Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,420 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
October 13, 2014 Snapsaved.com
Unknown,
BSO HACK

200,000

Snapsaved.com, a third party vendor to Snapchat, announced that their servers were hacked, which in turn caused thousands of photos and videos from the third party service to show up on the Internet.

"On Sunday, thousands of photos and videos from the Snapchat service were put online, apparently taken from sites including Snapsaved.com, which had allowed people to log in using their Snapchat username and password to offer desktop-based rather than handset-based access to the site - and also the chance to store photos, which are meant to be deleted within seconds of being viewed."

Snapsaved posted on Facebook the following:

"I would like to inform the public that snapsaved.com was hacked” due to a mistake in the setup of its web server. “As soon as we discovered the breach in our systems, we immediately deleted the entire website and the database associated with it,” the unsigned statement continues. “As far as we can tell, the breach has effected [sic] 500MB of images, and 0 personal information from the database.”

More Information: http://www.theguardian.com/technology/2014/oct/13/third-party-snapchat-s...

 
Information Source:
Media
records from this breach used in our total: 0

October 10, 2014 Sears Holding Company/K-Mart
Hoffman Estates, Illinois
BSR HACK

Unknown

Sears Holding Corp announced Friday that a data breach occurred at their K-Mart stores starting last month, with malicious software targeting their Point of Sale systems that  compromised customers' credit card information.

Currently, Sears Holding Corp is not clear as to the number of affected customer cards and the breach is currently under investigation. K-Mart has said that they were able to remove the malware from their systems.

K-Mart is working currently working with federal investigators.

For those with questions, they are asked to call K-Mart's Customer Care Center at 1-888-488-5978.

More Information: http://abcnews.go.com/Business/wireStory/kmart-latest-victim-data-breach...

 
Information Source:
Media
records from this breach used in our total: 0

October 10, 2014 Sausalito Yacht Club
Sausalito, California
BSO HACK

Unknown

The Sausalito Yacht Club notified its members of a data breach to their online member roster. The information on the roster included member names linked to private Sausalito Yacht Club member numbers. These two pieces of information together allows for the charging of beverages, goods, services and meals at the club. Additionally, members personal contact information, financial information, including accounts receivable information could have been obtained.

Currently, the breach is under investigation and depending upon what is found, the club may issue new cards and account numbers.

For those affected with questions they may call General Manager, Dave Martel at 1-415-332-7400 or by e-mail at gm@sausalitoyachtclub.org.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 9, 2014 Evolution Nature Corp. dba The Evolution Store
Manhattan, New York
BSR HACK

Uknown

Evolution Nature Corp., dba The Evolution Store contacted customers regarding a data breach to their online stores affecting customer credit card information.

The company received a complaint of credit card fraud from a customer and launched an investigation by a data forensics expert. The investigation revealed that the administrative portion of the Evolution e-commerce site was accessed by an unauthorized third party that was using administrative credentials exposing customer order information.

The information exposed included names, email addresses, phone numbers, billing addresses, shipping addresses, order information, and credit/debit card information, including the CVV numbers on the backs of the cards.

For those affected, the company is offering AllClear Secure for 12 months at no cost. For those with questions, call 1-877-322-82281-877-322-8228.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46935

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 7, 2014 Municipal Bond Insurance Association (MBIA)
Purchase, New York
BSF DISC

Unknown

Brian Krebs of Krebs On Security notified MBIA of a breach that exposed numerous customer account numbers, balances and various other sensitive data due to a misconfiguration on a company Web server.

"Much of the information had been indexed by search engines, including a page listing administrative credentials that attackers could use to access data that wasn’t already accessible via a simple Web search."

MBIA is one of the largest bond insurers, that offers municipal bond insurance and investment management products and services companies such as Aetna and Fireman's Fund.

The company has since shut this website down and is currently investigating. No information is available to the number of individuals that may have been affected by the breach.

More Information:http://krebsonsecurity.com/2014/10/huge-data-leak-at-largest-u-s-bond-insurer/

 
Information Source:
Krebs On Security
records from this breach used in our total: 0

October 6, 2014 AT&T
Dallas, Texas
BSR INSD

1600

AT&T is at the center of another data breach to their system, this time, by an internal employee.

AT&T has announced that one of its staff members accessed account information of customers, which included Social Security Numbers, drivers license numbers, unique customer numbers, known as Customer Proprietary Network Information (CPNI), which includes information such as times, dates, durations and destination numbers of every call made. No specific numbers have yet been released.

More Information: http://www.zdnet.com/at-and-t-hit-by-insider-data-breach-unspecified-num...

UPDATE (10/7/2014): The Vermont Attorney General posted that 1,600 letters went out to customers regarding the recently announced data breach that happened in August of 2014 by an employee of AT&T. The employee has since been fired and the breach is still under investigation.

More Information:http://www.reuters.com/article/2014/10/07/us-at-t-cybersecurity-idUSKCN0HW02Y20141007

 
Information Source:
Media
records from this breach used in our total: 1,600

October 2, 2014 Community Technology Alliance
San Jose, California
NGO PORT

Unknown

Community Technology Alliance (CTA) is notifying individuals of a potential compromise of their personal information, when an employee's laptop was stolen on July 28, 2014.

CTA is a non-profit organization that administers the Bay Area Homeless Management Information Systems (HMIS) and helps hundreds of partner agencies. The information in HMIS can include names and Social Security Numbers, and various other pieces of personal information.

If services were being received from an HMIS Partner Agency in Santa Cruz California, those individuals are the ones at risk. The partner agencies include the following:

Community Action Board, Families in Transition, Homeless Services Center, Salvation Army of Watsonville, Pajaro Valley Shelter Services, Housing Authority of the County of Santa Cruz, Encompass, Front Street Housing, Inc., Mountain Community Resource Center, Catholic Charities, Veterans Resource Center, Santa Cruz County Office of Education, Santa Cruz County Health and Human Services Agency, Housing Services Center, Pajaro Rescue Mission, and New Life Community Services.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46834

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 1, 2014 Flinn Scientific, Inc.
Batvia, Illinois
BSR HACK

Unknown

Flinn Scientific, an ecommerce site focused on scientific materials for teachers and students, notified customers of a data breach to their online payment system when a cyber attacker inserted malware to gain access to the server that hosts payment information.

The information breached includes payment card numbers, card verification codes, expiration dates, names, addresses, and email addresses.

The company has set up credit monitoring with AllClearID for 12 months for those individuals affected by the breach. For questions individuals can call 1-866-979-2595 to get credit monitoring started.

More Information:http://oag.ca.gov/ecrime/databreach/reports/sb24-46816

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 1, 2014 Provo City School District
Provo, Utah
EDU HACK

1,400

The Provo City School District notified employees of a "phishing" attack Monday September 29, 2014 which allowed access to employees email accounts. Some employee email accounts contained files that may have had personally identifiable information.

Currently the school district is investigating the breach and notifying those affected.

More Information: http://fox13now.com/2014/10/01/provo-city-school-district-warning-employ...

 
Information Source:
Media
records from this breach used in our total: 0

October 1, 2014 Fort Hays State University
Hays, Kansas
EDU DISC

138

Fort Hays State University has notified 138 of it's graduates that their personal information may have been compromised when personal information was "accidentally" exposed on the Internet. The information exposed included Social Security Numbers and various other pieces of personal information.

The university stopped storing Social Security Numbers of students five years ago, however anyone who attended the university prior to 5 years ago, their SSN information is still part of the university database.

More Information: http://ksn.com/2014/10/01/fort-hays-state-university-experiences-data-br...

 
Information Source:
Media
records from this breach used in our total: 138

September 29, 2014 Albertson's LLC (AB Acquisition LLC)
Spokane, Washington
BSR HACK

Unknown

AB Acquisition LLC announced the discovery of a separate criminal investigation involving payment cards of customers who shopped at Albertsons stores, ACME Markets, Jewel-Osco, Shaw's and Star Markets. The company has discovered that a different malware was used in some of the stores than what was discovered in the recent data breach incident on August 2014. This breach is more recent than the August breach and appears to have happened at the end of August, beginning of September 2014.

This newer breach reportedly captured account numbers, expiration dates, other numerical information and/or cardholder names.

The company has different point of sale systems at the different locations. Reportedly Albertson stores in Arizona, Arkansas, Colorado, Florida, Louisiana, New Mexico, Texas and their two Super Saver Food Stores in Northern Utah were not affected.

Those stores that were affected includes Albertsons stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah. In addition, ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey were affected, along with Jewel-Osco stores in Iowa, Illinois and Indiana and Shaw's and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island.

The timeframes of the breach are August 27, 2014 through September 21, 2014. The company is offering free credit monitoring for one year  with AllClearID at no cost to those who were affected. For questions, call 1-855-865-4449.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46749

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 29, 2014 American Family Care
Birmingham, Alabama
MED PORT

Unknown

"American Family Care of Birmingham is alerting customers following the theft of two laptops containing sensitive information from an employee’s vehicle earlier this summer".

The information on the laptops contained personal information of patients specifically related to work injuries, physicals, immunizations and drug screens. The lap top also included the names, dates of birth, addresses, phone numbers, medical record numbers, Social Security Numbers, additional medical information, insurance information, driver's license numbers and dates of service.

Those with questions concerning the incident can call (800) 258-7535(800) 258-7535 extension 2588 or e-mail ComplianceOfficer@americanfamilycare.com.

More Information: http://www.phiprivacy.net/american-family-care-alerts-customers-of-stole... and http://www.bizjournals.com/birmingham/morning_call/2014/09/american-fami...

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 29, 2014 Texas Wellness Incentives and Navigation (WIN) Project- University of Florida and Texas Health and Human Services Commission
Gainesville, Florida
MED DISC

Unknown

The University of Florida and Texas Health and Human Services Commission (HHSC) a cooperative project called the Texas Wellness Incentives and Navigation (WIN) Project for Medicaid patients, notified patients of a data breach.

The University of Florida, acting as a partner of HHSC, sent letters to Houston area physicians requesting health records. Unfortunately, due to a database merging error, some of those health record requests were sent to the wrong physicians.

The information shared with the incorrect physician included names, Medicaid STAR+PLUS identification numbers, and dates of birth.

Those affected with questions can call 1-866-876-HIPA1-866-876-HIPA (4472).

More Information: http://www.phiprivacy.net/university-of-florida-and-texas-hhsc-notify-te... and http://privacy.ufl.edu/wp-content/uploads/2014/09/Brch-letr-ICHP-KCase-P...

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 26, 2014 BayBio
San Francisco, California
NGO HACK

Unknown

BayBio.org has notified individuals of a data breach to their online payment system. The non-profit organization has notified that the hacking to their payment system compromised credit card numbers in process.

The hacker inserted files that captured keystrokes of visitors to their site which included credit card numbers when individuals were either paying for a membership or an event being held by the non-profit. Payments are being taken by phone until the breach has been repaired.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46727

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 25, 2014 Pacific BioSciences of California Inc.
Menlo Park, California
BSO PORT

Unknown

Pacific BioSciences of California Inc. has notified patients of a data breach when an employee laptop was stolen from their home that contained some of their personal information.

The information included names, birthdates, and Social Security numbers.

The company has arranged credit monitoring services through AllClearID for one year at no charge. For those affected they can call 1-866-979-2595.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46702

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 22, 2014 Viator Inc
San Francisco, California
BSO HACK

Unknown

Viator Inc, was notified of a data breach by their credit card service provider when they had received numerous complaints of erroneous charges to accounts. Their investigation lead to seeing fraudulent charges to Viator customers via their online payment processing system.

The breach includes the compromise of customer credit card and debit card data, card expirations, names, billing addresses, email addresses and Viator "nicknames".

The company is offering 12 month of credit monitoring services at no cost. For those affected they can call 1-888-680-0710 to speak with someone.

The company is also asking customers to go into their accounts and change their passwords.


More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46657

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 15, 2014 Tim McCoy & Associates/ dba.NEAT Management Group
Austin, Texas
BSF PORT

Unknown

Tim McCoy and Associates, also known as NEAT Management Group informed customers of a data breach when the laptop belonging to one of the company's software engineers was stolen on August 27, 2014.

The information on the laptop included names,  Social Security Numbers, dates of birth, addresses, phone numbers, employer identification numbers and email addresses.

The company is providing a free membership for a year to ProtectMyID. For those who were affected, they can call 1-888-829-6550.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46601

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 12, 2014 Health and Human Services Agency, Napa
Napa, California
GOV PORT

Unknown

The Napa Health and Human Services Department, specifically In Home Supportive Services (IHSS) notified patients of a data breach when one of their flash/thumb drives was missing from their offices on Coombs Street. This portable drive contained information specifically related to their Comprehensive Services for Older Adults Division of HHS.

The discovery was made of the missing drive when clean-up was happening to their offices after the recent Napa earthquake. The offices have not been occupied since the earthquake. The information on the drive included names, addresses, phone numbers and information regarding patients status in the IHSS program. The agency is reporting that no financial or Social Security information was on the flash/thumb drive.

They agency has reported the incident to the police and are treating the missing flash/thumb drive as a burglary.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46595

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 10, 2014 Bartell Hotels
San Diego, California
BSO HACK

55,000

Bartell Hotels, who operates several hotels in San Diego, has announced that they have suffered a data breach of customer credit card information.

The Best Western Plus Island Palms Hotel & Marina, The Dana on Mission Bay, Humphreys Half Moon Inn & Suites, Pacific Terrace Hotel and Days Hotel – Hotel Circle had names, credit card numbers and credit card expiration dates of customers who stayed at these hotels between February 16, 2014 and May 13, 2014 breached. 

The breach could have affected up to 55,000 individuals.

For those affected, they can contact a representative at  877-437-4010 Monday through Saturday 8 a.m. to 8 p.m. CT with questions or concerns.


More Information
: http://www.nbcsandiego.com/news/local/Data-Security-Breach-Reported-at-San-Diego-Hotels-274421341.html#ixzz3CvzjLpSG

 
Information Source:
Media
records from this breach used in our total: 55,000

September 9, 2014 Beef O'Brady's Restaurants
North Port, Florida
BSO HACK

Unknown

Beef O'Brady restaurants appear to have been a victim of a data breach to their point of sale system, when unauthorized credit card transactions begain appearing on financial statement of customers. These transactions were from numerous vendors in Texas, New York, and Massachusetts. The restaurant chain is located in Florida.

Reportedly, a minimum of four Florida Beef O'Brady's restaurant locations have been compromised.

The information compromised included credit and debit card information.

The company is currently working with local law enforcement to further investigate the breach.

 

More Information: http://www.wtsp.com/story/news/local/2014/09/09/potential-data-breach-at...

 
Information Source:
Media
records from this breach used in our total: 0

September 5, 2014 California State University, East Bay
Hayward, California
EDU HACK

Unknown

California State University, East Bay has notified individuals of a data breach that has occurred on August 11, 2014 when the University discovered unauthorized access to individuals information when an overseas IP address appears to have used a software tool designed to access information on a server without being detected. The server targeted contained personal information on various employment record transactions and some extended learning course information.

The specific information breached included names, addresses, Social Security Numbers and dates of birth.

The University has set up 12 months free of Experian's ProtectMyID for those affected. For additional questions or concerns individuals can contact (888) 738-3759 a toll free number specifically set up to deal with questions/concerns regarding this breach.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46513

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 5, 2014 Yandy.com
Phoenix, Arizona
BSR HACK

Unknown

Yandy.com, an online retailer, notified customers of a data breach to their online payment system when the server that processes this information was hacked. The unauthorized user (s) gained payment card information, including the CVV numbers on the back of the cards, expiration dates, names, addresses and email addresses of customers.

For those affected with questions, they can call the company at 1-844-236-1015.

 

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46527

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 4, 2014 Healthcare.gov
Washington, District Of Columbia
GOV HACK

Unknown

Reportedly, Healthcare.gov has suffered a data breach to one of their test systems by hackers. Currently the Obama administration is communicating that no personal information was compromised, but authorities are investigating.

According to the administration, "“our review indicates that the server did not contain consumer personal information, data was not transmitted outside the agency and the website was not specifically targeted,” said Aaron Albright, a spokesman at the Centers for Medicare and Medicaid Services, which runs the website. “We have taken measures to further strengthen security.”"

"Mr. Albright said the hacking was made possible by several security weaknesses. The test server should not have been connected to the Internet, he said, and it came from the manufacturer with a default password that had not been changed.

In addition, he said, the server was not subject to regular security scans as it should have been".

More Information: http://www.nytimes.com/2014/09/05/us/hackers-breach-security-of-healthca...

 
Information Source:
Media
records from this breach used in our total: 0

September 2, 2014 The Home Depot
Atlanta, Georgia
BSR HACK

56,000,000

The Home Depot appears to be another victim of a data breach of their POS systems, reportedly by the same Russian hacking group that hit Target, Michaels, Neiman Marcus and P.F. Chang's.

Brian Krebs of Krebs on Security reported that a significantly large amount of debit and credit card information went up for sale on the underground cybercrime sites, all leading back to purchases made at Home Depot stores across the US.

Home Depot is currently investigating the potential breach. Updated postings will follow as more information comes in.

More Information: http://www.latimes.com/business/la-fi-retail-hacking-20140904-story.html

UPDATE (9/10/2014): The Home Depot has now confirmed that their credit card processing systems were compromised in 2,200 of its stores across the U.S and Canada. Currently, no information has been released as to the number of individuals affected. Authorities are predicting this could surpass the 40 million individuals affected by the Target hacking.

More Information: http://www.reuters.com/article/2014/09/09/us-usa-home-depot-databreach-i...

UPDATE (9/16/2014): "A group of attorneys general have opened a multistate investigation into the recently confirmed data breach at Home Depot Inc."

Attorneys General in Connecticut, Illinois and California will be leading the investigation to uncover the cause of the data breach and how the retailer has handled the breach with their affected customers.

More Information:http://www.bna.com/attorneys-general-launch-n17179894898/

UPDATE (9/18/2014): The Home Depot has announced the data breach they suffered earlier this month has affected approximately 56 million credit and debit cards. This makes this breach the second largest breach ever, just behind TJX'x co's breach of 90 million records. The also announced that they see no evidence of any breach of their stores in Mexico or for those who shopped at their online store, HomeDepot.com.

More Information: http://www.wjla.com/articles/2014/09/home-depot-data-breach-affected-56m...

UPDATE (9/26/2014): At least 15 law suits have been filed against The Home Depot for the recent data breach that occurred in US and Canadian stores. The lawsuit alleges that The Home Depot neglected to secure customers' financial and personal information. Most of the cases were filed by customers, however two credit unions and one bank have also filed suit.

UPDATE (9/29/2014): The Home Depot has posted a page on their website regarding the recent data breach, for consumers who were affected. This page will advise you on what to do and how to obtain information to take advantage of the free 12 month credit monitoring services. Make sure to scroll down past the photo.

https://corporate.homedepot.com/MediaCenter/Pages/Statement1.aspx
 
Information Source:
Media
records from this breach used in our total: 56,000,000

September 1, 2014 Apple
Cupertino, California
BSO HACK

Unknown

Apple's iCloud service

"A few days ago a group calling themselves hackappcom posted a proof of concept script on the popular code repository called Github that would allow for a user to attempt to breach iCloud and access a user account. This script would query iCloud services via the “Find My iPhone” API to guess username and password combinations. The problem here was that apparently Apple was not limiting the number of queries. This allowed for attackers to have numerous chances to guess password combinations without the fear of being locked out".

The number of celebrity photos or private information breached is still unknown.

 

More Information: http://www.forbes.com/sites/davelewis/2014/09/02/icloud-data-breach-hack...

 
Information Source:
Media
records from this breach used in our total: 0

August 29, 2014 Memorial Hermann Hospital
Houston, Texas
MED INSD

10,604

Memorial Hermann Hospital is notifying patients of a data breach when they discovered a former employee accessed medical records of more than 10,000 patients.

Reportedly the former employee had been accessing patient information for over severn years, December 2007 through July 2014, that were outside their normal job description.

The information breached included patients' medical records, health insurance information, Social Security numbers, names, addresses and dates of birth.

 

More Information:http://www.click2houston.com/news/memorial-hermann-hospital-employee-accesses-10000-patient-medical-records/27797392

 
Information Source:
Media
records from this breach used in our total: 1,060

August 29, 2014 AltaMed Health Services
Los Angeles, California
MED INSD

2,995

AltaMed Health has notified patients of a data breach when a temporary employee and other individuals were reported to be under investigation for an identity theft scheme, according to Arcadia law enforcement agents. No arrests have been made currently, but the investigation is continuing.

"Law enforcement disclosed it recovered a hard drive and other evidence during its investigation, that this hard drive and evidence may include the organization’s records, and that it believes this information may have been misused by participants in the identity theft ring currently under investigation".

The investigation has shown that this temporary employee accessed electronic and paper records for individuals that attended community events in Orange and Los Angeles counties from October 24, 2013 through June 6, 2014. The temporary employee was hired to help with patient enrollment.

The records this person had access to included names, email addresses, telephone numbers, Social Security numbers, provider information, insurance information, dates of birth, and addresses.

AltaMed is offering AllClear ID and AllClear ID Pro for those individuals affected. You can find information regarding these services by calling (877) 579-2263

More Information:

https://oag.ca.gov/system/files/AltaMed%20Individual%20Notice%20Template...

 
Information Source:
California Attorney General
records from this breach used in our total: 2,995

August 29, 2014 Beachwood-Lakewood Plastic Surgery
Beachwood, Ohio
MED PORT

6,141

Beachwood-Lakewood Plastic Surgery and Dr. Stevem A. Golman, notified patients of a data breach when their office in the Parkway Medical complex were burglarized. The theives stole computer hardware that inlcuded patient information that included names and limited medical information.

The medical practice is offering you one year of credit monitoring at no cost. This service is provided by All Clear ID.

If you have any questions or would like to enroll in the credit monitoring service, call 1-877-615-3745.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2014 J.P Morgan Chase
New York, New York
BSF HACK

76,000,000

The FBI is investigating a sophisticated hacking attack on JP Morgan Chase and potentially seven other financial institutions. Originally it was reported that possibly one to four other institutions may have been affected, but it appears that the breach could be much larger than originally thought.

The hackers, who are reportedly Russian, gained enough personal information to completely wipe out bank accounts. The sophisticated and coordinated attacks go beyond the typical criminal hacker (s) according to authorities. Investigators are looking into the reasons behind the coordinated attack.

It appears that not only did the hackers gain access to the accounts, but also altered and possibly deleted information.

The attack appears to have been coordinated and directed at specific JP Morgan Chase employees to gain access to their computers and databases at the bank.

Experts are communicating that the hackers would have had to of spent a significant amount of time researching and studying the record system of the bank prior to attempting any kind of unauthorized access. "What was even more concerning is these hackers were able to modify records using high-level credentials and do it in a way that was undetected."

More Information: http://www.foxnews.com/politics/2014/08/28/fbi-reportedly-probing-hack-j...

http://www.cnet.com/news/jpmorgan-hackers-altered-deleted-bank-records-s...

UPDATE (9/16/2014): After further investigation by authorities and Chase Bank, the breach they suffered isn't as severe as originally anticipated. The bank has confirmed that the hackers were able to gain access only to names, addresses and phone numbers, no financial or bank account information was accessed.

More Information: http://www.tomsguide.com/us/chase-bank-breach-update,news-19545.html

UPDATE (10/3/2014): The cyber attack JPMorgan Chase & Co. faced this summer compromised personal information in much greater numbers than first reported. Originally the numbers reported were over 1 million affected customers. After an investigation, JP Morgan Chase reports that hackers gained access to data on more than 76 million account holders--names, addresses, phone numbers and emails. Information on an additional 7 million small businesses was obtained as well. "

"JPMorgan Chase said that names, addresses, phone numbers and email addresses were stolen from the company's servers, but only customers who use the websites Chase.com and JPMorganOnline and the apps ChaseMobile and JPMorgan Mobile were affected".

 

 
Information Source:
Media
records from this breach used in our total: 0

August 27, 2014 Dairy Queen
Edina, Minnesota
BSR HACK

Unknown

Dairy Queen has reported a data breach of their POS (Point of Sale) system when malware authorities are calling "Backoff" was found on the system. This same malware authorities are attributing to the Target and Supervalu Inc. data breaches.  Currently the restaurant chain is unclear as to how many stores were affected. 

Dairy Queen operates 6,300 restaurants across the US, many of which are franchisees that are not required to report fraud to Dairy Queens headquarters.

Currently Dairy Queen is working with authorities to uncover the specifics.

More Information: http://bringmethenews.com/2014/08/27/dairy-queen-confirms-potential-brea...

UPDATE:(9/10/2014): Dairy Queen has announced that several of its stores will go to a "cash only" model in lieu of the current data breach the fast food restaurant chain suffered.The company stated that only a small portion of its 4,500 stores were affected, but they would not say how many or which restaurants will be going to a cash only system.

More Information: http://minnesota.cbslocal.com/2014/09/03/dairy-queen-taking-security-ste...

UPDATE: (10/10/2014): On Thursday, Dairy Queen confirmed that 400 stores and one Orange Julius location were compromised as a result of the point of sale malware first reported back in August. The investigation also confirmed that the hackers used compromised credentials of a third party vendor to infiltrate Dairy Queen's POS system.

More Information: http://www.dairyqueen.com/us-en/datasecurityincident/affected-stores/?lo...

 
Information Source:
Media
records from this breach used in our total: 0

August 26, 2014 Milpitas Knights PAL Youth Football
Milpitas, California
BSO PHYS

80

Parents of 80 youth football players were notified of a data breach, when a bag of registration materials required by the league were stolen from the back seat of a volunteers car.

The information included original birth certificates and physical forms. The league did not comment on what information was entered on the physical form.

 

More Information: http://www.mercurynews.com/sports/ci_26375263/milpitas-youth-football-pl...

 
Information Source:
Media
records from this breach used in our total: 0

August 26, 2014 The Hand Care Center/Shoulder and Elbow Institute
Orange., California
MED PHYS

10,000

The Hand Care Center/Shoulder and Elbow Institute in Orange California notified patients of data breach when they were notified by Iron Mountain Record Management, a facility where the medical practice stores old files, that 25 boxes of X-rays were stolen by two employees of the storage company.  The employees sold the X-rays to a recycler who melted them down to recover the silver. 

The information in the X-ray files included patient names, dates of birth, gender, treating physician, medical record numbers and the image on the X-ray itself.

For those possibly affected, they can call the center at 1-877-615-3762. The center is reporting that any X-rays taken after 2002 were most likely not affected.

 

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 26, 2014 Long Beach Internal Medical Group
Long Beach, California
MED PHYS

Unknown

The Long Beach Internal Medical Group, Inc. in Long Beach California notified patients of data breach when they were notified by Iron Mountain Record Management, a facility where the medical practice stores old files, that boxes of records were stolen by two employees of the storage company.  Reportedly the employees sold X-rays files to a recycler who melted them down to recover the silver. 

The information in the files stored by the medical practice included names, sex, addresses, dates of birth, telephone numbers, account numbers, office charges, insurance information, diagnosis information, Social Security numbers.

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 26, 2014 Geekface LLC
Pawcatuck, Connecticut
NGO HACK

Unknown

Geekface LLC, which runs the online sites Hatchwise.com and eLogoContest.com notified customers of a data breach to their server that compromised personal information.

The information breached included names, addresses, birth dates, usernames, passwords, and Social Security numbers.

For those with questions or needing further assistance they can call 1-800-303-09111-800-303-0911 between 10:00 a.m and 5:00 p.m. EST Monday through Friday or visit hatchwise.com.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 26, 2014 Imhoff & Associates, PC
Los Angeles, California
BSO PORT

Unknown

Imhoff and Associates, a criminal defense lawfirm notified clients of a data breach when a backup hard drive was stolen from a locked trunk of an employee's vehicle.

The personal information contained on the backup hard drive may have included names, birth dates Social Security numbers, driver's license numbers, addresses, emails and phone numbers.

The firm is offering those affected 12 months of AllClear ID at no cost. Those individuals with questions can call 1-877-615-3769 to reach an AllClear ID representative, Monday through Saturday 8:00 a.m to 8:00 p.m Central Standard Time..

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 25, 2014 BioReference Laboratories, Inc./CareEvolve, Inc.
Ann Arbor, Michigan
MED DISC

3,334

CareEvolve Inc, a subsidiary of BioReference Laboratories, Inc. have notified patients of a data breach to their system that may have inadvertently exposed personal information of patients.

CareEvolve, Inc. was reconfiguring a test server and accidentally exposed the server, making it accessible via the Internet. This particular server included patient names, home addresses, telephone numbers, ages, patient/medical record numbers, clinical tests, collection dates, dates of birth and Social Security numbers (196 SSN's exposed according to CareEvolve Inc).

Automated search engine data mining applications did access this information starting on February 2, 2014 and ended when the breach was discovered on March 19, 2014.

For those that may have been affected can call 1-800-229-52271-800-229-5227 ext. 8433 or email compliancedepartment@bioreference.com.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 196

August 22, 2014 US Investigations Services (USIS)
Falls Church, Virginia
GOV HACK

25,000

The US Investigations Services (USIS), a firm that performs background checks for U.S government employees had a breach in their data base. Cyber criminals were able to hack their system to gain personal information on employees with the Department of Homeland Security, U.S Immigration and Customs Enforcement and U.S Customs and Border Protection units.

The information breached included Social Security numbers, education and criminal history, birth dates, information on spouses, other relatives and friends including names and addresses.

Officials say the number may increase as the investigation continues.

More Information: http://www.reuters.com/article/2014/08/22/us-usa-security-contractor-cyb...

UPDATE (9/18/2014): "The Office of Personnel Management will not renew any of its contracts with USIS, the major Falls Church, Va., contractor that provides the bulk of background checks for federal security clearances and was the victim of a recent cyberattack, officials confirmed Tuesday evening".

USIS conducted over 21,000 background checks per month for the US government and has been under scrutiny since the data breach in August.

More Information: http://www.washingtonpost.com/business/economy/opm-to-end-usis-contracts...

 
Information Source:
Media
records from this breach used in our total: 25,000

August 22, 2014 Cedars-Sinai Medical Center, Los Angeles
Los Angeles, California
MED PORT

33,136

Cedars-Sinai Medical Center in Los Angeles California has reported a data breach of at least 500 patients at the facility when an employees laptop computer was stolen from their home during a burglary in June 2014. The laptop was password protected.

The records on the laptop included specific patient data such as lab testing, treatment and diagnosis, Social Security numbers and other personal information.

More Information: http://www.latimes.com/business/la-fi-cedars-breach-20140823-story.html

UPDATE (10/3/2014): The data breach that occurred when an employee laptop was stolen, contained many more files than what was originally reported by the hospital. When the breach was made public, Cedars-Sinai hospital reported that 500 patient files were on the stolen laptop. After an investigation, the laptop actually contaned personal information on  33,136 patients.

More Information: http://www.latimes.com/business/la-fi-cedars-data-breach-20141002-story....

 
Information Source:
Media
records from this breach used in our total: 33,136

August 22, 2014 ManagedMed Inc (A Psychological Corporation)
Los Angeles, California
MED DISC

Unknown

ManagedMed Inc.(A Psychological Corporation) notified patients and the Attorney General's office of a data breach of their patient scheduling system.

According to the facility patient scheduling information was viewed via an unsecured webpage by at least two non-ManagedMed individuals. This information was visible from March, 2013 through May 15, 2014. The breach allowed unauthorized persons to access the facilities calendaring system and view the information.

This information included patient scheduling information, patient names, telephone numbers, names of providers, notes on the patient which could have included information on the type of visit scheduled or medication/test scheduled for the patient, and dates of appointments.  According to the facility no SSN's, credit card or medical records information were exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 20, 2014 The UPS Store
Atlanta, Georgia
BSR HACK

Unknown

The UPS Store, Inc has notified customers of a data breach when they discovered malware in their systems targeting UPS retailers. UPS retained a security firm to review their systems and found malware at 51 locations in 24 states. UPS has a total of 4,470 franchised center locations within the US.

The company announced that both credit and debit card purchases were impacted at the franchised locations from January 20, 2014 through August 11, 2014. The company has since removed the malware from their system.

The company put out the following information: 

For those affected with questions,  please call us at 1-855-731-6016."

 

For more information http://oag.ca.gov/system/files/California%20Distribution_0.pdf?

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 18, 2014 Community Health Systems
Franklin, Tennessee
MED HACK

4.5 million

Community Health Systems out of Franklin Tennessee has announced a large data breach of their medical system. The breach occured when hackers infiltrated the server of the health system compromising Social Security numbers, names and addresses for 4.5 million patients. Authorities believe that the hackers were based out of China and the attacks happened from April 2014 through June 2014.

The company operates 206 hospitals in 29 states and is currently doing further investigations regarding the attack.

 

More Information:  http://bits.blogs.nytimes.com/2014/08/18/hack-of-community-health-system...

 

UPDATE (8/26/2014): Five Alabama residents have filed a class-action lawsuit against Community Health Systems following last week's announcement of the data breach of 4.5 million patients.

 

 
Information Source:
Media
records from this breach used in our total: 4,500,000

August 18, 2014 MeetMe, Inc.
New Hope, Pennsylvania
BSO HACK

Unknown

MeetMe, Inc. has announced a data breach of their system when hackers gained access to their customer information. The information included names, emails addresses, and passwords.

The company reported that they have contacted their customers to change their usernames and passwords.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 15, 2014 Albertsons/AB Acquisitions LLC
Boise, Idaho
BSO HACK

Unknown

The Albertsons grocery chain in Southern California announced a data breach when hackers attempted to obtain customer credit and debit card information from its approximately 180 Southern California stores, as well as stores in several other states.

AB Acquisition LLC which operates Albertson stores, ACME Markets, Jewel-Osco, Shaw’s and Star Markets all under New Albertson’s, Inc. confirmed that the data breach started as early as June 22, 2014 and ended July 17, 2014.

"Albertson stores in Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and southern Utah were also affected. In addition, ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; Jewel-Osco stores in Iowa, Illinois and Indiana; and Shaw’s and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island were all impacted by this incident".

The company is offering customers who may have been affected by the breach a year of complimentary identity-protection services. For more information, customers can call (877) 932-7948 or visit Albertsons' website.

More Information: http://www.latimes.com/business/la-fi-breach-alberstons-20140815-story.html
 
Information Source:
Media
records from this breach used in our total: 0

August 15, 2014 Supervalue
Eden Prairie, Minnesota
BSO HACK

Unknown

Supervalu, which operates 3,763 outlets, both corporate and franchised stores, has reported a data breach in their point-of-sale system which affected some of its retail food stores, along with several of its stand-alone liquor stores. The information compromised includes account numbers and other information on customer payment cards used at the point-of-sale systems. The data breach occurred from June 22, 2014 through July 17, 2014 according to company spokesperson. The retail grocery chain has notified authorities and the breach is currently under investigation.

 

More Information: http://www.cnbc.com/id/101922584# 

 
Information Source:
Media
records from this breach used in our total: 0

August 12, 2014 Freedom Management Group, LLC dba The Natural
Hauppauge, New York
BSR HACK

Unknown

The Natural, an online store, notified customers of a data breach to their system when an unauthorized party accessed customer payment card data. The unauthorized access occurred from 4/22/2014 to 7/17/2014.

The information accessed included customer credit and debit card numbers, expiratin dates, names, addresses, and phone numbers, account numbers, and passwords.

The company has recommended that those affected change their online passwords to their online account. The company is offering AllClear ID at no cost for 12 months. For those affected they may contact the AllClear ID team at 1-877-615-3771.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 12, 2014 Orthopaedic Specialty Institute Medical Group
Orange, California
MED PHYS

49,000

Orthopaedic Specialty Institute Medical Group has reported a data breach when it was discovered that 742 boxes of patient X-rays were stolen from an Iron Mountain Record Management storage facility. After an investigation by the authorities, it was discovered that two Iron Mountain Record Management employees stole the files and melted them down for the silver.

The information in the records, which are 10 to 15 years old,  and could have included patient names, birth dates and medical record numbers.

For those who might have been affected they can call the medical group at 1-714-937-48251-714-937-4825 .

 

More Information: http://www.ocregister.com/articles/medical-631456-rays-group.html

 
Information Source:
Media
records from this breach used in our total: 0

August 7, 2014 University California Santa Barbara
Santa Barbara, California
EDU HACK

Unknown

The University California Santa Barbara has notified unauthorized access to some archival payroll data that included names, social security numbers and direct deposit banking information.

The University has contracted with ID Experts to provide free credit monitoring service, and insurance for identity theft restoration.

If you need assistance enrolling or have additional questions, the University is requesting individuals call the UCSB / ID Experts team at 1-877-919-9184, between the hours of 6:00 am and 6:00 pm Pacific Time.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 7, 2014 Anderson & Murison
Los Angeles, California
BSF DISC

Unknown

Anderson & Murison, a wholesale insurance broker, notified individuals of a data breach when individual retail insurance agents applied for personal umbrella insurance policies for their customers via Anderson & Murison's online umbrella rating system.

When the retail agents requested an estimate through this online system, specific information regarding their customers was necessary to obtain the quote/estimate. Information such as first and last names, addresses, policy dates, policy numbers, premium costs, policy amounts, types of policies, dates of birth, all real estate owned and addresses, types of automobiles, other motorized equipment such as watercraft, occupations of both individuals and spouses, employer names and addresses, general information such as traffic violations, etc.

The company is offering identity theft protection through Kroll for one year at no cost.  Those affected can call 1-844-263-8605.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 7, 2014 San Mateo Medical Center
San Mateo, California
MED INSD

Unknown

San Mateo Medical Center (SMMC) notified individuals of a potential data breach when the facility discovered that an employee who was hired in the payroll unit of the facility failed to disclose a prior conviction for identity theft.

The employee was terminated immediately, but the individual had access to SMMC employee information including names, contact information, Social Security numbers and dates of birth.

The facility reported that they found "no evidence indicating that the employee misused confidential information from SMMC employee records".

SMMC has engaged Kroll to provide identity theft protection for one year at no cost. For those affected they can contact the county at 1-844-530-4127 from 6:00 a.m. to 3:00 p.m. PDT.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 5, 2014 Vibram
Concord, Massachusetts
BSR HACK

Uknown

Vibrum USA Inc had notified customers of a data breach in their online ordering system. The compay contracts with a third party web hosting provider vibramfivefinger.com whose systems were compromised when an unauthorized party accessed their system that manages online transactions and inserted malicious code.

The information that may have been compromised included credit card numbers.

The company has set up credit monitoring services through Experian. Those affected can call 1-877-371-7902

 
Information Source:
California Attorney General
records from this breach used in our total: 0

Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,420 DATA BREACHES made public since 2005
Showing 1-50 of 4420 results


X

Sign In!

Loading