Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,422 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
June 26, 2014 Splash Car Wash
Greenwich, Connecticut
BSR HACK

120,000

Splash car wash has notified approximately 30,000 customers of a data breach to their system when malwar was found on their point of sale system at several of their locations affecting and potentially breaching credit card data.

The car wash operates 13 locations in New York and Connecticut and was alerted by American Express of the breach. As soon as customers swiped their cards, the information was stolen, not giving the companies system time to encrypt the data. The breach is being investigated by authorities.

 
Information Source:
Media
records from this breach used in our total: 120,000

June 26, 2014 Salina Family Healthcare Center
Salina, Kansas
MED DISC

500

"Salina Family Healthcare Center (SFHC) notified more than 500 patients of an unintentional transmission of unsecured personal patient protected health information after discovering the following event:

"On April 8, 2014, a staff member submitted a database to the National Commission for Quality Assurance (NCQA) for our involvement in a care coordination research study. The staff member responsible for our participation in the project inadvertently left a table in that database that included patients’ names, dates of birth, chart numbers and CPT codes associated with their care. Upon opening the email, the NCQA staff member who received the database immediately recognized the breach, deleted the database, and notified our staff member"".

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

June 24, 2014 Riverside County Regional Medical Center
Moreno Valley, California
MED PORT

Unknown

The Riverside Regional Medical Center has notified patients of the loss of a laptop computer that contained personal patient information. The laptop went missing from a diagnostic services office in the hospital sometime between June 17, 2014 and June 18, 2014.

The information on the missing laptop included names, dates of birth, medical record numbers and results of a nerve conduction study, and the names of the referring doctor and the doctor who performed the study.

The hospital did communicate that no Social Security numbers, health insurance information or home addresses were stored on this particular laptop.

For those who were affected, they have been asked to call Christina Quijada at 1-877-500-1255 or the Riverside County Privacy Office at 951-955-5757.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 23, 2014 Silk Road/U.S Marshall Service
Washington, District Of Columbia
BSF HACK

40

"U.S. Marshals Service accidentally CC’d 40 potential Silk Road Bitcoin bidders instead of BCC’ing them. Thanks to a phishing scheme that took advantage of this slipup, though, an Australian bidder lost 100 Bitcoin—worth an estimated $62,000—according to.

A total of 40 individuals received a phishing email on June 21st from someone who claimed to be from "BitFirm Productions". The email asked they these individuals participate in a survey for a client of the fake media firm and to click on a link that was supposed to be a GoogleDoc, instead the link contained malware.

Unfortunately one individual did click on the link that infected his computer and the hackers were able to transfer 100 Bitcoin out of his account.

 

 
Information Source:
Media
records from this breach used in our total: 0

June 20, 2014 UCDC, Washington Center
Washington, District Of Columbia
EDU HACK

Unknown

The University California, Washington Center received a notification of unsolicited emails being sent to alumni of the university. After an investigation, it was revealed that someone accessed the pre-enrollment system, GoSignMeUp.com, which is a cloud-based provider for the online course registration utilized by UCDC to host its online course registration process.

The information breach included usernames, passwords, addresses, principal e-mails, gender, birth dates and UCDC course information. The university has stated that they do not record or store any Social Security numbers or financial account information on any of its databases.

For those who were affected the university is recommending individuals change their password.

Those with questions are asked to contact techhelp@ucdc.edu

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 20, 2014 Mount Olympus Mortgage Company
Irvine, California
BSF INSD

Unknown

Mount Olympus Mortgage Company has notified customers of a data breach when a previous employees downloaded mortgage applications from their system to their private Internet accounts and then sent it to a competitor. The information included names, addresses, Social Security numbers, and other information in connection mortgages.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 19, 2014 Rady's Childrens Hospital
San Diego, California
MED DISC

14,100

Rady's Children's Hospital has suffered a data breach when an employee inadvertently sent an email with a file attached to 6 potential job applicants. The applicants were meant to receive approved information for an internal evaluation, instead they received the original file with the information of 14,100 patients. The information included names, dates of birth, primary diagnoses, medical records and insurance carrier claim information. According to the hospital no Social Security numbers,  credit card information, addresses or parent/guardian information were included in this file.

The file contained information on patientes admitted to the hospital between July 1, 2012 through June 30, 2013.

 
Information Source:
Media
records from this breach used in our total: 0

June 18, 2014 The Metropolitan Companies
New York, New York
BSO HACK

Unknown

The Metropolitan Companies, LLC, which is a conglomerate of companies from staffing services to interpreters suffered a data breach as a result of unauthorized access to their computer systems and may have potentially removed documents that included personal information of their customers.

Through an investigation, it has been disclosed that the information that was breached includes names, addresses, phone numbers, email addresses, Social Security numbers, dates of birth, past education, work history, and financial information. The company has not disclosed the number of individuals affected.

For those that may have been affected the company is providing one year of identity theft protection through Kroll. They can be contacted at 1-855-781-0033 to speak with a licensed investigator or visit their website at Visit www.kroll.idMonitoringService.com.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 17, 2014 Service Alternatives
Coupeville, Washington
BSO HACK

550

Service Alternatives has informed individuals of a data breach to their payroll system. It appears that an unauthorized third person or persons obtained access to that system between November 2013 and March 2014. The information obtained included full names, addresses, dates of birth (excluding foster parents), Social Security number, Driver's license number or identity card number (excluding foster parents), tax documents, documents provided on form I-9 for anyone hired after Oct. 2010 (excluding foster) parents, bank routing number and account number if direct deposit was ever used.

Those who were affected by the breach may call 1-800-292-6697 or email support@servalt-adm.com

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 550

June 16, 2014 Riverside Community College
Riverside, California
EDU DISC

35,212

Riverside Community College has suffered a data breach affecting 35,212 students. On May 30th, a district employee emailed a file containing information about all students who were enrolled in the spring term to a colleague working at home due to illness, for a research report that was on a deadline. The district employee used a personal email account to send the data because the file was too large for the district's secure email to send. The employee then typed in the incorrect email address.

The information contained in the file included names, addresses, birth dates, Social Security numbers, email addresses, student ID numbers, and telephone numbers.

The district has set up a Call Assistance Center at 1-888-266-9438 for affected students. The center will be open from 6 a.m to 6 p.m Monday through Friday for 90 days.

 
Information Source:
records from this breach used in our total: 35,212

June 12, 2014 Redwood Regional Medical Group
Santa Rosa, California
MED PHYS

33,702

A thumb drive containing 33,702 patient records was stolen from the Redwood Regional Medical Group in Santa Rosa California. An employee placed the thumb drive in a "zipped container in an unlocked locker", where the drive was stolen.

The information contained on the device included patients' first and last names, gender, medical record numbers, date of birth, date and time of service, area of body X-rayed, the X-ray technologist's name and the radiation level required to produce the X-ray. No other images such as MRI's or mammograms were stored on the device.

 The medical center was taken over by St. Joseph Health on April 1st. The records were backed up to the drive as a precaution while they were being moved to Santa Rosa Memorial Hospital's electronic medical records system.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

June 11, 2014 PF Chang's
Scottsdale, Arizona
BSO HACK

Unknown

P.F Chang's is investigating a potential data breach, when credit cards showed up on an underground website that criminals use. Brian Krebs broke the story, when the banks he contacted confirmed that the cards had been used at P.F Chang's restaurants.

P.F Chang's is investigating the allegations currently with authorities.

UPDATE (06/30/2014): PF Chang's has had a class action lawsuit filed against the restaurant chain. The company confirmed on June 12, 2014 that a breach had occured. Some experts believe that the lawsuit is unlikely to succeed because some security experts have said, because proving consumer losses linked to the specific restaurant data breach is difficult to do.

Some believe it was a breach of the restaurants POS system, most likely infiltrated by malware, similar to the Target and Salley Beauty breaches, the restaurant chain has yet to divulge any details, including the number of cards exposed.

UPDATE (8/4/2014): "P.F Chang's China Bistro Ltd. stated Monday that the data breach that affected customer credit and debit cards affected 33 locations throughout the continental U.S.", the investigatin is still ongoing.

 
Information Source:
Krebs On Security
records from this breach used in our total: 0

June 11, 2014 Stanford Federal Credit Union
Palo Alto, California
BSF DISC

18,000

Stanford Federal Credit Union informed 18,000 members that their personal information was sent to another member accidentally. According to the letter sent to the members,  credit union employees recognized the error immediately and the data was destroyed without it being read to the recipient. The data sent was a list of members who were pre-approved for loans. The credit union employee who sent the list inadvertently sent it to a member who had the same first name as the staff member it was meant for.

According to the credit union, the member had not yet read the mail and worked with the staff of the credit union to properly destroy it.

 
Information Source:
California Attorney General
records from this breach used in our total: 18,000

June 10, 2014 AT&T Mobility, LLC
Des Peres, Missouri
BSR INSD

Unknown

AT&T has informed California regulators of a data breach that occurred with a third party service provider.

"Employees of one of our service providers violated our strict privacy and security guidelines by accessing your account without authorization," the company said in a letter to affected customers. "AT&T believes the employees accessed your account as part of an effort to request codes from AT&T than are used to unlock AT&T mobile phones in the secondary mobile phone market."

Personal information such as Social Security numbers and phone records were accessed. The incident took place between April 9th through April 21st, but the California regulators were just informed this week.

AT&T would not disclose how many customers were affected, but the law requires disclosure if more than 500 people have been affected.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 10, 2014 St. Francis Hospital
Columbus, Georgia
MED DISC

1,175

St. Francis Hospital notified patients of a data breach when a mass email to 1, 175 patients was sent out where all email addresses were visible vs. having each patient being blind copied on the email.

The hospital is claiming that no medical treatment or other personal information was part of the email.

Those St. Francis patients who have questions about the incident are asked to call the hospital at 1-800-723-49981-800-723-4998.

 
Information Source:
Media
records from this breach used in our total: 0

June 10, 2014 Access Health CT
Hartford, Connecticut
BSF INSD

413

The Connecticut health insurance exchange has suffered a data breach, when one of the exchanges employees lost a backpack at a local deli that included names, Social Security numbers and birthdates of 413 individuals.

The employee was not authorized to remove these documents from the facility and has since been put on administrative leave.

 
Information Source:
Media
records from this breach used in our total: 413

June 9, 2014 College of the Desert
Palm Desert, California
EDU INSD

1,900

The College of the Desert in Palm Dale Calfornia informed individuals of a data breach in their system when a college employee sent an unauthorized attachment in an email to approximately 78 college employees,  that contained personal information of employees of the college.

The information contained in the attachment included names, Social Security numbers, dates of birth, geners, zip codes, titles of postions held at the university, employment anniversary date, employee identification numbers, insurance information,  active or retired employee status.

Those who are affected are asked to call Stan Dupree, HR and Labor Relations Director at 760-674-3777760-674-3777or sdupree@collegeofthedesert.edu

UPDATE (6/19/2014): According to new reports, The College of the Desert breach affected 1,900 current and former employees. The total individuals affected was not reported when the breach was made public.

 
Information Source:
California Attorney General
records from this breach used in our total: 1,900

June 7, 2014 Walgreens
Atlanta, Georgia
BSR INSD

Unknown

Walgreens has notified some patients of a breach when an employee stole some patients information, which included names, dates of birth, and Social Security Numbers in the form of a Medicare ID number and provided the information to a third party. Walgreens is claiming that no credit card, banking or other personal information was involved.

The company has set up a hotling for those affected, 1-866-312-8654 from 7 a.m to 7 p.m Central Standard time, Monday through Friday.

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 0

June 6, 2014 Miami-Dade County
, Florida
GOV UNKN

Unknown

The county of Miami-Dade informed employees of a data breach where their personal information is being used to file fraudulent unemployment claims, along with credit card fraud. Currently, officials at the county are not clear if this breach happened internally or by external hackers.

They have not released what specific information has been compromised.

Federal officials at the U.S Inspector General's Office are leading the investigation due to false unemployment claims. The Human Resource Department of the agency has put out a statement.

"The recent news report on a “Data Breech” has understandably raised concerns amongst our employees regarding their personal information and whether they are one of the employees impacted by identity theft. Please be advised that when we identify a possible fraudulent unemployment claim, we immediately notify the Departmental Personnel Representative (DPR) for that employee. Our procedures are as follows:

The Human Resources Department receives the Notices of Reemployment Assistance once a claim for unemployment has been filed with the Department of Employment Opportunity (DEO). If a claim is identified as fraudulent (once HR confirms the employee is an active employee) HR contacts the employee’s DPR to provide notice to the Department and notification is immediately sent to the Department of Unemployment indicating that it is a fraudulent claim.

If an employee is notified that a fraudulent claim has been filed on their behalf, the employee should be instructed to do the following:

 

  1. Contact the Unemployment Fraud Hotline to report the fraud at (800) 342-9909(800) 342-9909. They should report that their identity (SS#, Name) is being used to commit Unemployment Fraud.
  2. Make a note of the Master Case File # that has been assigned by the Miami-Dade Police Department:PD130322106429.
  3. File an Identity Theft Affidavit (IRS Form 14039), found at http://www.irs.gov/pub/irs-pdf/f14039.pdf
  4. Notify their banking institutions
  5. Make routine checks on their bank accounts
  6. Conduct thorough reviews on their bank and credit card statements
  7. Visit http://myfloridalegal.com/identitytheft to learn more about Identity Theft


We assure you that fraudulent claims are being taken very seriously and every effort is being made to identify and refer these cases to the proper authorities for appropriate action."

 
Information Source:
Media
records from this breach used in our total: 0

June 6, 2014 Penn State Milton S. Hershey Medical Center
Hershey, Pennsylvania
MED INSD

1,801

Penn State Milton S. Hershey Medical Center began alerting patients of a data breach when an employee accessed clinical data on an unauthorized computer and removable storage device. The employee did have permissions to have access to the files, but downloaded the clinical information on a removable storage device and his personal computer, both of which were not properly secured and outside of the medical centers IT department. The employee also used their personal email account to send emails with a test log of the data to two physicians at the medical center.

 
Information Source:
Media
records from this breach used in our total: 0

June 5, 2014 Highmark
Pittsburgh, Pennsylvania
BSF DISC

3,675

Health Insurer, Highmark Inc. notified customers that are members of either Security Blue or Freedom Blue, that their information may have been mailed to other people. The information mailed was a health risk assessment that included information such as names, addresses, dates of birth and certain medical information.  The health insurer is claiming that no Social Security numbers were compromised.

 
Information Source:
Media
records from this breach used in our total: 0

June 4, 2014 National Credit Adjusters
Hutchinson, Kansas
BSF UNKN

Unknown

National Credit Adjusters have informed individuals of a breach that has happened when they were notified that some customers were receiving phone calls from unauthorized third party debt collectors. The information that these unauthorized debt collectors may have access to include names, addresses, debt balances, dates of birth and Social Security numbers. The information may also expand beyond the individual on the account to co-signers of the account as well.

The hackers pose as legitimate debt collectors but are actually calling with the attempt to scam individuals out of their money.

For those affected, the company is asking individuals call 1-855-737-9123.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 4, 2014 Midwest Urological Group
Peoria, Illinois
MED PORT

Uknown

Midwest Urological Group notified patients of a data breach when a laptop was reported stolen when an employee may have inadvertently forgot to lock the cabinet that housed the laptop.  According to authorities the laptop contained patient information that included treatment information on the patients at the facility. No specific details were released as to the type of information involved.

 

More Information: http://www.pjstar.com/article/20140604/NEWS/140609564/10924/NEWS

 
Information Source:
Media
records from this breach used in our total: 0

June 3, 2014 Craftsman Book Company
Carlsbad, California
BSO HACK

Unknown

Craftsman Book Company notified customers of a breach that occured on their site. On Tuesday May 27th the company discovered unauthorized access to their site and recommended a change in their username and password. Since that time they discovered that the breach also included charges on customers credit card. The hackers found another site operated by the company and through the security vulnerabilities in the one site, they were able to get to the Craftsman Book site and ultimately to the customers information.

Since the vulnerability was discovered, the company has shut down the other site and is in the process of securing it.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 30, 2014 Arkansas State University College of Education and Behavioral Science's Department of Childhood Services
Jonesboro, Arkansas
EDU HACK

50,000

Arkansas State University was notified by the Arkansas Department of Human Services of a data breach in their College of Education and Behavioral Science's Department of Childhood Services database, potentially exposing personally identifiable information.

According to A-State's Chief Information Officer Henry Torres,  “we have confirmed unauthorized access to data, but we have no reports regarding illegal use of the information in these files,” Torres said. “We took immediate measures to address this issue after being notified by DHS. We are cooperating with DHS and working with programmers to assess and resolve the situation.”

The breached involved a database related to the "Traveling Arkansas Professional Pathways (TAPP) Registry, which is a professional development system designed to track and facilitate training and continuing education for early childhood practictioners in Arkansas."

To date, the university has stated that Social Security numbers were compromised in the database, no other information as to the specific data was provided by the university.

 
Information Source:
Media
records from this breach used in our total: 50,000

May 29, 2014 Montana Health Department
Helena, Montana
MED HACK

Unknown

The Montana Department of Public Health and Human Services announced a data breach that occured when hackers had access to the server for nearly a year. The server contains names, addresses, dates of birth, Social Security numbers and clinical information of customers along with the Social Security numbers and bank account information of employees.

The agency has set up a help line for those who may have been affected at 1-800-809-29561-800-809-2956.

 
Information Source:
Media
records from this breach used in our total: 0

May 28, 2014 Hospital for Veterans Affairs, Denver
Denver, Colorado
BSF STAT

248

The hospital for Veterans Affairs in Denver had two bio-medical computers stolen from a locked room in the hospital. The computers contained data from tests on approximately 239 VA patients. These computers were used to record data from pulmonary function tests for these patients. The hospital has said that no other data was stored on the computers and the data is encrypted on a password protected application.

 

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

May 28, 2014 Sharper Future
Los Angeles, California
MED STAT

Unknown

The Sharper Future, a mental health facility in Los Angeles has informed clients of a data breach when their offices were burglarized and various electronic equipment that stored patient records which includes names, dates of birth, health and clinical histories, treatment records, CDCR identification numbers and Social Security numbers of their clients.

The facility did report that the information on the stolen equipment was password-protected and did not include financial information. The incident is currently under investigation by authorities.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 28, 2014 Precision Planting
Tremont, Illinois
BSO HACK

Unknown

Precision Planting customers have been impacted by a security breach affecting one of the company's data servers. The company has not communicated specifically how their system was compromised, however the information breached included customer names, addresses, tax identification numbers and financial information. The server also contained some employee W-2 forms, Social Security numbers, and driver's license numbers.

 
Information Source:
Media
records from this breach used in our total: 0

May 28, 2014 Promedica Bay Park Hospital
Oregon, Ohio
MED INSD

500

ProMedica Bay Park Hospital notified patients of a data breach when an employee of the facility accessed records of patients not directly under their care from April 1, 2013 to April 1, 2014.

The information breached included each "patient's full name, date of birth, diagnosis, attending physicians, and medications. Patients' Social Security numbers and financial information are not believed to have been accessed".

The employee was immediately fired once the hospital learned of the privacy breach.

 
Information Source:
Media
records from this breach used in our total: 500

May 26, 2014 Power Equipment Direct
Suwanee, Georgia
BSR HACK

Unknown

Power Equipment Direct has notified customers of a data breach that occured when a small piece of malicious computer code was uploaded to a server that handles their check-out process. The malicious code captured and transmitted screen shots of check-out pages. The company reported that the breach most likely occured from May 4, 2014 until May 5, 2014.

The company is not sure as to what information was captured, it woud have been the information on the screen available at the time the malicious code was enabled.

The company is offering AllClear SECURE at no cost for 12 months. For those affected they can call 1-877-676-0382.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

May 26, 2014 AutoNation Toyota of South Austin
Austin, Texas
BSO HACK

Unknown

AutoNation Toyota of South Austin informed customers of a data breach that occured when a third party vendor, TradeMotion, who operates parts websites for auto dealers nationwide, had their systems hacked potentially exposing credit card information that was stored on their system. The hackers may have also gotten names, addresses, telephone numbers, and email addresses.

The company has arranged for those affected to receive one year of identity theft protection through Experian's ProtectMyID. Those affected can call 1-866-252-9553 by August 31, 2014 for enrollment.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

May 23, 2014 Humana
Atlanta, Georgia
MED PORT

2,962

Humana has notified Atlanta customers of a data breach that occurred when a Humana associate's vehicle was broken into and an unencrypted USB drive along with the associates lap top computer were stolen. The information contained on these devices included medical record information and Social Security Numbers.

Humana said that it "has no reason to believe that the information has been used inappropriately." The company is offering free access to a credit-monitoring service for members who were affected.

"Members enrolled in Medicare plans who have any questions about this may contact Humana at 1-800-457-4708, from 9 a.m. to 5 p.m. Members enrolled in non-Medicare plans should call 1-800-448-6262".

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 2,962

May 23, 2014 Placemark Investments
Addison, Texas
BSF HACK

11

Placemark Investments, Inc. who is a registered investment adviser providing overlay management services for TD Ameritrade's Unified Managed Account Exchange program, notified 11 Maryland residents of a data breach.

Reportedly, malware placed on one of Placemark's servers, accessed and directed the server to send large batches of spam email. Based on analysis done by the company the malware also had the "potential to expose certain PDF documents tied to account creation that were stored on the server for short intervals".

These documents contained information relating to the eleven individual accounts which included names, addresses, dates of birth, and Social Security numbers.

The company is offering one year free of credit monitoring services from Experian.

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 11

May 22, 2014 San Diego State University
San Diego, California
EDU DISC

Unknown

San Diego State University discovered a database that was set up and managed by the Pre-College Institute, containing names, Social Security numbers, dates of birth, addresses, and other personal information was mis-configured to enable any computer connected to the SDSU wired network with the program "File Maker"   The SDSU wired network consists of offices, some labs and the library.

For those with question or concerns about the incident are asked to contact Felecia Vlahos, the Information Security Officer at iso@sdsu.edu or via phone at toll free 1-855-594-0142 and refer to incident #H05007.

 

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 22, 2014 Lowes Corporation
Mooresville, North Carolina
BSR DISC

35,000

Lowes Corporation had to issue a data breach notice to current and former drivers for the company due to a security breach with one of the third party vendors they use.

Information breached included including names, addresses, birthdays, Social Security numbers, driver's license numbers, and other driving record information with a company called E-DriverFile, an online database provided by SafetyFirst, a driver safety firm headquartered in New Jersey.

The third party vendor unintentionally backed up the data to an unsecure server that was accessible via the Internet. The information may have been exposed from July 2014 through April 2014 before it was discovered.

Lowes is offering their current and former employees one year free of AllClearID. Those affected can call 1-877-322-8228

 
Information Source:
Media
records from this breach used in our total: 35,000

May 22, 2014 Bluegrass Communit Federal Credit Union
Ashland, Kentucky
BSF UNKN

Unknown

Experian has notified Bluegrass Federal Credit Union of unauthorized access of it's consumer information without proper authorization. The information includes names, addresses, Social Security numbers, dates of birth, and account numbers.

For those affected they can contact Bluegrass Community FCU at 606-324-0888606-324-0888 and ask for Jamie Darling.

 
Information Source:
New Hampshire Attorney General
records from this breach used in our total: 0

May 22, 2014 Alabama Department of Public Health
Montgomery, Alabama
GOV INSD

7,000

The Alabama Department of Public Health notified individuals of a breach when the U.S Attorney's Office for the Middle District of Alabama and the U.S. Department of Justice's Tax Division informed the health department that they were prosecuting individuals in an id theft ring involving personal information used to file fraudulent tax returns.

"The indictment indicates that the women ran a large-scale ID theft ring between January 2011 and December 2013 during which time they filed more than 7,000 false tax returns that claimed more than $20 million.

Authorities say the woman stole identities from numerous places. Tracy Mitchell, for example, worked at the hospital at Fort Benning, Georgia, where she had access to military personnel data, including that of soldiers deployed to Iraq and Afghanistan.

Authorities also claim that Tracy Mitchell and her co-indicted daughter, Latasha Mitchell, obtained stolen identities from an Alabama state agency, that Keisha Lanier obtained stolen identities from the Alabama Department of Corrections, that Talarious Paige and Patrice Taylor worked in a call center for a Columbus, Georgia company and stole identities and that Paige, in turn, sold those identities and they were used by Tracy Mitchell, Keisha Lanier, and others to file false tax returns".

 
Information Source:
Media
records from this breach used in our total: 7,000

May 21, 2014 Ebay
San Jose, California
BSO HACK

145,000,000

Ebay, the online auction site, was hacked between late February and early March with login credentials obtained from employees. The hackers then accessed a database containing user records of approximately 145 million users which they appeared to have copied.

The information included email addresses, encrypted passwords, birth dates, mailing addresses. The company reports that no financial data or PayPal databases were compromised.

The company is encouraging all who were affected to login into their account and change their passwords.

Ebay has provided the following links for additional information:

http://www.ebayinc.com/

 
Information Source:
Media
records from this breach used in our total: 0

May 21, 2014 Paytime Inc.
Mechanicsburg, Pennsylvania
BSO HACK

Unknown

Paytime Inc, a payroll service for corporations, notified customers of a data breach to their payroll system. The hackers obtained usernames and passwords to their system and were able to obtain Social Security numbers, direct deposit account information, dates of birth, hire dates, wage information, home and cell phone numbers, other payroll information and home addresses.

The company is providing one year free of AllClearID. Those affected are asked to call 1-855-398-6436.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 21, 2014 Hanover Foods Corporation
Hanover, Pennsylvania
BSO DISC

5,867

Hanover Foods Inc, who is a Paytime client has learned that over 5,800 of it's employees were part of the over 216,000 individuals affected by the Paytime breach. Hanover's representing law firm has also sent a letter to those affected and has reported the incident to those individuals affected.

The information breached included names, Social Security numbers, direct deposit bank account information, dates of birth, hire dates, wage information, home and cell phone numbers, and other payroll information when hackers obtained usernames and passwords associated with the Paytime system.

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 5,867

May 19, 2014 Lowe's
Mooresville, North Carolina
BSR DISC

Unknown

Lowe's, the home improvement store informed current and former drives of Lowe's vehicles that one of their third party vendors who provide a computer system "E-DriverFile" that stores compliance documentation and information related to these current and former employees, was unintentionally backed up to an unsecure computer server that was accessible from the Internet.

The information that was compromised included names, addresses, dates of birth, Social Security numbers, driver's license numbers, Sales IDs and other driving record information.

An investigation was launche and it and it was discovered that the information may have been exposed between July 2013 and April 2014. The company is providing one year free of AllClear ID services to those affected. For questions from those affected asr asked to call 1-877-263-7997 within the USA, for those outside the United States or Canada, call 1-512-579-2449.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 19, 2014 Safety First
Parsippany, New Jersey
BSO DISC

35,000

SafetyFirst has come forward to announce a data breach of their E-DriverFile service. The company is connected to the announcement that Lowe's current and former employees were involved in a data loss.

"A new filing with the California Attorney General’s Office obtained today indicates that a server containing a wealth of information about client vehicle operators was unprotected and accessible via the Internet for a period that exceeded six months. SafetyFirst reported that the breach dated back to September 27, 2013. It was not discovered until April 2, 2014 according to those records".

SafetyFirst unintentionally backed up data to an unsecured computer server that was accessible from the Internet.  The information breached included Social Security numbers, and driver license numbers.

 
Information Source:
Media
records from this breach used in our total: 35,000

May 14, 2014 University California Irvine
Irvine, California
EDU HACK

Unknown

On March 26, 2014, the California Information Security Office notified the University California Irvine that three of the computers in the Student Health Center had been infected by a keylogging virus, which captured the keystrokes as information was being entered into the computers, then transmitted the data to unauthorized servers. They believe that hackers gained information from February 14th through March 27th 2014.  As a result of the virus personal information of individuals was compromised.

The information included names, unencrypted medical information, potentially including health or dental insurance number, CPT codes, ICD9 codes and/or diagnosis, student ID numbers, non-student patient ID numbers, mailing addresses, telephone numbers, amounts paid to the Student Health Center for services, bank names and check numbers.

UC Irvine has contracted with ID Experts to provide one year of FraudStop credit monitoring and one year of CyberScan Internet monitoring for those affected. To enroll visit www.idexpertscorp.com/protect and use the code provided in the letter sent to those affected or call 1-877-810-8083.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 14, 2014 Paytime
Mechanicsburg, Pennsylvania
BSF HACK

233,000

Paytime issued notices to its customers about a data breach that it discovered on April 30.

According to recent reports, the breach has affected approximately 233,000 individuals in every state, although the majority were in Pennsylvania. The information could have included "employees' names, Social Security Numbers, direct deposit bank account information (if provided), dates of birth, hire dates, wage information, home and cell phone numbers, other payroll related information and home addresses".

The investigation so far has uncovered "intruders were skilled hackers working from foreign IP addresses."

 

 
Information Source:
Media
records from this breach used in our total: 233,000

May 9, 2014 Baylor Regional Medical Center
Dallas, Texas
MED HACK

1981

Baylor Regional Medical Center at Plano communicated to patients a data breach that occured when a "phishing" email went out to affiliated physicians. The physicians may have been unaware that is was a "phishing" scam and inadvertently created unauthorized access to their email accounts.

The email accounts may have included emails that contained patient information, including names, addresses, dates of birth, or telephone numbers, some clinical information such as treating physician, department, diagnosis, treatment received, medical record number, medications, medical service code or health insurance information and Social Security numbers.

 
Information Source:
Media
records from this breach used in our total: 1,981

May 8, 2014 Boulder Community Health
Boulder, Colorado
MED PHYS

16

Boulder Community Health is investigating another data breach of their facility. It has been reported this is the third such incident for this facility since 2008.

Nine people have claimed that they had their records stolen and hard copies mailed to them. Two of these individuals said that there was a letter in theirs that stated their records were mailed “to demonstrate the easy access the hospital and their partners provide to some with bad motives.”

There is an ongoing investigation to understand the extent of the breach. "The hospital — previously known as Boulder Community Hospital until a name change last month — is asking anyone else who thinks their records might have been stolen to call its legal office at 303-440-2342 ".

UPDATE (5/12/2014): Seven more patients have claimed that an anonymous source has sent them copies of their medical records in the mail. It is still unclear as to whether the souce is taking the medical records from inside of the hospital or from somewhere outside of the hospital. The breach is still under investigation.

 

 
Information Source:
Media
records from this breach used in our total: 0

May 7, 2014 Green's Accounting
Greenfield, California
BSF STAT

Unknown

The office of Brent Green, CPA was burglarized on April 6, 2014 where the burglars took a network server computer and hard drives containing personal information of their clients. Their server was unencrypted and contained Social Security numbers, names, and addresses of both individuals and their independents.

For additional information or questions, those affected are asked to call Brent Green at 831-64-5562.

 
Information Source:
records from this breach used in our total: 0

May 7, 2014 Gingerbread Shed Corporation
Tempe, Arizona
BSR HACK

Unknown

Gingerbread Shed Corporation notified customers of unauthorized access to their system that compromised the personal data of its customers. The information included names, addresses, phone numbers, email addresses, credit card information, user names and passwords for website accounts.

The company has established a confidential phone line for those affected that have questions 1-866-597-8199 and use reference # 5474042814.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 6, 2014 California Department of Child Support Services
Rancho Cordova, California
GOV PHYS

Unknown

The California Department of Child Support Services has notified individuals of a data breach that resulted in unauthorized disclosure of personal information. On April 7, 2014 letters from the Solano County Department of Child Support Services were misplaced while in the custody of a contracted courier who was transporting mail to the US Post Office.

Those affected are asked to call the Department of Child Support Services at 1-866-901-3212.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,422 DATA BREACHES made public since 2005
Showing 101-150 of 4422 results


X

Sign In!

Loading