Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
868,045,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,351 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
June 10, 2014 St. Francis Hospital
Columbus, Georgia
MED DISC

1,175

St. Francis Hospital notified patients of a data breach when a mass email to 1, 175 patients was sent out where all email addresses were visible vs. having each patient being blind copied on the email.

The hospital is claiming that no medical treatment or other personal information was part of the email.

Those St. Francis patients who have questions about the incident are asked to call the hospital at 1-800-723-49981-800-723-4998.

 
Information Source:
Media
records from this breach used in our total: 0

June 10, 2014 Access Health CT
Hartford, Connecticut
BSF INSD

413

The Connecticut health insurance exchange has suffered a data breach, when one of the exchanges employees lost a backpack at a local deli that included names, Social Security numbers and birthdates of 413 individuals.

The employee was not authorized to remove these documents from the facility and has since been put on administrative leave.

 
Information Source:
Media
records from this breach used in our total: 413

June 9, 2014 College of the Desert
Palm Desert, California
EDU INSD

1,900

The College of the Desert in Palm Dale Calfornia informed individuals of a data breach in their system when a college employee sent an unauthorized attachment in an email to approximately 78 college employees,  that contained personal information of employees of the college.

The information contained in the attachment included names, Social Security numbers, dates of birth, geners, zip codes, titles of postions held at the university, employment anniversary date, employee identification numbers, insurance information,  active or retired employee status.

Those who are affected are asked to call Stan Dupree, HR and Labor Relations Director at 760-674-3777760-674-3777or sdupree@collegeofthedesert.edu

UPDATE (6/19/2014): According to new reports, The College of the Desert breach affected 1,900 current and former employees. The total individuals affected was not reported when the breach was made public.

 
Information Source:
California Attorney General
records from this breach used in our total: 1,900

June 7, 2014 Walgreens
Atlanta, Georgia
BSR INSD

Unknown

Walgreens has notified some patients of a breach when an employee stole some patients information, which included names, dates of birth, and Social Security Numbers in the form of a Medicare ID number and provided the information to a third party. Walgreens is claiming that no credit card, banking or other personal information was involved.

The company has set up a hotling for those affected, 1-866-312-8654 from 7 a.m to 7 p.m Central Standard time, Monday through Friday.

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 0

June 6, 2014 Miami-Dade County
, Florida
GOV UNKN

Unknown

The county of Miami-Dade informed employees of a data breach where their personal information is being used to file fraudulent unemployment claims, along with credit card fraud. Currently, officials at the county are not clear if this breach happened internally or by external hackers.

They have not released what specific information has been compromised.

Federal officials at the U.S Inspector General's Office are leading the investigation due to false unemployment claims. The Human Resource Department of the agency has put out a statement.

"The recent news report on a “Data Breech” has understandably raised concerns amongst our employees regarding their personal information and whether they are one of the employees impacted by identity theft. Please be advised that when we identify a possible fraudulent unemployment claim, we immediately notify the Departmental Personnel Representative (DPR) for that employee. Our procedures are as follows:

The Human Resources Department receives the Notices of Reemployment Assistance once a claim for unemployment has been filed with the Department of Employment Opportunity (DEO). If a claim is identified as fraudulent (once HR confirms the employee is an active employee) HR contacts the employee’s DPR to provide notice to the Department and notification is immediately sent to the Department of Unemployment indicating that it is a fraudulent claim.

If an employee is notified that a fraudulent claim has been filed on their behalf, the employee should be instructed to do the following:

 

  1. Contact the Unemployment Fraud Hotline to report the fraud at (800) 342-9909(800) 342-9909. They should report that their identity (SS#, Name) is being used to commit Unemployment Fraud.
  2. Make a note of the Master Case File # that has been assigned by the Miami-Dade Police Department:PD130322106429.
  3. File an Identity Theft Affidavit (IRS Form 14039), found at http://www.irs.gov/pub/irs-pdf/f14039.pdf
  4. Notify their banking institutions
  5. Make routine checks on their bank accounts
  6. Conduct thorough reviews on their bank and credit card statements
  7. Visit http://myfloridalegal.com/identitytheft to learn more about Identity Theft


We assure you that fraudulent claims are being taken very seriously and every effort is being made to identify and refer these cases to the proper authorities for appropriate action."

 
Information Source:
Media
records from this breach used in our total: 0

June 6, 2014 Penn State Milton S. Hershey Medical Center
Hershey, Pennsylvania
MED INSD

1,801

Penn State Milton S. Hershey Medical Center began alerting patients of a data breach when an employee accessed clinical data on an unauthorized computer and removable storage device. The employee did have permissions to have access to the files, but downloaded the clinical information on a removable storage device and his personal computer, both of which were not properly secured and outside of the medical centers IT department. The employee also used their personal email account to send emails with a test log of the data to two physicians at the medical center.

 
Information Source:
Media
records from this breach used in our total: 0

June 5, 2014 Highmark
Pittsburgh, Pennsylvania
BSF DISC

3,675

Health Insurer, Highmark Inc. notified customers that are members of either Security Blue or Freedom Blue, that their information may have been mailed to other people. The information mailed was a health risk assessment that included information such as names, addresses, dates of birth and certain medical information.  The health insurer is claiming that no Social Security numbers were compromised.

 
Information Source:
Media
records from this breach used in our total: 0

June 4, 2014 National Credit Adjusters
Hutchinson, Kansas
BSF UNKN

Unknown

National Credit Adjusters have informed individuals of a breach that has happened when they were notified that some customers were receiving phone calls from unauthorized third party debt collectors. The information that these unauthorized debt collectors may have access to include names, addresses, debt balances, dates of birth and Social Security numbers. The information may also expand beyond the individual on the account to co-signers of the account as well.

The hackers pose as legitimate debt collectors but are actually calling with the attempt to scam individuals out of their money.

For those affected, the company is asking individuals call 1-855-737-9123.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 3, 2014 Craftsman Book Company
Carlsbad, California
BSO HACK

Unknown

Craftsman Book Company notified customers of a breach that occured on their site. On Tuesday May 27th the company discovered unauthorized access to their site and recommended a change in their username and password. Since that time they discovered that the breach also included charges on customers credit card. The hackers found another site operated by the company and through the security vulnerabilities in the one site, they were able to get to the Craftsman Book site and ultimately to the customers information.

Since the vulnerability was discovered, the company has shut down the other site and is in the process of securing it.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 30, 2014 Arkansas State University College of Education and Behavioral Science's Department of Childhood Services
Jonesboro, Arkansas
EDU HACK

50,000

Arkansas State University was notified by the Arkansas Department of Human Services of a data breach in their College of Education and Behavioral Science's Department of Childhood Services database, potentially exposing personally identifiable information.

According to A-State's Chief Information Officer Henry Torres,  “we have confirmed unauthorized access to data, but we have no reports regarding illegal use of the information in these files,” Torres said. “We took immediate measures to address this issue after being notified by DHS. We are cooperating with DHS and working with programmers to assess and resolve the situation.”

The breached involved a database related to the "Traveling Arkansas Professional Pathways (TAPP) Registry, which is a professional development system designed to track and facilitate training and continuing education for early childhood practictioners in Arkansas."

To date, the university has stated that Social Security numbers were compromised in the database, no other information as to the specific data was provided by the university.

 
Information Source:
Media
records from this breach used in our total: 50,000

May 29, 2014 Montana Health Department
Helena, Montana
MED HACK

Unknown

The Montana Department of Public Health and Human Services announced a data breach that occured when hackers had access to the server for nearly a year. The server contains names, addresses, dates of birth, Social Security numbers and clinical information of customers along with the Social Security numbers and bank account information of employees.

The agency has set up a help line for those who may have been affected at 1-800-809-29561-800-809-2956.

 
Information Source:
Media
records from this breach used in our total: 0

May 28, 2014 Hospital for Veterans Affairs, Denver
Denver, Colorado
BSF STAT

248

The hospital for Veterans Affairs in Denver had two bio-medical computers stolen from a locked room in the hospital. The computers contained data from tests on approximately 239 VA patients. These computers were used to record data from pulmonary function tests for these patients. The hospital has said that no other data was stored on the computers and the data is encrypted on a password protected application.

 

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

May 28, 2014 Sharper Future
Los Angeles, California
MED STAT

Unknown

The Sharper Future, a mental health facility in Los Angeles has informed clients of a data breach when their offices were burglarized and various electronic equipment that stored patient records which includes names, dates of birth, health and clinical histories, treatment records, CDCR identification numbers and Social Security numbers of their clients.

The facility did report that the information on the stolen equipment was password-protected and did not include financial information. The incident is currently under investigation by authorities.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 28, 2014 Precision Planting
Tremont, Illinois
BSO HACK

Unknown

Precision Planting customers have been impacted by a security breach affecting one of the company's data servers. The company has not communicated specifically how their system was compromised, however the information breached included customer names, addresses, tax identification numbers and financial information. The server also contained some employee W-2 forms, Social Security numbers, and driver's license numbers.

 
Information Source:
Media
records from this breach used in our total: 0

May 26, 2014 Power Equipment Direct
Suwanee, Georgia
BSR HACK

Unknown

Power Equipment Direct has notified customers of a data breach that occured when a small piece of malicious computer code was uploaded to a server that handles their check-out process. The malicious code captured and transmitted screen shots of check-out pages. The company reported that the breach most likely occured from May 4, 2014 until May 5, 2014.

The company is not sure as to what information was captured, it woud have been the information on the screen available at the time the malicious code was enabled.

The company is offering AllClear SECURE at no cost for 12 months. For those affected they can call 1-877-676-0382.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

May 26, 2014 AutoNation Toyota of South Austin
Austin, Texas
BSO HACK

Unknown

AutoNation Toyota of South Austin informed customers of a data breach that occured when a third party vendor, TradeMotion, who operates parts websites for auto dealers nationwide, had their systems hacked potentially exposing credit card information that was stored on their system. The hackers may have also gotten names, addresses, telephone numbers, and email addresses.

The company has arranged for those affected to receive one year of identity theft protection through Experian's ProtectMyID. Those affected can call 1-866-252-9553 by August 31, 2014 for enrollment.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

May 23, 2014 Humana
Atlanta, Georgia
MED PORT

2,962

Humana has notified Atlanta customers of a data breach that occurred when a Humana associate's vehicle was broken into and an unencrypted USB drive along with the associates lap top computer were stolen. The information contained on these devices included medical record information and Social Security Numbers.

Humana said that it "has no reason to believe that the information has been used inappropriately." The company is offering free access to a credit-monitoring service for members who were affected.

"Members enrolled in Medicare plans who have any questions about this may contact Humana at 1-800-457-4708, from 9 a.m. to 5 p.m. Members enrolled in non-Medicare plans should call 1-800-448-6262".

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 2,962

May 23, 2014 Placemark Investments
Addison, Texas
BSF HACK

11

Placemark Investments, Inc. who is a registered investment adviser providing overlay management services for TD Ameritrade's Unified Managed Account Exchange program, notified 11 Maryland residents of a data breach.

Reportedly, malware placed on one of Placemark's servers, accessed and directed the server to send large batches of spam email. Based on analysis done by the company the malware also had the "potential to expose certain PDF documents tied to account creation that were stored on the server for short intervals".

These documents contained information relating to the eleven individual accounts which included names, addresses, dates of birth, and Social Security numbers.

The company is offering one year free of credit monitoring services from Experian.

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 11

May 22, 2014 San Diego State University
San Diego, California
EDU DISC

Unknown

San Diego State University discovered a database that was set up and managed by the Pre-College Institute, containing names, Social Security numbers, dates of birth, addresses, and other personal information was mis-configured to enable any computer connected to the SDSU wired network with the program "File Maker"   The SDSU wired network consists of offices, some labs and the library.

For those with question or concerns about the incident are asked to contact Felecia Vlahos, the Information Security Officer at iso@sdsu.edu or via phone at toll free 1-855-594-0142 and refer to incident #H05007.

 

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 22, 2014 Lowes Corporation
Mooresville, North Carolina
BSR DISC

35,000

Lowes Corporation had to issue a data breach notice to current and former drivers for the company due to a security breach with one of the third party vendors they use.

Information breached included including names, addresses, birthdays, Social Security numbers, driver's license numbers, and other driving record information with a company called E-DriverFile, an online database provided by SafetyFirst, a driver safety firm headquartered in New Jersey.

The third party vendor unintentionally backed up the data to an unsecure server that was accessible via the Internet. The information may have been exposed from July 2014 through April 2014 before it was discovered.

Lowes is offering their current and former employees one year free of AllClearID. Those affected can call 1-877-322-8228

 
Information Source:
Media
records from this breach used in our total: 35,000

May 22, 2014 Bluegrass Communit Federal Credit Union
Ashland, Kentucky
BSF UNKN

Unknown

Experian has notified Bluegrass Federal Credit Union of unauthorized access of it's consumer information without proper authorization. The information includes names, addresses, Social Security numbers, dates of birth, and account numbers.

For those affected they can contact Bluegrass Community FCU at 606-324-0888606-324-0888 and ask for Jamie Darling.

 
Information Source:
New Hampshire Attorney General
records from this breach used in our total: 0

May 21, 2014 Ebay
San Jose, California
BSO HACK

145,000,000

Ebay, the online auction site, was hacked between late February and early March with login credentials obtained from employees. The hackers then accessed a database containing user records of approximately 145 million users which they appeared to have copied.

The information included email addresses, encrypted passwords, birth dates, mailing addresses. The company reports that no financial data or PayPal databases were compromised.

The company is encouraging all who were affected to login into their account and change their passwords.

Ebay has provided the following links for additional information:

http://www.ebayinc.com/

 
Information Source:
Media
records from this breach used in our total: 0

May 21, 2014 Paytime Inc.
Mechanicsburg, Pennsylvania
BSO HACK

Unknown

Paytime Inc, a payroll service for corporations, notified customers of a data breach to their payroll system. The hackers obtained usernames and passwords to their system and were able to obtain Social Security numbers, direct deposit account information, dates of birth, hire dates, wage information, home and cell phone numbers, other payroll information and home addresses.

The company is providing one year free of AllClearID. Those affected are asked to call 1-855-398-6436.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 21, 2014 Hanover Foods Corporation
Hanover, Pennsylvania
BSO DISC

5,867

Hanover Foods Inc, who is a Paytime client has learned that over 5,800 of it's employees were part of the over 216,000 individuals affected by the Paytime breach. Hanover's representing law firm has also sent a letter to those affected and has reported the incident to those individuals affected.

The information breached included names, Social Security numbers, direct deposit bank account information, dates of birth, hire dates, wage information, home and cell phone numbers, and other payroll information when hackers obtained usernames and passwords associated with the Paytime system.

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 5,867

May 19, 2014 Lowe's
Mooresville, North Carolina
BSR DISC

Unknown

Lowe's, the home improvement store informed current and former drives of Lowe's vehicles that one of their third party vendors who provide a computer system "E-DriverFile" that stores compliance documentation and information related to these current and former employees, was unintentionally backed up to an unsecure computer server that was accessible from the Internet.

The information that was compromised included names, addresses, dates of birth, Social Security numbers, driver's license numbers, Sales IDs and other driving record information.

An investigation was launche and it and it was discovered that the information may have been exposed between July 2013 and April 2014. The company is providing one year free of AllClear ID services to those affected. For questions from those affected asr asked to call 1-877-263-7997 within the USA, for those outside the United States or Canada, call 1-512-579-2449.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 14, 2014 University California Irvine
Irvine, California
EDU HACK

Unknown

On March 26, 2014, the California Information Security Office notified the University California Irvine that three of the computers in the Student Health Center had been infected by a keylogging virus, which captured the keystrokes as information was being entered into the computers, then transmitted the data to unauthorized servers. They believe that hackers gained information from February 14th through March 27th 2014.  As a result of the virus personal information of individuals was compromised.

The information included names, unencrypted medical information, potentially including health or dental insurance number, CPT codes, ICD9 codes and/or diagnosis, student ID numbers, non-student patient ID numbers, mailing addresses, telephone numbers, amounts paid to the Student Health Center for services, bank names and check numbers.

UC Irvine has contracted with ID Experts to provide one year of FraudStop credit monitoring and one year of CyberScan Internet monitoring for those affected. To enroll visit www.idexpertscorp.com/protect and use the code provided in the letter sent to those affected or call 1-877-810-8083.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 14, 2014 Paytime
Mechanicsburg, Pennsylvania
BSF HACK

233,000

Paytime issued notices to its customers about a data breach that it discovered on April 30.

According to recent reports, the breach has affected approximately 233,000 individuals in every state, although the majority were in Pennsylvania. The information could have included "employees' names, Social Security Numbers, direct deposit bank account information (if provided), dates of birth, hire dates, wage information, home and cell phone numbers, other payroll related information and home addresses".

The investigation so far has uncovered "intruders were skilled hackers working from foreign IP addresses."

 

 
Information Source:
Media
records from this breach used in our total: 233,000

May 9, 2014 Baylor Regional Medical Center
Dallas, Texas
MED HACK

1981

Baylor Regional Medical Center at Plano communicated to patients a data breach that occured when a "phishing" email went out to affiliated physicians. The physicians may have been unaware that is was a "phishing" scam and inadvertently created unauthorized access to their email accounts.

The email accounts may have included emails that contained patient information, including names, addresses, dates of birth, or telephone numbers, some clinical information such as treating physician, department, diagnosis, treatment received, medical record number, medications, medical service code or health insurance information and Social Security numbers.

 
Information Source:
Media
records from this breach used in our total: 1,981

May 8, 2014 Boulder Community Health
Boulder, Colorado
MED PHYS

16

Boulder Community Health is investigating another data breach of their facility. It has been reported this is the third such incident for this facility since 2008.

Nine people have claimed that they had their records stolen and hard copies mailed to them. Two of these individuals said that there was a letter in theirs that stated their records were mailed “to demonstrate the easy access the hospital and their partners provide to some with bad motives.”

There is an ongoing investigation to understand the extent of the breach. "The hospital — previously known as Boulder Community Hospital until a name change last month — is asking anyone else who thinks their records might have been stolen to call its legal office at 303-440-2342 ".

UPDATE (5/12/2014): Seven more patients have claimed that an anonymous source has sent them copies of their medical records in the mail. It is still unclear as to whether the souce is taking the medical records from inside of the hospital or from somewhere outside of the hospital. The breach is still under investigation.

 

 
Information Source:
Media
records from this breach used in our total: 0

May 7, 2014 Green's Accounting
Greenfield, California
BSF STAT

Unknown

The office of Brent Green, CPA was burglarized on April 6, 2014 where the burglars took a network server computer and hard drives containing personal information of their clients. Their server was unencrypted and contained Social Security numbers, names, and addresses of both individuals and their independents.

For additional information or questions, those affected are asked to call Brent Green at 831-64-5562.

 
Information Source:
records from this breach used in our total: 0

May 7, 2014 Gingerbread Shed Corporation
Tempe, Arizona
BSR HACK

Unknown

Gingerbread Shed Corporation notified customers of unauthorized access to their system that compromised the personal data of its customers. The information included names, addresses, phone numbers, email addresses, credit card information, user names and passwords for website accounts.

The company has established a confidential phone line for those affected that have questions 1-866-597-8199 and use reference # 5474042814.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 6, 2014 California Department of Child Support Services
Rancho Cordova, California
GOV PHYS

Unknown

The California Department of Child Support Services has notified individuals of a data breach that resulted in unauthorized disclosure of personal information. On April 7, 2014 letters from the Solano County Department of Child Support Services were misplaced while in the custody of a contracted courier who was transporting mail to the US Post Office.

Those affected are asked to call the Department of Child Support Services at 1-866-901-3212.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 6, 2014 Molina Healthcare
Long Beach, California
MED PHYS

5,000

Molina Healthcare has communicated to former members about a data breach that included their Social Security numbers.

Molina said it contracted with a printing company to print postcards that contained information about benefits offered. Unfortunately the postcards did not contain names of the individuals, but addresses and Social Security numbers of the individual.

 

 

 
Information Source:
Media
records from this breach used in our total: 5,000

May 5, 2014 ground (ctrl)
Sacramento, California
BSO HACK

Unknown

ground(ctrl) operates social networking community websites focused on musicians, informed customers of a data breach to their website. The information breached included e-mail addresses and passwords. The company did inform customers that their credit card information was never stored with them and was not at risk.

For those affected, the company is recommending that usernames and passwords be changed. For questions individuals can call 1-877-463-2875 or via email at security@groundctrl.com.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 5, 2014 UMASS Memorial Medical Center (UMMMC)
Worcester, Massachusetts
MED INSD

2,400

UMass Memorial Medical Center informed patients of a data breach that occurred when a former employee stole personal information from the medical centers files.

The information stolen included names, dates of birth, Social Security numbers and addresses. The former employee had access to this information from May 6, 2002 to March 4, 2014. Investigators believe that this individual stole the information in order to open credit card and cell phone accounts.

 
Information Source:
Media
records from this breach used in our total: 2,400

May 1, 2014 JCM Partners LLC
Suwanee, Georgia
BSO HACK

Uknown

JCM Partners informed customers of a data breach that occured when a file containing personal information of housing applicants was taken from a JCM database and posted on an unauthorized website. An internal investigation was launched.

The information in the file included Social Security numbers, driver's license numbers, email addresses and mailing addresses.

The company is providing 12 months of AllClear Secure and those affected are automatically eligible and can call 1-877-979-2595.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 30, 2014 Boomerang Tags.com
Pismo Beach, California
BSR HACK

Unknown

Boomerand Tags.com notified customers of a data breach to their online website. The company released a letter to customers stating that hackers installed some form of malware onto the server that manages their website. The motivation of the hackers appears to be to gain the credit card information of the individual. Individuals financial information may have been exposed from July 4, 2013 through February 18, 2014.

Any further questions for those who may have been affected they can email the company at http://www.boomerangtags.com/page.php?c=contact#email_form

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 28, 2014 AOL
New York, New York
BSO HACK

Unknown

AOL has sent a message to millions of its account holders of a data breach to their system urging them to change their usernames and passwords. AOL won't confirm an exact number but it appears to be approximately 2 percent of its accounts.

AOL noticed the attack when a significant amount of spam began appearing from spoofed emails from AOL account holders email addresses.

 
Information Source:
Media
records from this breach used in our total: 0

April 28, 2014 Seton Northwest Hospital
Austin, Texas
MED INSD

180

A computer-like device was stolen from Seton Northwest Hospital that is used in the sleep lab. The device according to the hospital, is a Hewlett Packard desktop device that is used to capture and manipulate data from sleep studies. "It does not function like a normal computer. The operator would need a password and access to Seton systems to get a hold of patient data". Reportedly the data consists of names, dates of birth and Seton account numbers.

The device was stored inside a locked storage area at Seton Northwest Hospital, where the device was stolen.

In response Seton Healthcare sent the following statement:

"But to be safe, Seton already has offered, at no cost to patients, ID protection for a year to all the 180 or so patients whose information we believe is on this data storage device. Seton is sincerely sorry that this incident occurred and plans to work closely with the patients involved to protect them from harm."

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

April 25, 2014 Willis North America Inc.
Nashville, Tennessee
BSO DISC

Unknown

Willis North America Inc, informed customers that on "March 19, 2014 an email was sent internally to a group of current Willis Associates who were enrolled in the medical Plan's Healthy Rewards Program". The original email sent out to customers was as a reminder for a special program through their company, however the individual who sent the email "accidentally attached a spreadsheet to the email that was not meant to be included".

The information on the spreadsheet included names, email addresses, dates of birth, social security numbers, employee ID numbers, and office locations by city/state/zip, Wellness credits, an individuals credit status codes, insurance coverage codes, internal codes for plan geographic region and type of reward applicable, last effective date of medical plan elections, election selections, original and last start dates, and when medical plan coverages began.

The spreadsheet did not include any information that revealed health conditions, health treatments or health claims, or personal health information regarding spouses or dependents.

The company has arranged for two years of identity theft protection at no charge. Those affected can find the information at www.trustedid.com/enhanced-identity-theft-protection. To register to to www.trustedid.com/willis and enter the activation code WNAIDE0314 OR CALL 1-888-880-0761.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

April 22, 2014 NCO Financial Systems Inc.
Horsham, Pennsylvania
BSF DISC

Unknown

NCO Financial Systems Inc. informed customers of a data breach when their third party communication vendor, RevSpring, Inc. sent an email to a number of loan customers that mistakenly included an attachment that contained loan statements. The information on these statements included names, addresses, Social Security numbers, and account numbers.

The company is offering 12 months free of ProtectMyID through Experian. A letter with a code went out to those individuals affected. Those with questions are asked to call 1-866-274-43711-866-274-4371.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 22, 2014 Snelling Staffing LLC
Dallas, Texas
BSO DISC

Unknown

Snelling Staffing LLC informed current and previous employees of a data breach that exposed personal information to others via the Internet due to an installation error of a cloud based server at the home of a former Snelling employee, on January 24, 2014.

The information exposed included Social Security numbers, driver's license numbers, dates of birth, home addresses, medical information, alleged criminal activity and/or drug test results.

The company did discover that breach and shut down access to the information within the same day.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 22, 2014 Iowa State University
Ames, Iowa
EDU HACK

29,780

Iowa State University has reported a data breach of one of their systems that exposed a large amount of data of individuals who were enrolled in the university over the past 17-year period.

Social Security numbers of approximately 30,000 people who enrolled in certain classes between 1995 and 2012 along with university ID numbers for nearly 19,000 additional people. Authorities believe that the person or persons motivation was apparently to generate enough computing power to create the virtual currency bitcoin.

The university is offering AllClear ID for 12 months free for those whose Social Security numbers were affected. AllClear representatives can be reached at 1-877-403-02811-877-403-0281.

Here is the link to the universities information regarding the breach http://www.news.iastate.edu/news/2014/04/22/serverbreach

For those who suspect fraud or question whether a request you receive is legitimate, please contact the ISU Foundation at 515-294-4607515-294-4607, the ISU Alumni Association at 515-294-6525515-294-6525, or Iowa State’s computer security team at serverbreach@iastate.edu.

 
Information Source:
Media
records from this breach used in our total: 29,780

April 18, 2014 University Pittsburgh Medical Center
Pittsburgh, Pennsylvania
MED HACK

27000

The University Pittsburgh Medical Center (UPMC) informed employees of a data breach that compromised employee's personal data, including their Social Security number and  the potential for fraudulent tax returns being filed in their name.

The number of employees affected was approximately 800. The full extent of the information exposed has not been communicated, however, due to the tax fraud, information such as names, addresses and Social Security numbers were assumed to be involved.

UPMC was aware of the breach in February and thought that the breach included only 27 individuals, but soon became aware that the breach was much larger. An investigation is currently being conducted.

UPDATE (4/21/2014): The extent of the data breach at UPMC thought to be around 800 employees, is much more extensive than originally believed. The current numbers are around 27,000 employees affected. UPMC is offering Lifelock for 12 months for those affected. A letter went out to those individuals with the information. For additional questions, UPMC has provided a toll free hotline (1-855-306-8274) or email JohnHouston@upmc.edu. A class action lawsuit has been filed against UPMC.

UPDATE (5/14/2014): On Friday May 9, 2014 the law firm of Kraemer, Manes & Associates sued University Pittsburgh Medical Center (UPMC) and Ultimate Software Group of Weston, Fla., over the loss of employee data and subsequent identity thefts. They are seeking class-action status in U.S. District Court, and would represent current and former UPMC employees who have been affected by the breach.

 
Information Source:
Media
records from this breach used in our total: 27,000

April 17, 2014 Aaron Brothers
Coppell, Texas
BSR HACK

400,000

Aaron Brothers, a division of Michaels Stores Inc. appears to been a part of the data breach of Michaels Stores Inc. The company confirmed on Thursday April 17, 2014 that the payment system breach also affected its Aaron Brothers chain. Approximately 400,000 cards were potentially breached from June 26, 2013 through February 27, 2014.

 
Information Source:
Media
records from this breach used in our total: 400,000

April 14, 2014 Wilshire Mutual Funds
Kansas City, Missouri
BSF DISC

Unknown

Wilshire Mutual Funds informed customers of a data breach that took place on March 13, 2014. It was brought to the company's attention that a copy of individuals 1099-Div tax form was sent by fax to an incorrect shareholders in error.

The information contained on the 1099-Div form included registered owner's names, the registration of the mutual fund account, the addresses of record, the last 4 digits of the Social Security numbers, the fund and account numbers assigned in their recordkeeping system, the taxable amounts, and the Payer's (Wilshire Equity Fund) Federal ID number.

Those affected with questions are asked to call 1-866-591-15681-866-591-1568 or to send written correspondence to P.O. Box 219512, Kansas City, MO 64121-9512 or by overnight mail to 430 W. 7th Street, Kansas City, MO 64105.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

April 11, 2014 Veterans Of Foreign Wars Of The United States
Kansas City, Missouri
NGO HACK

55,000

The office of The Veterans Of Foreign Wars Of The United States notified members that an unauthorized party accessed VFW's webserver through the use of a trojan and malicious code. The hacker, thought to be in China, was able to download tables containing the names, addresses, Social Security numbers of approximately 55,000 VFW members.

The motivation of the hacker, according to IT experts, was to gain access to information regarding military plans or contracts and not for purposes of identity theft, although they have not ruled that out.

VFW is providing 12 months free of AllClearID. Members can call 1-855-398-6437 with any questions. A security code must be provided and was provided in the letter sent to those affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 55,000

April 11, 2014 LaCie USA
Tigard, Oregon
BSR HACK

Unknown

LaCie USA was informed by the FBI that they had found indications that an unauthorized person used malware to gain access to information from customer transactions that were made through LaCie's website.  Reportedly, the transactions that may have been affected happened from March 27, 2013 through March 10, 2014.

The information breached included names, addresses, payment card numbers and card expiration dates. Also included could be an individuals LaCie username and password to access the website.

For those affected they are asked to call Monday through Friday from 9:00 a.m through 7:00 p.m EDT (eastern time).

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 11, 2014 University Urology, P.C.
Knoxville, Tennessee
MED PHYS

1,144

University Urology P.C of Knoxville Tennessee informed patients of a data breach regarding their personal information. According to the practice, the information was limited to names and addresses and that no Social Security numbers, financial account information or clinical information was exposed.

According to a statment by the facility, an administrative assistant had compiled the data in an effort to sell it to a competing provider, helping them gain patient business. Patients contacted University Urology to let them know that the competing provider had been soliciting their business.

 
Information Source:
Media
records from this breach used in our total: 0

April 9, 2014 Clinical Reference Laboratory
Lenexa, Kansas
MED PHYS

Unknown

Clinical Reference Laboratory, Inc. notified individuals of a breach regarding their personal information. On or around February 6, 2014 Clinical Reference Laboratory (CRL) sent a packet of invoices via the United States Postal Service to Nationwide Insurance for services performed. The package was damaged when it arrived at the USPS facility and some of the invoice pages were missing.

The information in these missing pages included names, dates of birth, the last 4 digits of individuals Social Security number and the type of lab tests conducted.

The company has arranged a free one year subscription through Equifax Personal Solutions.

For those affected with questions they can call CRL at 1-855-758-75431-855-758-7543 or disclosurehelp@crlcorp.com.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

Breach Total
868,045,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,351 DATA BREACHES made public since 2005
Showing 51-100 of 4351 results


X

Sign In!

Loading