 14,100 patients. The information included names, dates of birth, primary diagnoses, medical records and insurance carrier claim information. According to the hospital no Social Security numbers,  credit card information, addresses or parent/guardian information were included in this file.

The file contained information on patientes admitted to the hospital between July 1, 2012 through June 30, 2013.

 
Information Source:
Media
records from this breach used in our total: 0

June 18, 2014 The Metropolitan Companies
New York, New York
BSO HACK

Unknown

The Metropolitan Companies, LLC, which is a conglomerate of companies from staffing services to interpreters suffered a data breach as a result of unauthorized access to their computer systems and may have potentially removed documents that included personal information of their customers.

Through an investigation, it has been disclosed that the information that was breached includes names, addresses, phone numbers, email addresses, Social Security numbers, dates of birth, past education, work history, and financial information. The company has not disclosed the number of individuals affected.

For those that may have been affected the company is providing one year of identity theft protection through Kroll. They can be contacted at 1-855-781-0033 to speak with a licensed investigator or visit their website at Visit www.kroll.idMonitoringService.com.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 17, 2014 Service Alternatives
Coupeville, Washington
BSO HACK

550

Service Alternatives has informed individuals of a data breach to their payroll system. It appears that an unauthorized third person or persons obtained access to that system between November 2013 and March 2014. The information obtained included full names, addresses, dates of birth (excluding foster parents), Social Security number, Driver's license number or identity card number (excluding foster parents), tax documents, documents provided on form I-9 for anyone hired after Oct. 2010 (excluding foster) parents, bank routing number and account number if direct deposit was ever used.

Those who were affected by the breach may call 1-800-292-6697 or email support@servalt-adm.com

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 550

June 16, 2014 Riverside Community College
Riverside, California
EDU DISC

35,212

Riverside Community College has suffered a data breach affecting 35,212 students. On May 30th, a district employee emailed a file containing information about all students who were enrolled in the spring term to a colleague working at home due to illness, for a research report that was on a deadline. The district employee used a personal email account to send the data because the file was too large for the district's secure email to send. The employee then typed in the incorrect email address.

The information contained in the file included names, addresses, birth dates, Social Security numbers, email addresses, student ID numbers, and telephone numbers.

The district has set up a Call Assistance Center at 1-888-266-9438 for affected students. The center will be open from 6 a.m to 6 p.m Monday through Friday for 90 days.

 
Information Source:
records from this breach used in our total: 35,212

June 12, 2014 Redwood Regional Medical Group
Santa Rosa, California
MED PHYS

33,702

A thumb drive containing 33,702 patient records was stolen from the Redwood Regional Medical Group in Santa Rosa California. An employee placed the thumb drive in a "zipped container in an unlocked locker", where the drive was stolen.

The information contained on the device included patients' first and last names, gender, medical record numbers, date of birth, date and time of service, area of body X-rayed, the X-ray technologist's name and the radiation level required to produce the X-ray. No other images such as MRI's or mammograms were stored on the device.

 The medical center was taken over by St. Joseph Health on April 1st. The records were backed up to the drive as a precaution while they were being moved to Santa Rosa Memorial Hospital's electronic medical records system.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

June 11, 2014 PF Chang's
Scottsdale, Arizona
BSO HACK

Unknown

P.F Chang's is investigating a potential data breach, when credit cards showed up on an underground website that criminals use. Brian Krebs broke the story, when the banks he contacted confirmed that the cards had been used at P.F Chang's restaurants.

P.F Chang's is investigating the allegations currently with authorities.

UPDATE (06/30/2014): PF Chang's has had a class action lawsuit filed against the restaurant chain. The company confirmed on June 12, 2014 that a breach had occured. Some experts believe that the lawsuit is unlikely to succeed because some security experts have said, because proving consumer losses linked to the specific restaurant data breach is difficult to do.

Some believe it was a breach of the restaurants POS system, most likely infiltrated by malware, similar to the Target and Salley Beauty breaches, the restaurant chain has yet to divulge any details, including the number of cards exposed.

 
Information Source:
Krebs On Security
records from this breach used in our total: 0

June 11, 2014 Stanford Federal Credit Union
Palo Alto, California
BSF DISC

18,000

Stanford Federal Credit Union informed 18,000 members that their personal information was sent to another member accidentally. According to the letter sent to the members,  credit union employees recognized the error immediately and the data was destroyed without it being read to the recipient. The data sent was a list of members who were pre-approved for loans. The credit union employee who sent the list inadvertently sent it to a member who had the same first name as the staff member it was meant for.

According to the credit union, the member had not yet read the mail and worked with the staff of the credit union to properly destroy it.

 
Information Source:
California Attorney General
records from this breach used in our total: 18,000

June 10, 2014 AT&T Mobility, LLC
Des Peres, Missouri
BSR INSD

Unknown

AT&T has informed California regulators of a data breach that occurred with a third party service provider.

"Employees of one of our service providers violated our strict privacy and security guidelines by accessing your account without authorization," the company said in a letter to affected customers. "AT&T believes the employees accessed your account as part of an effort to request codes from AT&T than are used to unlock AT&T mobile phones in the secondary mobile phone market."

Personal information such as Social Security numbers and phone records were accessed. The incident took place between April 9th through April 21st, but the California regulators were just informed this week.

AT&T would not disclose how many customers were affected, but the law requires disclosure if more than 500 people have been affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 10, 2014 St. Francis Hospital
Columbus, Georgia
MED DISC

1,175

St. Francis Hospital notified patients of a data breach when a mass email to 1, 175 patients was sent out where all email addresses were visible vs. having each patient being blind copied on the email.

The hospital is claiming that no medical treatment or other personal information was part of the email.

Those St. Francis patients who have questions about the incident are asked to call the hospital at 1-800-723-49981-800-723-4998.

 
Information Source:
Media
records from this breach used in our total: 0

June 10, 2014 Access Health CT
Hartford, Connecticut
BSF INSD

413

The Connecticut health insurance exchange has suffered a data breach, when one of the exchanges employees lost a backpack at a local deli that included names, Social Security numbers and birthdates of 413 individuals.

The employee was not authorized to remove these documents from the facility and has since been put on administrative leave.

 
Information Source:
Media
records from this breach used in our total: 413

June 9, 2014 College of the Desert
Palm Desert, California
EDU INSD

1,900

The College of the Desert in Palm Dale Calfornia informed individuals of a data breach in their system when a college employee sent an unauthorized attachment in an email to approximately 78 college employees,  that contained personal information of employees of the college.

The information contained in the attachment included names, Social Security numbers, dates of birth, geners, zip codes, titles of postions held at the university, employment anniversary date, employee identification numbers, insurance information,  active or retired employee status.

Those who are affected are asked to call Stan Dupree, HR and Labor Relations Director at 760-674-3777760-674-3777or sdupree@collegeofthedesert.edu

UPDATE (6/19/2014): According to new reports, The College of the Desert breach affected 1,900 current and former employees. The total individuals affected was not reported when the breach was made public.

 
Information Source:
California Attorney General
records from this breach used in our total: 1,900

June 7, 2014 Walgreens
Atlanta, Georgia
BSR INSD

Unknown

Walgreens has notified some patients of a breach when an employee stole some patients information, which included names, dates of birth, and Social Security Numbers in the form of a Medicare ID number and provided the information to a third party. Walgreens is claiming that no credit card, banking or other personal information was involved.

The company has set up a hotling for those affected, 1-866-312-8654 from 7 a.m to 7 p.m Central Standard time, Monday through Friday.

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 0

Breach Total
868,045,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,347 DATA BREACHES made public since 2005
Showing 1-50 of 4347 results


X

Sign In!

Loading