Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
874,642,074 RECORDS BREACHED
(Please see explanation about this total.)
from 4,403 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
February 28, 2014 Sears
Hoffman Estates, Illinois
BSR HACK

Unknown

Sears announced that the Secret Service is investigating Sears Holdings Corporation as a target of a similar security breach that hit Target and Neiman Marcus toward the end of 2013.

Sears spokesperson, Howard Riefs in an emailed statement stated "there have been rumors and reports throughout the retail industry of security incidents at various retailers, and we are actively reviewing our systems to determine if we have been a victim of a breach,” additionally,  “we have found no information based on our review of our systems to date indicating a breach.” said Riefs.

 
Information Source:
Media
records from this breach used in our total: 0

February 28, 2014 80's Tees
Mt. Pleasant, Pennsylvania
BSR HACK

3,503

80sTees.com, Inc. announced a data breach that was much larger than originally thought. The online retailer originally reported the breach in April of 2013 to customers whose credit card numbers had been used fraudulently. Since that time, the retailer's investigation uncovered that the scope of the exposure to customer credit card information was larger than originally believed.

The company has notified any customer who used the site from June 3, 2012 through April 30, 2013 that their credit card may have been used fraudulently. 

Originally the company was contacted by Discover Card requesting an investigation due to some unauthorized charges experienced by Discover cards customers. The company completed their own investigation and on February 27, 2013 learned that a small number of Visa customers had also experienced unauthorized charges. On March 6, 2013 Mastercard also contacted the company regarding fraudulent charges against their credit card holders.

The company hired a forensic investigator who discovered that the company had been a victim of a cyber attack that gained access to and installed malware on their website server in eary June 2012. Their anitvirus and malware scans did not detect the malware.

April 3, 2013 the company notified approximately 3,503 customers of the breach. This is the amount that was reported to the company by the credit card companies. 

On April 22, 2013, the company received a report from the forensic investigator that 2,598 credit cards were compromised.

On April 30, 2013 the company received calls from two customers stating that their cards had been compromised. The company investigated those customers' complaints and reported the issue to the Secret Service. The Secret Service asked the company to not provide any additional notice until their investigation had been completed.

The Secret Service investigation uncovered that the hackers had set up an unauthorized email account that captured the company's credit card transactions without their knowledge. The Secret Service could not definitely say who the hacker or hackers were. Based on the information the company received, they believed it to be a former high level employee who has since died.

 

 

 

 
Information Source:
California Attorney General
records from this breach used in our total: 3,503

February 27, 2014 L.A Care Health Plan
Los Angeles, California
MED DISC

Unknown

Los Angeles Care Health Plan notified customers of a data breach to their system. Customers were informed that a processing error occured in their system that may have involved accidental disclosure of their information. They were made aware of an issue in their payment portal that allowed one member to see another members name, address and member identification number.

Upon learning about the breach, they temporarily disabled the payment portal and reassigned new membership ID's to those members affected.  The disclosures took place  from January 22, 2014 through January 24, 2014. The breach is being blamed on a manual processing error which has now been corrected.

They are stating that the information was limited to member name, address and member identification number and did not include any other information, such as Social Security number, Driver's License number, or financial account numbers.

The company has requested those affected either email L.A Care's Privacy Office at PrivacyOfficer@lacare.org or by telephone 1-855-270-2327 or a letter to 1055 West 7th Street, 10th Floor, Los Angeles, CA 90017.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 27, 2014 Oak Associates Funds
Boston, Massachusetts
BSF PORT

Unknown

Boston Financial Data Services notified customers of a dta secccurity incident that occurred between January 23 to January 27, 2014 that may have involved customer personal information.

The incident involved the theft of a company electronic device. The device contained a data file that had certain Oak Associates Funds records. This file may have contained names, addresses, email addresses, phone numbers, Social Security numbers, and certain account information, which may have included numbers, shares, balances, set-up dates, and contact instructions.

The company has notified authorities and an investigation is underway. The company is offering one year of Experian's ProtectMyID Alert. Those affected can enroll in the program by visiting the Experian ProtectMyID website at www.protecmyid.com/redeem or by calling 1-877-371-7902. An activation code was supplied in the notification letter sent by the company.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

February 27, 2014 Eastern Alliance Insurance Group
Birmingham, Alabama
BSO INSD

23

Eastern Alliance Insurance Group utilized myMatrix  as the pharmacy benefits manager responsible for pharmaceutical claims associated with workers compensation benefits provided through policies issued by Eastern Alliance Insurance Group.

Based on an investigation by the company and federal law enforcement a former employee improperly accessed information on customers of Eastern Alliance Insurance Group. The information stolen included names and Social Security Numbers. They are claiming no credit card numbers were compromised.

The company is offering free credit monitoring and identity protection from First Watch Technologies. Thos affected can call Jeffrey P. Lisenby, General Counsel at 1-800-282-6242 or contact myMatrixx toll free at 1-888-770-5571.

 

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 23

February 26, 2014 Indiana University
Bloomington, Indiana
EDU HACK

146,000

Indiana University announced that the personal data of 146,000 students and graduates was breached. The information included their Social Security numbers and addresses and may have affected students and graduates from 2011 to 2014 at seven of its campuses.

According to the university "The information was not downloaded by an authorized individual looking for specific sensitive data, but rather was accessed by three automated computer data-mining applications, called webcrawlers, used to improve Web search capabilities."

The university also announced that the information was stored in an insecure location for the past 11 months. The site has since been locked down.

The university has set up a hotline 1-866-254-14841-866-254-1484 for students as well as a website http://bit.ly/1kbX505 with information on how to monitor credit accounts and answers to any additional questions regarding an individuals exposure. The university will also be providing the Social Security numbers of those affected to the three major credit-reporting agencies.

 
Information Source:
Media
records from this breach used in our total: 146,000

February 26, 2014 Apple
Cupertino, California
BSO HACK

Unknown

Apple has revealed a security protocol breach of their iOS and OS X systems. The hacker was able to insert him/herself between the initial verfication and verification session's destination server. This type of hacking allows the hacker to take over as the trusted user. The destination server sees the hacker as the trusted user and will then allow the hacker to access secured connections such as websites, email messages, applications where you would typically enter a user id and password.

 
Information Source:
Media
records from this breach used in our total: 0

February 26, 2014 The Variable Annuity Life Insurance Company
Amarillo, Texas
BSF INSD

774,723

Variable Annuity Life Insurance Company has announced a breach that occurred in 2007. The company just discovered the breach in November of 2013. The discovery led to a previous employee of the company in possession of information relating to some of their customers.  The information included customer names and either partial or complete Social Security numbers.

The company has stated that they know of no unusual activity involving the stolen files but have set up identity protection services for one year for the affected parties.

Call 1-713-831-6316 with questions.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 26, 2014 McKenna Long & Aldridge
Albany, New York
BSO HACK

441

McKenna Long & Aldridge (MLA) informed current and former employees of suspicious activity on servers belonging to one of their vendors. Information potentially breached included Federal Wage and Tax Statement Forms W-2, names, addresses, wages, taxes and Social Security numbers, dates of birth, ages, genders, ethnicities, Visa, Passport or Federal Form I9 documents numbers.

The law firm operates 15 offices throughout the United States and one in Korea and the data breach could have affected current and former employees in any of the 14 offices.

As a result of an investigation the information related to the current and former employees was accessed on November 28, 2013, December 11, 2013, and December 12, 2013. The breach was a result of malicious software placed on the vendors servers.

MLA is providing one year of credit monitoring and identity theft protection at no cost. Those affected must enroll by May 31, 2014 by calling 1-877-371-79021-877-371-7902  or visit the ProtectID website at http://www.protectmyid.com/redeem.

 

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 441

February 25, 2014 Mt. Gox- Worlds Largest Bitcoin Exchange
,
BSF HACK

Unknown

Tuesday, February 25, 2014 one of the largest Bitcoin exchanges in the world was hacked and 744,408 BTC (bitcoins) went missing, which is equivalent to $350 million dollars at todays trading prices.

MtGox publicly declared that "transaction malleability" was the reason behind the theft and reportedly the hackers went undetected for over 2 years. It has been reported they hackers detected a weakness in the "hot wallet"

This is not the first time Mt. Gox has been hacked. In 2011 the exchange was also infiltrated by hackers. Last year the U.S. authorities seized $5 million of the company's U.S. assets.

Mt. Gox has suspended all withdrawals and has shutdown its website.

 
Information Source:
Media
records from this breach used in our total: 0

February 21, 2014 Discover Financial Services
Salt Lake City, Utah
BSF CARD

Unknown

Discover Financial Services sent a notice to their card holders that they were replacing their current cards in wake of all of the retail data breaches. They stated this was not due to a breach of their own systems.

The card replacement specifically replaces the security codes on the back of the card withouth changing the card holders current account number.

They have stated to their members this was strictly a security measure on behalf of Discover Financial Services. No information was communicated in the letter that the members card had been compromised.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 20, 2014 Department of Resources, Recycling and Recovery
Sacramento, California
GOV DISC

Unknown

On January 23, 2014 a Human Resource Officer with the office of Resources, Recycling, Recovery notified individuals that an email went out mistakenly to numerous third parties associated with the agency.  These third party specialists were hired by the agency to assist in HR issues and are known to the agency as "Personal Liaisons".  The report that was mistakenly sent contained first initials, middle initials, last names and Social Security numbers.

The agency has contacted these third party liaisons asking them to immediately delete the email and shred any paper reports.

The company is also recommending anyone affected by the breach, place a fraud alert  with the credit agency's.

For those affected who have further questions, they should call Romana Herrera at (916) 341-6285.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 20, 2014 Alaska Communications
Anchorage, Alaska
BSR HACK

Unknown

Alaska Communications informed customers of a potential data breach on January 27, 2014. One of the company desktop computers was infected with a virus and subsequently sent data outside of their network. Possible personal information compromised could have included names, addresses, dates of birth, and Social Security numbers. The company stated they did not see any evidence of dependent, medical, or banking information that was compromised.

The company is offering 1 year of AllClear ID protection at no cost and can be reached at 8-1-866-979-2593 for both AllClear Secure and AllClear PRO services.

Any further questions or concerns about the incident there is more information at the company's website http://www.alaskacommunications.com/

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

February 19, 2014 University of Maryland
College Park, Maryland
EDU HACK

309,079

The University of Maryland, located in College Town Maryland, had one of their records databases hacked Tuesday January 18, 2014 around 4:00 a.m by an outside source.

This particular database holds information dating back to 1998 and includes names, Social Security numbers, dates of birth and university identification numbers for 309,079 people affiliated with the school at their College Park and Shady Grove campuses.

The hackers did not alter anything in the actual database, but apprarently have made a "copy" of the information. The university commented at how sophisticated the attack was by the hacker or hackers and they must have had a "very significant understanding" of how the database was designed and maintained, including the level of encryption and protection of the database.

According to the university President, school officials are investigating the breach and taking steps to prevent any further system intrusions.

The college has put out the following statements:

"The University is offering one year of free credit monitoring to all affected persons. Additinoal information will be communicated within the next 24 hours on how to activate this service.

University email communications regarding this incident will not ask you to provide personal information. Please be cautious when sharing personal information.

All updates regarding this matter will be posted to this website.  If you have any questions or comments, please call our special hotline at 301-405-4440 or email us at datasecurity@umd.edu".

 

 
Information Source:
Media
records from this breach used in our total: 309,079

February 15, 2014 Kickstarter
Greenpoint, Brooklyn, New York
BSO HACK

Unknown

The crowd-funding site, Kickstarter, was infiltrated by hackers who made off with user information including usernames, email addresses, mailing addresses, phone number and encrypted passwords.

The company has said that no credit card information was taken.

"Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one," the site said in a blog post, adding that "as a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password."

The company was made aware of the breach when contacted by law enforcement.  The company communicated that they "immediately closed the security breach and began strengthening security measures throughout the Kickstarter system." The site also said "no credit card data of any kind was accessed by hackers" and that "there is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts."

 
Information Source:
Media
records from this breach used in our total: 0

February 15, 2014 Blue Shield of California
San Francisco, California
BSO UNKN

Unknown

On January 15, 2014, Blue Shield of California received information that a transaction confirmation page on their website was displaying Agent ID numbers and in some cases those Agent ID numbers were the agent's Social Security number.

The website page shows billing, payment and other account information associated with an applicant/policyholder's Blue Shield account. Blue Shield uses the agent's name and agent ID number as a means of associating the agent with their client in order to facilitate record keeping and policy administration.  The transaction confirmation pages that display and agent's ID/SSN number were visible to those policy holders who applied and/or initiated payment of a current policy through Blue Shield's Website from December 20, 2013 and January 16, 2014.

It is unknown at this time if the exposed SSN's have been misused.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 14, 2014 Forbes.com
New York, New York
BSO HACK

Unknown

Forbes.com announced on their Facebook page February 14th, that they had been a target of a data breach by hackers.

They claim that "the email address for anyone registered with Forbes.com has been exposed Please be wary of emails that purport to come from Forbes, as the list of email addresses may be used in phishing attacks.  The passwords were encrypted, but as a precaution, we will strongly encourage Forbes.com readers to change their passwords on our system once we make sign-on available again".

 
Information Source:
Media
records from this breach used in our total: 0

February 14, 2014 Experian
Costa Mesa, California
BSF HACK

Unknown

Experian notified customers of a potential security breach of their information. Between January 30, 2014 and January 31, 2014 the nationwide credit agency noticed unauthroized access into consumer information without proper authorization using an Experian client's login information. The consumer information consists of information typically found in a consumer report. This information includes names, addresses, Social Security numbers, dates of birth, and account information.

For assistance or any question regarding this breach the agency has provided a toll free number, 800-232-8081 for an Experian representative.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

February 13, 2014 Zevin Asset Management LLC
Boston, Massachusetts
BSF INSD

Unknown

Zevin Assett Management LLC has notified customers of a potential security breach of their customers' data. In mid September 2013 a Zevin employee used an online service provider to host a document listing Zevin's usernames and passwords for certain custodian accounts. According to the company, two documents, one password protected and an inadvertent "test" version of the document that was neither password protected or deleted.

Both versions were accesible online (one through the use of a password and one without a password) and visible from September 2013 through December 30, 2013.

Possible information compromised included names, Social Security numbers, financial account numbers, and account holdings.

The company is offering 1 year free of credit monitering services and asked to contact Benjamin Lovell, President if they want the enroll in the service.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

February 12, 2014 Las Vegas Sands Hotels and Casinos
Las Vegas, Nevada
BSO HACK

Unknown

Las Vegas Sands recently launched an investigation into a security breach of several of their casino websites.  Both the Venetian and the Palazzo had the homepage of their websites hacked and there could be others.

Currently it is unknown if credit card information and/or customer data was compromised.

The hackers responsible for the breach posted employee information including email addresses and Social Security numbers, on the website for the Sands Casino Resort in Bethlehem. The hackers also posted an image of Sands Chairman and CEO Sheldon Adelson posing with the Israeli Prime Minister, Benjamin Netanyahu.

In additional to Las Vegas and Bethlehem, websites for casinos in Macau and Singapore were also hacked.

UPDATE (2/28/2014): Las Vegas Sands Casino released a statement that the attackers who breached the company website did compromise customer and employee data, which included Social Security numbers, driver's license numbers and a mailing database. The data breach affected customers at their location in Bethlehem Pennsylvania. They are currently investigating their additional locations to see if similar data was affected. Origininally the company had communicated that customer data was not affected.

 
Information Source:
Media
records from this breach used in our total: 0

February 11, 2014 Bank of the West
San Francisco, California
BSF UNKN

Unknown

Bank of the West notified individuals regarding a recent data breach that may have involved stolen personal information such as Social Security and driver's-license numbers.

The company sent letters and e-mails to anyone who applied for a job with the company before Dec. 19, the date the breach was discovered.

Currently they are not releasing any information as to the type of information breached or the timeframes the information may have beeen exposed.

"It could've been user name and pass code; it could've been more personal information like Social Security numbers, driver's license, date of birth," said Debra Jack, Bank of the West spokeswoman. "We don't have conclusive evidence that personal information was taken, but we sent those letters as a precaution."

The target of the breach was an online application system that had been retired earlier in 2013, the company disabled the affected servers and is now investigating with help from the FBI.


 
Information Source:
Media
records from this breach used in our total: 0

February 10, 2014 Freeman
Dallas, Texas
BSF DISC

Unknown

The company, Freeman, announced a data breach regarding employee W2 forms.  Some employees may have received a W2 form that belonged to another employee. The company announced that one of their vendors, ADP, who works with a large national vendor that mails all of ADP's W2's, has experienced an error in their technology.

A glitch in the mail vendors' technology caused the barcode to input the incorrect barcode on the envelopes. The US Postal Service and delivered based on the barcode, not the name or address shown on the envelope.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 10, 2014 Nielsen
New York, New York
BSO INSD

Unknown

Nielsen company announced that an undisclosed number of Nielsen Audio employees are being notified that their personal information including names and Social Security numbers may be at risk after an employee with their Human Resources department mistakenly sent out a mass email containing the data.

It is currently unknown how many employees were affected.

The Nielsen Audio employee mistakenly emailed a file containing the information to other Nielsen Audio employees, who then forwarded the email containing the file to others within the Nielsen environment. These employees were unaware of the contents of the file.

 
Information Source:
Media
records from this breach used in our total: 0

February 10, 2014 University of Miami Health System
Miami, Florida
MED PHYS

13,000

The University of Miami Health System (UHealth) notified patients of a data breach when an offsite storage vendor communicated that the records could not be located. The Health System, which is one of the largest health providers in Southern Florida, discovered the breach on June 27, 2013. They have just recently begun notifying patients of the breach.

The information in the missing files included patient names, dates of birth, physician names, insurance company names, medical record names, facility visited, procedures, diagnostic codes, and Social Security numbers.

More Information: http://blogs.miaminewtimes.com/riptide/2014/02/security_breach_at_jackso...

UPDATE (8/26/2014): The University of Miami Health System has agreed to a class-action settlement for the data breach that occurred in 2013 when records went missing from an offsite storage facility the medical system used.

Under the settlement agreement, the UHealth will be required to conduct various risk assessments, remediate any identified problems, and ensure vendors have adequate security controls in place. The agreement states that the university will pay $100,000 in individual claims, $90,000 in attorneys’ fees, and $1,500 to the named plaintiff that initiated the lawsuite. Both parties have asked the federal district court to approve the recently-filed proposed settlement agreement.  http://www.phiprivacy.net/wp-content/uploads/Carsten_proposedsettlement.pdf

 

 
Information Source:
Media
records from this breach used in our total: 13,000

February 8, 2014 Medtronic
Minneapolis, Minnesota
MED HACK

Unknown

It has been reported that Medtronic, the world's largest medical device maker's computer network  has been hacked sometime in the first half of 2013. It is not clear what type of information the hackers were targeting. Federal laws meant to safeguard medical information require companies to disclose any breach involving patient information, so far Medtronics has not made these disclosures.

The attacks point to Chinese hackers and the medical device company was not aware of the intrusions until federal authorities contacted them and they have now formed a task force to investigate the breach. A spokewoman for the medical device maker would not comment on any specific attacks.

 
Information Source:
Media
records from this breach used in our total: 0

February 8, 2014 Boston Scientific
Natick, Massachusetts
MED HACK

Unknown

It has been reported that Boston Scientific, a medical device maker's computer network  has been hacked sometime in the first half of 2013. It is not clear what type of information the hackers were targeting. Federal laws meant to safeguard medical information require companies to disclose any breach involving patient information, so far Boston Scientific has not made these disclosures.

Denise Kaigler, a Senior Vice President of Corporate Affairs with Boston Scientific stated "like many companies, Boston Scientific experiences attempts to penetrate our networks and systems and we take such attempts seriously. We have a dedicated team to detect and mitigate attacks when they occur as well as to implement solutions to prevent future attacks." Ms. Kaigler would not comment on the specifics of any attack, but described the media reporting as "inaccurate".

The attacks point to Chinese hackers and the medical device company was not aware of the intrusions until federal authorities contacted them and they have now formed a task force to investigate the breach.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 7, 2014 Easter Seals of Superior California
Suwanee, Georgia
MED PHYS Unknown

On December 10, 2013, an Easter Seal Society of Superior California employee's company vehicle were broken in to, and a company laptop containing health record information belonging to minors may have been breached.

The laptop contained emails that may have had specific information such as children's names, dates of birth, health care provider information, health care billing information, patient identification numbers, and occupational therapy notes.

The company is investigating any potential fraud that may have been associated with this information.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 7, 2014 San Francisco Airport-South San Francisco Embassy Suites Hotel
South San Francisco, California
BSO HACK

Unknown

South San Francisco Embassy Suites hotel informed customers who stayed at the hotel that they may have been affected by unauthorized access to two of their computer systems. The hotel learned that in 2013 an unauthorized third party obtained information relating to some payment cards used at the hotel.

The information breached involved credit and/or debit card numbers, expiration dates, cardholder names, and the CVV2 code on the back of the cards. The data was captured with a manual device and the hotle is claiming that their computer systems were not breached, so no other personal information about their customers was obtained.

Law enforcement was contacted regarding the breach. The company stated they have no reason to believe that this situation has impacted any other Embassy Suites hotel or any other hotel in their chain.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

February 6, 2014 The Home Depot
Atlanta, Georgia
BSR INSD

30000

Three Home Depot employees were arrested for allegedly stealing personal information of some 300 employees, and were initially detected last fall and those employees whose files were notified of the breach. One of the three employees was caught using her Home Depot email to send the stolen information.

Security investigators fear that this breach may have affected as manay as 20,000 individuals. Information stolen included Social Security numbers and birthdates. Allegedly the employees opened numerous fraudlent accounts with the stolen personal information.

UPDATE (5/30/2014): Originally it was reported that up to 20,000 individuals may have been affected by this security breach. The number has now been increased to 30,000 individuals may have been affected. The first report that came out reported three Home Depot employees were involved, but according to the disclosure document sent on behalf of The Home Depot Corporation, one individual was arrested and The Home Depot will seek prosecution of the individual to the fullest extent of the law.

 
Information Source:
Media
records from this breach used in our total: 30,000

February 5, 2014 St. Joseph Health System
Suwanee, Georgia
MED HACK

405,000

St. Joseph Health System in Texas has reported a data breach of a server that stored information for numerous facilities.

Information was accessed through a single server by hackers from China and other locations. The server contained employee and patient data for St. Joseph Regional Health Center in Bryan, Burleson St. Joseph Center, Madison St. Joseph Health Center, Grimes St. Joseph Health Center and St. Joseph Rehabilitation Center. The affected server was taken offline once the breach was discovered.

The breach supposedly occurred between December 16 through the 18th, 2013.

The data included patient names, birth dates, Social Security numbers, and possibly addresses. Medical information for patients was accessible, as well as bank information for current and former employees. Both adult and minor information may have been compromised.

Currently, investigators could not determine if any information had been extracted or used.

 
Information Source:
California Attorney General
records from this breach used in our total: 405,000

February 5, 2014 K. Min Yi, MD, Inc.
San Jose, California
MED PHYS

4,676

Dr. K. Min Yi informed patients of a burglary that occurred at the surgeon's facility on May 28, 2013, in which the burglars stole a desktop hard drive and an external hard drive that had over 4,000 patients records on them.

The information included patients medical history, including lab and radiology reports, surgical information, names, addresses, telephone numbers, dates of birth and insurance information of the primary insured individual. They do not believe that patient Social Security numbers were compromised, however the SSN of the primary insured may have been exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 31, 2014 White Lodging Services Corporation
Merrillville, Indiana
BSR HACK

Unknown

White Lodging, a company that maintains hotel franchises under nationwide brands such as Hilton, Marriott, Sheraton and Westin may have been the victim of a data breach potentially exposing credit and debit card information. The company has not released the number of potential cards that may have been affected.

The breach was first noticed by various banking sources, who were sharing data indicating that they were seeing a pattern of fraud on hundreds of cards that were all used at Marriott hotels around March 23, 2013 through the end of last year. The breach seemed to only occur at those Marriott locations that were managed by White Lodging Services Corporation.

Reportedly the breach appears to have affected mainly restaurants, gift shops and other establishments within hotels managed by White Lodging.

 
Information Source:
Media
records from this breach used in our total: 0

January 30, 2014 UC Davis Health System
Sacramento, California
MED HACK

Unknown

UC Davis Health Center has informed patients of a potential data breach to their system. They recently learned that one of their medical provider's email accounts was impacted by an email "phishing" scam, which malicious software is used to access records. In this case this malware targeted the medical provider's email account.

They are currently investigating the breach and are unclear as of now if direct access to the information contained in this provider's emails was breached. Potential records breached include names, medical record numbers and dates of clinical visits to this provider.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 28, 2014 Bring It To Me
San Diego, California
BSR HACK

Unknown

BringItToMe.com informed certain customers that a data breach occurred at one of their vendors that may have compromised personal or payment card information. No details have been released as to the specific personal or payment card information that may have been breached

The company was recently informed that the online ordering software provider, Big Tree Solutions, discovered unauthorized modifications in their software that could potentially allow new payment card information entered between October 14, 2013 and January 13, 2014 to have been obtained by an unauthorized user.

According to the company the unauthorized modification has been corrected and other security measures have been put into place.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 27, 2014 State Industrial Products
Mayfield Heights, Ohio
BSO HACK

Unknown

State Industrial Products was contacted by the FBI informing them of unauthorized access to information about current and former State Industrial employees. The FBI shared a list of specific employees and the information that was breached.

The information included named, addresses, email addresses, Social Security numbers, driver's license numbers, genders, dates of birth, phone numbers, employee ID's, and dates of hire.

The company has launched an investigation as to the unauthorized access and hired a computer security firm to analyze thier computer network. In the initial investigation, it appears that the unauthorized person or persons did so for the purpose of filing fake tax returns.

The company is asking any affected employees to complete the IRS Identity Theft Affidavit or to contact the IRS Identity Protection Specialized Unit at 1-800-908-44901-800-908-4490 with questions.

The company has also offered free one-year membership to Experian's ProtectMyID Alert.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

January 25, 2014 Michaels Stores Inc.
Irving, Texas
BSR HACK

2.6 million cards

On January 25, 2014, Michaels Stores Inc. communicated with customers as to the possibility of a security breach regarding customers payment cards. They have not confirmed as of yet, that a breach did occur, however based on a preliminary investigation and in light of the recent Target and Neiman Marcus breaches, the company felt it was important to warn customers of the possibility of a breach.

Michaels is currently working with investigators as to the potential of this breach. No additional detailed information has been supplied by the company.

UPDATE (2/11/2014): A class action lawsuit has been filed against Michaels by an individual. The suit claims that "the arts and crafts supplier failed to secure and safeguard customers’ private financial information".  The suit also alleges that "Michaels failed to adequately monitor its payment systems in such a manner that would enable the retailer to detect fraud or other signs of tampering so that the breach of security and diversion of customer information was able to continue unnoticed for a period of time".

It has also been reported that Michaels failed to disclose a data breach that occurred in May of 2011. A lawsuit was filed for the 2011 breach, but was settled. 

The company has not yet released the total number of individuals affected by the breach or when the breach might have taken place.

UPDATE (7/22/2014): "A federal court in Illinois held July 14 that an elevated risk of identity theft from a Michaels Stores Inc. breach provides standing, but without evidence of specific monetary damages that risk is insufficient to support statutory or common law claims (Moyer v. Michaels Stores, Inc., N.D. Ill., No. 1:14-cv-00561,dismissed 7/14/14).

Judge Elaine E. Bucklo of the U.S. District Court for the Northern District of Illinois dismissed the case against the arts and crafts retailer, finding that the plaintiffs failed to plead monetary damages".

 

 
Information Source:
Media
records from this breach used in our total: 2,600,000

January 24, 2014 Coca-Cola Company
Atlanta, Georgia
BSR STAT

Unknown

The Coca-Cola Company announced the theft of several computers from one of their locations that contained personal information on employees and other individuals. The company did not detail the specific information that was stored on the stolen computers. The theft was discovered on December 19, 2013.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 24, 2014 St. Francis Hospita and Medical Centers
Hartford, Connecticut
MED PHYS

Unknown

St. Francis Hospital announced a breach of 858 patient records when physical patient files were stolen from a contracted emergency room physicians car. The files included patient names, patient medical record numbers and dates of birth. No Social Security numbers or financial records were compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 858

January 23, 2014 W.J Bradley
Centennial, Colorado
BSF INSD

Unknown

W.J Bradley Mortgage Capital, LLC announced in a letter to customers that information disclosed to the Emery Team at W.J Bradley Mortgage Capital, LLC in connection with numerous loan transactions had been breached. According to the company, information on specific loan transactions had been taken from their computer systems and copied by several former loan officers of the company. This information was then shared with another mortgage company not associated with W.J Bradley.

The company communicated that the information taken included income, marital status, and loan information. There is no evidence that the information was released to the public at large.

A court order was obtained by W.J Bradley requiring the return of all private customer information to the company, prohibiting the defendants from sending that information to others, and requiring that the defendants destroy all copies of the information in their possession.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 20, 2014 Dartmouth-Hitchcock
Lebanon, New Hampshire
BSO HACK

Unknown

Dartmouth-Hitchcock informed patients of a security breach involving their personal information that is maintained by the company.

On or around December 3, 2013, the company discovered that, as a result of a phishing incident, certain employee user accounts had unauthorized activity in the Employee Self Service Direct Deposit Payroll system.

The company launched an investigation and found further unauthorized access to this same system from October 6, 2013 through December 2, 2013. The information accessed included full names, bank account information (routing and checking account numbers), Social Security numbers along with other information the employee supplied to the self service system.

Employees are asked to call IS Security Manager, Charles Goff at 1-603-653-1380 or email IS-Security@hitchcock.org.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

January 17, 2014 Easton-Bell Sports Inc.
Van Nuys, California
BSR HACK

Unknown

Easton Bell Sports Inc., out of Van Nuys California informed customers of a data breach in December. The company has stated that one of their vendors servers was the attack of vicious malware and was breached on or around December 1, 2013.

The breach may have impacted online purchases made from December 1, 2013 to December 31, 2013. The customer information breached may have included names, addresses, phone numbers, email addresses, credit card numbers, along with the 3 or 4 digit security code on the back of cards.

Once the breach was discovered, the company immediately shut the server down and took steps to stop any further infiltration of the system. The company has hired a computer forensics expert to conduct an investigation.

The amount of customers affected is currently unknown.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 17, 2014 E-Benefits Department of Veteran Affairs
, District Of Columbia
GOV UNKN

Unknown

As reported by a local T.V station in Moore County North Carolina, a Navy veteran  reported to have been utilizing the E-Benefits portal through the Department of Veteran Affairs to check his own benefits. He was on the VA's E-Benefits website trying to track down his own history for a bank loan. Instead, windows kept popping up displaying other veterans' medical and financial information. He has since reported the issue to the Department of Defense, the VA and Senator Kay Hagan's office.

The VA has responded with a statement to ABC11 on Friday January 17, 2014 with the following:

"The Department of Veterans Affairs (VA) takes seriously our obligation to properly safeguard personal information.  Wednesday evening, during a process to improve software supporting the joint VA and Department of Defense benefits web portal eBenefits, VA discovered a software defect. During that limited timeframe, some Veterans and Servicemembers who had registered and logged into eBenefits were able to see a combination of their own information as well as data from other eBenefits users.  VA took immediate action upon discovering the software defect and shut the eBenefits system down in order to limit any problems.  VA is conducting a full review to be certain the underlying technological issues have been resolved before the system is returned to operation.

VA's independent Data Breach Core Team (DBCT) is reviewing this issue and believes a relatively limited number of Veterans have been affected. Once the DBCT determines the number of users impacted, their identities and other pertinent facts, VA will take the appropriate response, which may include free credit monitoring for the affected individuals, consistent with VA's standard practice".

 
Information Source:
Media
records from this breach used in our total: 0

January 15, 2014 South Carolina Department of Employment and Workforce
Columbia, South Carolina
GOV INSD

4,658

 A South Carolina Department of Employment and Workforce human resources employee allegedly downloaded the personal information of 4,658 current and former DEW employess to a personal device, according to authorities.

The data downloaded may have included payroll information, Social Security numbers and bank account information. The employee has since been fired. The incident allegedly occurred on December 18, 2013.

 
Information Source:
Media
records from this breach used in our total: 4,658

January 15, 2014 City of Burlington
Burlington, Vermont
GOV DISC

Unknown

The Office of The Clerk/Treasurer for the City of Burlington informed individuals that their names and Social Security numbers were inadvertently left unredacted as part of the individuals request for a tax abatement that was provided to the Burlington Board of Tax Abatement (which is made up of the City Council, Mayor and CIty Assessor).

The information was part of a clickable agenda item that was posted on the City Council's website on January 9, 2014, the information was redacted on January 13, 2014.

Those affected with questions can call Bob Rusten, Chief Administrative Officer at 1-802-865-7000.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

January 14, 2014 Southwest General Health Center
Middleburg Heights, Ohio
MED PHYS

480

Southwest General Hospital notified approximately 480 patients who were part of a obstetrics study that some of their private information was recently lost, including names, data on births, clinical information and medical record numbers. The data was included in one binder and the binder was discovered missing early in December 2013. The binder did not include Social Security numbers or financial information.

 
Information Source:
Media
records from this breach used in our total: 0

January 14, 2014 NORCOM-North East King County Regional Public Safety Communication Agency
Bellevue, Washington
GOV HACK

6,000

The North East King County Regional Public Safety Communication Agency (NORCOM) has announced a security breach of a server that stored records of an estimated 6,000 medical responses for Duvall Fire District 45, Skykomish Fire Department and Snoqualmie Pass Fire & Rescue. Currently, the investigation has revealed that the medical response records breached included names, addresses, dates of birth, nature of emergency call and initial medical condition.

The breach also included personnel data for 231 full-time and volunteer firefighters who work or have worked for the three agencies. This information could include drivers license informatin, date of birth, Social Security numbers, emergency contact and limited medical information.

 
Information Source:
Media
records from this breach used in our total: 231

January 13, 2014 Update Legal
San Francisco, California
BSO INSD

Unknown

On or around September 9, 2013, Update Legal was informed by San Francisco Police that a suspect in custody had digital photographs of I-9 forms on the smartphone in this persons possession. This individual potentially obtained Social Security numbers, date of birth, driver's license numbers, email addresses, passport identification, state ID cards, military dependent's ID cards, US Citizen's ID cards, Certification of Birth Abroad, Birth Certificates and addresses.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 10, 2014 Neiman Marcus
Dallas, Texas
BSR HACK

1.1 million

Neiman Marcus confirmed that its database of customer information was hacked last month, around mid-December, the same time that Target stores were targeted. The case is similar to the Target case in that only retail shoppers were affected, no online shoppers were affected.

The cause, size and duration of the attack are not yet known and should start to be revealed once a third party investigation is completed. The company is also working with the Secret Service, which is customary in these types of attacks.

UPDATE (1/16/2014): It has been reported that the breach at Neiman Marcus could as far back as July 2013 and that the breach was not fully contained until Sunday January 12, 2014. Neiman Marcus is still not communicating the total amount of individuals affected, but did comment that "some of their customers" payment cards were used fraudulently and have taken steps to notify those customers. They still do not believe that Social Security numbers or birth dates were affected.

UPDATE (1/25/2014): Neiman Marcus released a statement that approximately 1.1 million individuals have been affected by the recent data breach to their system.

 
Information Source:
Media
records from this breach used in our total: 1,100,000

January 10, 2014 Alamance County Department of Social Services
Burlington, North Carolina
GOV INSD

33

Rakecia Matrese Brame, a former social worker for the Alamance County Department of Social Services in North Carolina, pled quilty to identity theft, tax, and fraud charges. According to court documents, Brame was employed as a social worker from 2009 to 2011 and was responsible for investigating claims of abuse and neglect against minors and disabled adults. She had authorized access to their system which included names, dates of birth and Social Security numbers of Alamance DSS clients.

Brame used her access to identifying information contained in Alamance DSS records to illegally obtain the personal identifying information of clients and others. She would then sell that information to two tax preparers at the Greensboro branch of Nothing But Taxes, a tax return preparation firm.  They used the stolen identities to claim false dependents on tax returns they prepared for Nothing But Taxes clients, inflating tax refunds on their clients' behalf.

 

 
Information Source:
Media
records from this breach used in our total: 33

January 10, 2014 Barry University
Portland, Oregon
EDU HACK

Unknown

Barry University informed individuals of a security incident that may have affected personal information maintained by the university.

On May 14, 2013, Barry University detected malware which infected a laptop owned and used by Barry University. The files infected included full names, dates of birth, Social Security numbers, driver's license numbers, bank account numbers.

The university is offering a free one-year credit monitoring service. They've supplied a phone number to those affected at 1-800-981-7571 and to reference number 47911.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

Breach Total
874,642,074 RECORDS BREACHED
(Please see explanation about this total.)
from 4,403 DATA BREACHES made public since 2005
Showing 201-250 of 4403 results


X

Sign In!

Loading