Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
930,526,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,427 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
August 15, 2014 Supervalue
Eden Prairie, Minnesota
BSO HACK

Unknown

Supervalu, which operates 3,763 outlets, both corporate and franchised stores, has reported a data breach in their point-of-sale system which affected some of its retail food stores, along with several of its stand-alone liquor stores. The information compromised includes account numbers and other information on customer payment cards used at the point-of-sale systems. The data breach occurred from June 22, 2014 through July 17, 2014 according to company spokesperson. The retail grocery chain has notified authorities and the breach is currently under investigation.

 

More Information: http://www.cnbc.com/id/101922584# 

 
Information Source:
Media
records from this breach used in our total: 0

August 12, 2014 Freedom Management Group, LLC dba The Natural
Hauppauge, New York
BSR HACK

Unknown

The Natural, an online store, notified customers of a data breach to their system when an unauthorized party accessed customer payment card data. The unauthorized access occurred from 4/22/2014 to 7/17/2014.

The information accessed included customer credit and debit card numbers, expiratin dates, names, addresses, and phone numbers, account numbers, and passwords.

The company has recommended that those affected change their online passwords to their online account. The company is offering AllClear ID at no cost for 12 months. For those affected they may contact the AllClear ID team at 1-877-615-3771.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 12, 2014 Orthopaedic Specialty Institute Medical Group
Orange, California
MED PHYS

49,000

Orthopaedic Specialty Institute Medical Group has reported a data breach when it was discovered that 742 boxes of patient X-rays were stolen from an Iron Mountain Record Management storage facility. After an investigation by the authorities, it was discovered that two Iron Mountain Record Management employees stole the files and melted them down for the silver.

The information in the records, which are 10 to 15 years old,  and could have included patient names, birth dates and medical record numbers.

For those who might have been affected they can call the medical group at 1-714-937-48251-714-937-4825 .

 

More Information: http://www.ocregister.com/articles/medical-631456-rays-group.html

 
Information Source:
Media
records from this breach used in our total: 0

August 7, 2014 University California Santa Barbara
Santa Barbara, California
EDU HACK

Unknown

The University California Santa Barbara has notified unauthorized access to some archival payroll data that included names, social security numbers and direct deposit banking information.

The University has contracted with ID Experts to provide free credit monitoring service, and insurance for identity theft restoration.

If you need assistance enrolling or have additional questions, the University is requesting individuals call the UCSB / ID Experts team at 1-877-919-9184, between the hours of 6:00 am and 6:00 pm Pacific Time.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 7, 2014 Anderson & Murison
Los Angeles, California
BSF DISC

Unknown

Anderson & Murison, a wholesale insurance broker, notified individuals of a data breach when individual retail insurance agents applied for personal umbrella insurance policies for their customers via Anderson & Murison's online umbrella rating system.

When the retail agents requested an estimate through this online system, specific information regarding their customers was necessary to obtain the quote/estimate. Information such as first and last names, addresses, policy dates, policy numbers, premium costs, policy amounts, types of policies, dates of birth, all real estate owned and addresses, types of automobiles, other motorized equipment such as watercraft, occupations of both individuals and spouses, employer names and addresses, general information such as traffic violations, etc.

The company is offering identity theft protection through Kroll for one year at no cost.  Those affected can call 1-844-263-8605.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 7, 2014 San Mateo Medical Center
San Mateo, California
MED INSD

Unknown

San Mateo Medical Center (SMMC) notified individuals of a potential data breach when the facility discovered that an employee who was hired in the payroll unit of the facility failed to disclose a prior conviction for identity theft.

The employee was terminated immediately, but the individual had access to SMMC employee information including names, contact information, Social Security numbers and dates of birth.

The facility reported that they found "no evidence indicating that the employee misused confidential information from SMMC employee records".

SMMC has engaged Kroll to provide identity theft protection for one year at no cost. For those affected they can contact the county at 1-844-530-4127 from 6:00 a.m. to 3:00 p.m. PDT.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 5, 2014 Vibram
Concord, Massachusetts
BSR HACK

Uknown

Vibrum USA Inc had notified customers of a data breach in their online ordering system. The compay contracts with a third party web hosting provider vibramfivefinger.com whose systems were compromised when an unauthorized party accessed their system that manages online transactions and inserted malicious code.

The information that may have been compromised included credit card numbers.

The company has set up credit monitoring services through Experian. Those affected can call 1-877-371-7902

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 5, 2014 Russian hacking discovered by Hold Security
Unknown, Wisconsin
BSO HACK

1 billion

"A gang of Russian hackers has amassed over 1 billion username and password combinations and more than 500 million email addresses, a security firm reported late Tuesday, calling it the largest-ever haul of stolen Internet credentials.

The massive trove — stolen from hundreds of thousands of websites — was discovered by the Milwaukee firm Hold Security, according to a post on its website".

According to reports by Hold Security,  it took over seven months to identify the gang, "whom the firm dubbed CyberVor, or cyber-thief in Russian".

 

It appears that no payment card information or Social Security numbers were threatened.

PRC will provide updates as the story unfolds.

 

 

*note: state location provided is that of Hold Security LLC.

 
Information Source:
Media
records from this breach used in our total: 0

July 31, 2014 Recreational Equipment Inc. (REI)
Kent, Washington
BSR HACK

Unknown

On July 23, REI discovered that a third-party may have accessed REI customer accounts without authorization obtaining email addresses and passwords.

For those affected who have further questions about this incident, please contact them at privacy@rei.com or 1-800-426-48401-800-426-4840 Monday through Sunday 4 a.m. to 11 p.m. Pacific Time.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 30, 2014 CVS/Caremark
Atlanta, Georgia
BSR DISC

350

As reported by a local news station in Atlanta Georgia reported a breach by CVS/Caremark when a mailing went out to CVS Caremark customers offering a switch to a 90-day prescription supply.

Unfortunately the mailings went out to the wrong addresses. "CVS Caremark is in the process of notifying the affected members that due to a programming error, letters intended for fewer than 350 plan members were sent to incorrect addresses".
 
The company said they sent the mailings July 15 and fixed the error after getting complaints. The information exposed were individual names, addresses and what prescriptions the individuals were on.

 
Information Source:
Media
records from this breach used in our total: 0

July 30, 2014 Rite Aid Pharmacy
Milton, Washington
BSR PHYS
521

Rite Aid Pharmacy in Milton Washington notified customer of a data breach, when someone stole a" stack of expired prescription records from a Rite Aid pharmacy in Milton, the company announced Wednesday".

"The records did not contain Social Security numbers or credit card numbers, and there has been no sign of resulting identity theft", spokeswoman Ashley Flower said.

The theft occurred on June 30 when a burglar entered a back room where the records were stored.

"Flower said 521 customers were notified of the theft via mail. She did not know how many records were stolen. The affected customers were offered a free identity theft consultation".

Those who were affected can contact Kroll Inc. at 855-269-6547 or Rite Aid at 800-RITE-AID.


Read more here: http://www.thenewstribune.com/2014/07/30/3309632/expired-prescription-records-stolen.html#storylink=cpy

 
Information Source:
Media
records from this breach used in our total: 0

July 30, 2014 Lasko Group, Inc.
West Chester, Pennsylvania
BSR HACK

Unknown

Lasko Group Inc. announced a data breach of customers who purchased on-line parts from them and Air King America Inc. Both companies were the victims of "phishing" emails from an unknown third party. These fraudulent emails led to unauthorized access to their computer network. 

Information breached included names, email addresses, phone numbers, credit card numbers, and credit card expiration dates.

The company is offering AllClearID protect your identity for one year at no cost to those affected. For those who are affected they can sign-up by calling 1-866-979-2595 or at enroll.allclearid.com. The company has also established a confidential assistance line for questions or concerns at 1-877-218-0052 from 9:00 a.m. to 7:00 p.m. EST.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 29, 2014 Northern Trust Company
Chicago, Illinois
BSO DISC

Unknown

The Northern Trust Company communicated a data breach to customers that involved their personal information. Northern Trust Company "provides or previously provided payment services for an employee benefits plan or program in which you participate or participated through. In that capacity, Northern Trust is responsible for maintaining certain personal information about you as a participant of that plan. Regrettably, we are writing to inform you about an inadvertent disclosure by Northern Trust of some of that information".

"As part of normal procedures, Northern Trust sends participant information to record-keeping companies that assist in administering those benefit plans and programs. In late May, a Northern Trust employee transmitted a file containing your information to one of our record-keeping companies that was not responsible for the plan in which you participate (d). The information included your name, address, Social Security number, and benefits plan or program account number, as well as other information about your benefits plan or program account, such as your payment /deduction amounts and, in some situations, bank routing and account numbers used for direct deposits".

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 28, 2014 Backcountry Gear
Eugene, Oregon
BSR HACK

Unknown

Backcountry Gear notified customers of a data breach with a server that handles credit card information. The company discovered malware that was put onto their server that was able to gain customer names, addresses, purchase information, and credit card/debit card information.

The company has stated they do not collect pin numbers or bank account numbers in a transaction so those would not have been compromised in the breach.

For those who were affected and have questions can call 1-800-953-5499 ext. 5 or email at data@backcountrygear.com.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 23, 2014 Wall Street Journal
New York, New York
BSO HACK

Uknown

The Wall Street Journal was compromised by a Russian hacker who posted images of a list of user accounts claiming they were from the Wall Street Journal. The Wall Street Journal claimed they had an intrusion but that no data was affected.

The information has yet to be confirmed that it was from the Wall Street Journal, however the same type of intrusion was recently confirmed when this same hacker claimed an intrusion to CNET.

 
Information Source:
Media
records from this breach used in our total: 0

July 22, 2014 Vice.com
Brooklyn, New York
BSO HACK

Unknown

Reportedly a "Russian hacker group known as W0rm tweeted, along with screenshots, that it had hacked popular news, arts and culture site Vice.com and The Wall Street Journal website, and would sell each stolen database for Bitcoin."

The company has communicated that a hacker was able to access a list of Vice.com CMS users. This list included email addresses and hashed passwords. The company communicated that they since have patched the vulnerablity.

 
Information Source:
Media
records from this breach used in our total: 0

July 21, 2014 Dominion Resources Inc.
Richmond, Virginia
BSO HACK

1,700

Personal information of more than 1,700 people at Dominion Resources Inc. were compromised when unauthorized parties hacked the employee wellness plan. The hacker gained access via a subcontractor's system, StayWell Health Management LLC who runs Dominions "Well on Your Way" program which includes a health screening, to gain the information hacked.

The hacking actually occurred at a vendor Stay Well uses, Onsite Health Diagnostics, based in Irvine, Texas, that provideds the sign-up mechanism for "Well on Your Way's" health-screening appointments.

The information included individuals' names, addresses, email addresses, phone numbers, gender and dates of birth of employees, spouses and domestic partners who went online to schedul a health-screening appointment going back to 2012.

"Dominion Resources said the company was notified of the breach on June 24 but didn't learn the identities of those affected until July 7th. Dominion Resources is investigating why it took so long for the company to be notified. They are no longer using Onsite Health Diagnostics for scheduling".

 
Information Source:
Media
records from this breach used in our total: 0

July 18, 2014 Penn Medicine Rittenhouse
Philadelphia, Pennsylvania
MED PHYS

661

Penn Medicine had to announce a data breach involving receipts that were stolen last month from a locked office in Pennsylvania Hospital.

The information on the receipts included combinations of patient names, dates of birth and the last four digits of credit card numbers.

 
Information Source:
Media
records from this breach used in our total: 0

July 17, 2014 Total Bank
Miami, Florida
BSF HACK

72,500

Total Bank,  a subsidiary of Banco Popular that has 21 locations in South Florida, is notifying 72,500 customers that their account information was potentially exposed after an unauthorized third party gained access to the bank's computer network.

Information obtained by this unauthorized third party included names, addresses, account numbers, account balances, Social Security numbers and driver's license numbers.

The bank is offering 12 months free of credit monitoring services for those that were affected.

 
Information Source:
Media
records from this breach used in our total: 72,500

July 17, 2014 Bank of America
Baltimore, Maryland
BSF DISC

Unknown

Aon Hewitt, a human resources benefits service provider for Bank of America, was made aware that a vendor's former employee (Hexaware) sent a copy of certain files and inadvertently uploaded them to an FTP site.

The file contained names and Social Security numbers.

 

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 0

July 17, 2014 Freshology
Burbank, California
BSR HACK

Unknown

Only July 1, 2014 Freshology was performing a routine review of its Internet website and discovered unauthorized code. This code may have compromised billing names, addresses and credit/debit card information of customers.

 

 
Information Source:
New Hampshire Attorney General
records from this breach used in our total: 0

July 16, 2014 Central City Concern
Portland, Oregon
NGO DISC

15

Central City Concern in Oregon suffered a data breach when an unauthorized access resulted in the breach of clients data.

"On April 2, 2014, a federal law enforcement official notified Central City Concern that a former Central City Concern employee has been accused of improperly copying information from approximately 15 Central City Concern clients from its Employment Access Center (EAC) program with the intent of processing fraudulent tax returns in their names".

The information breached included names, dates of birth, Social Security numbers, addresses, and health information of EAC clients.

Client inquiries regarding this incident may be directed to 866-778-1144866-778-1144, Monday through Friday from 6:00 AM to 6:00 PM Pacific Time. 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 15

July 16, 2014 Bay Area Pain Medical Associates
Sausalito, California
MED STAT

2,780

Bay Area Pain Medical Associates have notified patients of a data breach when several of their desktop computers were stolen.

There were approximately 2,780 patients first and last names, number of years the patients had been seen at their practice. The are reporting that the computer data was encrypted and inaccessible, there was an Excel spreadsheet that containing this information that could have possibly been accessed. No Social Security numbers, dates of birth, financial information, contact information or medical information was exposed.

The facility is offering 12 months free of AllClearID. Those affected can call 1-877-579-2269.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 16, 2014 Apple Valley Christian Care Center
Apple Valley, California
MED DISC

500

Apple Valley Christian Care Center has notified individuals of a security breach of their system when a "technical glitch" occurred. The center communicated that the compromised data varied greatly.

The information included Social Security numbers, dates of birth, home addresses, dates of stays, Medi-Cal ID numbers, Medicare ID numbers, and/or other insurance information such as Medi-Cal appeals, diagnosis codes, treatment information and medical history.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 500

July 16, 2014 Douglas County School District
Castle Rock, Colorado
EDU PORT

Unknown

Douglas County School District notified employees of a data breach of their personal information when a laptop containing their personal information was stolen.

In a letter sent to district employees, the district stated that the stolen computer contained some workers' Social Security numbers and bank account information.

The district is currently investigating the breach.

 
Information Source:
Media
records from this breach used in our total: 0

July 15, 2014 Atlantic Automotive Corporation/dba One Mile Automotive
Towson, Maryland
BSO HACK

Unknown

One Mile Automotive is notifying customers of a data breach of one of their third party vendors, Trade Motion who operates automobile websites and has notified One Mile Automotive that this breach could have included personal information of some of its customers.

The information included names, addresses, email addreasses, telephone numbers, credit card information.

Those who are affected should call 1-855-505-2774.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 15, 2014 City of Encinitas/San Dieguito Water District
Encinitas, California
GOV DISC

Unknown

"City of Encinitas and San Dieguito Water District recently were made aware that a Cal-PERS payment document containing Social Security numbers with corresponding employee and former employee names had inadvertently been made accessible to the public on the City’s website on or about May 13, 2014 to July 3, 2014. Based on our research, we found the exposure has been limited to (16) people that accessed the document during that period."

The document contained information of employees and former employees who were enrolled in Cal-PERS during the following timeframes:

City of Encinitas–July 1993-October 2011

City of Encinitas Fire Safety/Fire Protection District–July 1986–October 2011

San Dieguito Water District-July 1989–October 2011

The city of Encinitas is offering 1 year free membership of Protect MyID Alert from Consumer Info.com by Experian.

For those affected with questions contact Courtney Barrett at 760-633-2631 or Jace Schwarm at 760-633-2636.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 15, 2014 Bank of The West
San Francisco, California
BSF HACK

Unknown

Bank of The West notified customers of an email scam that involved two employees' remote bank email login credentials being compromised. As a result of this unauthorized access, customer information could be at risk.

The information includes names, account numbers, loan numbers, Social Security numbers.

The bank is offering one year free of First Watch ID for those affected. For those with questions regarding the service they can call 1-866-310-7373 or 1-800-488-2265.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 14, 2014 Orangeburg-Calhoun Technical College
Orangeburg, South Carolina
EDU PORT

20,000

"Orangeburg-Calhoun Technical College in South Carolina is notifying 20,000 former and current students and faculty members that an unencrypted laptop computer stolen this month from a staff member's office contained their personal information."

The information contained on the laptops included names, birth dates and Social Security numbers of individuals.

The college stated that the information goes back 6 or 7 years and that they believe the thief was after the hardware, not the data stored on it. The college neglected to comment on whether or not they are providing credit monitoring services for those affected.

 
Information Source:
Media
records from this breach used in our total: 20,000

July 14, 2014 Goodwill Industries International Inc.
Rockville, Maryland
BSR HACK

868,000

Financial institutions are tracking what appears to be fraudulent activity at numerous Goodwill retail stores. The fraudulent activity involves credit card breaches and that the compromised credit cards appear to have started at Goodwill stores across the country. The credit card information is then showing up at other retail establishments, similar to the breaches that occurred at Target, Neiman Marcus, P.F. Changs, etc.

“Goodwill Industries International was contacted last Friday afternoon by a payment card industry fraud investigative unit and federal authorities informing us that select U.S. store locations may have been the victims of possible theft of payment card numbers,” the company wrote in an email. 

“Investigators are currently reviewing available information,” the statement continued. “At this point, no breach has been confirmed but an investigation is underway. Goodwills across the country take the data of consumers seriously and their community well-being is our number one concern. Goodwill Industries International is working with industry contacts and the federal authorities on the investigation. We will remain appraised of the situation and will work proactively with any individual local Goodwill involved taking appropriate actions if a data compromise is uncovered.”

Goodwill Industries stated they learned of the potential breach on July 18th and is working with federal investigators to determine if the breach is legitimate and if legitimate. how many stores were affected.

UPDATE (9/10/2014): Goodwill Industries announced that the data breach they suffered is linked to a third party vendor. 

"Goodwill said a forensic investigation had found that a third-party vendor's systems had been attacked by malware, providing the attackers with access to the credit card data of several of that vendor's customers intermittently between February 10, 2013 and August 14, 2014".

According to Goodwill, 330 Goodwill stores in 20 states were affected. Forbes reported that 868,000 individuals were affected.

More Information: http://www.esecurityplanet.com/network-security/goodwill-data-breach-lin...

 

 
Information Source:
Krebs On Security
records from this breach used in our total: 868,000

July 14, 2014 CNET
New York, New York
BSO HACK

Unknown

Russian hackers infiltrated servers of CNET by the name of W0rm and the Twitter handle @rev-priv8, who "posted an image of remote access to a CNET.com server, with a screenshot of a shell proving a compromise of the site".

CNET would not comment on the nature of the attack or what information was compromised, they have just communicated that they have fixed the problem.

"The image posted on Twitter would indicate the hacker could access and upload files to the website. It's pretty difficult to say how they did it, though. One source suggested it was likely a content management system breach - something like a WordPress or Joomla exploit".

 
Information Source:
Media
records from this breach used in our total: 0

July 11, 2014 Boeing
Seattle, Washington
BSO HACK

Unknown

"Federal prosecutors have charged the owner of a Chinese aviation firm with trying to steal data about U.S. military aircraft by hacking into the computer networks of Boeing and other U.S. companies, according to a federal complaint unsealed in Los Angeles this week.

According to authorities, the individuals allegedly stole information on  Boeing’s C-17 transport plane. Evidence shows that the Chinese hackers obtained large amounts of data on dozens of  military projects.

 
Information Source:
Media
records from this breach used in our total: 0

July 11, 2014 Lockheed Martin
Fortworth, Texas
BSO HACK

Unknown

"Federal prosecutors have charged the owner of a Chinese aviation firm with trying to steal data about U.S. military aircraft by hacking into the computer networks of Lockheed Martin and other U.S. companies, according to a federal complaint unsealed in Los Angeles this week".

Allegedly, the Chinese hackers stole information about Lockheed’s F-22 and F-35 fighter jets.  Large amount of data were stolen on a dozen U.S military projects.

 
Information Source:
Media
records from this breach used in our total: 0

July 11, 2014 University of Illinois, Chicago
Chicago, Illinois
EDU HACK

Unknown

The University Illinois Chicago (UIC) notified former students of a data breach to their system that included the exposure of personal data.

"A website security breach made two College of Business Administration documents from the 2002 spring semester accessible — a roster from a Special Topics in Accounting course and an advising list for all junior and senior accounting majors, according to a statement from the university".

Personal information was exposed, including Social Security numbers. The university has not stated how many students were affected, and the breach is currently under investigation.

 
Information Source:
Media
records from this breach used in our total: 0

July 10, 2014 University Development and Alumni Relations at the Penn State College of Medicine
Philadelphia, Pennsylvania
EDU HACK

1,176

Penn State has notified 1,176 individuals that a data breach of their personal information had been breached.  The Office of University Development and Alumni Relations at the Penn State College of Medicine was found to be "infected with malware that enabled it to communicate with an unauthorized computer outside the network".

The university used Social Security numbers as a personally identifiable number for students and these SSNs were found in an archived College of Medicine alumni list last used in 2005.

The university put out this information:

"For information about Penn State's efforts to minimize computer security risks, visit the University's Be Safe website at http://its.psu.edu/be-safe. For more detailed information about identity theft risks and prevention, visit http://www.ftc.gov/bcp/edu/microsites/idtheft/."

 

 
Information Source:
Media
records from this breach used in our total: 1,176

July 9, 2014 Office of Personnel Management
Washington, District Of Columbia
GOV HACK

Unknown

In March 2014, it has been reported that Chinese hackers broke into the computer networks of the United States government, specifically The Office of Personnel Management, which houses personal information of all federal employees. The hackers appeared to be targeting the files on "tens of thousands of employees who have applied for top-secret security clearance."

"The hackers gained access to some of the databases of the Office of Personnel Management before the federal authorities detected the threat and blocked them from the network, according to the officials. It is not yet clear how far the hackers penetrated the agency’s systems, in which applicants for security clearances list their foreign contacts, previous jobs and personal information like past drug use."

This particular hacking is unusual as the US computer systems are constantly being hacked by international hackers, but up until this point, have been stopped before any information was compromised.

Currently, officials are investigating to pinpoint exactly where these attacks came from.

 
Information Source:
Media
records from this breach used in our total: 0

July 8, 2014 Heartland Automotive/Jiffy Lube
Irving, Texas
BSO PORT

Uknown

Heartland Automotive (Jiffy Lube) has notified customers of a data breach that has occured when one of their company owned laptop was stolen with personal information on it.

The information included names, addresses, dates of birth, Social Security numbers.

The company is offering 12 months free of AllClearID. For those affected call 1-877-437-4004.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 8, 2014 The Houstonian Hotel, Club and Spa
Houston, Texas
BSO HACK

Unknown

Secret Service notified The Houstonian Hotel, Club and Spa regarding a breach to their system that houses customer credit card information.

Once the notification happened, the company launched a forensics investigation and discovered that their POS system had been accessed by an unauthorized third party from December 2013 through June 2014, and that the credit card information stored on these systems were compromised.

The company has since stopped the intrusions, but has not communicated how many individuals were affected by the breach. The company is offering 12 months free of credit monitoring services for those affected.

 
Information Source:
Media
records from this breach used in our total: 0

July 8, 2014 Aecom
Los Angles, California
BSO HACK

Unknown

Aecom has notified current and prior employees of a data breach that exposed employee personnel files. Hackers were able to penetrate their corporate network, which included the employee payroll system for the US specifically.

The information exposed inlcuded names, addresses, Social Security numbers, personal bank account numbers and routing numbers.

The company has set up 12 months of All ClearID at no cost. For those affected they can call which can be reached at 1-877-615-3770.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 8, 2014 Park Hill School District
Kansas City, Missouri
EDU INSD

Unknown

The Park Hill School District has informed current and former Park Hill students and employees of a data breach to their system. A former employee downloaded files onto a hard drive without authorization. When the employee connected it to a home network, the files went onto the Internet.

The information leaked included personnel files and Social Security numbers.

 
Information Source:
Media
records from this breach used in our total: 0

July 7, 2014 Legal Sea Foods
Boston, Massachusetts
BSO HACK

Unknown

Legal Sea Foods informed customers of a data breach that occured on June 5, 2014 that a segment of their mail order web sales and e-commerce environment, that an unauthorized person gained access to a server that contained information from mail order web customer transactions.

After an investigation, transactions made between Jaunary 1, 2014 and May 21, 2014 were potentially affected, which included transactions used with credit cards. Names, credit card numbers, card expiratin dates, and card verification values may have been breached.

The company has informed their payment processing company of the breach and the processor has been working with the credit card companies to provide them the card numbers of those affected.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

July 4, 2014 St. Vincent Breast Center
Indianapolis, Indiana
MED DISC

63,000

St. Vincent Breast Center have announced that patient's health information may have been breached after the center sent around 63,000 letters to the wrong patients. The letters included patient names, addresses and in certain references to scheduled appointments. Reportedly no Social Security numbers, financial information or clinical information.

"St.Vincent Breast Center entered into an agreement with Indianapolis Breast Center P.C. and Solis Women’s Health Breast Imaging Specialists of Indiana P.C. after they both closed last year.

On May 5, St.Vincent Breast Center mailed letters intended for prior patients of the Indianapolis Breast Center and Solis Women’s Health to inform them that St.Vincent was available to provide care. Some letters also welcomed patients who had previously scheduled healthcare services.

Officials said on May 15, people who had accidentally received another person’s letter began calling St.Vincent".

For those affected they can call 1-877-216-3862 from Monday through Friday 9:00 a.m. to 7:00 p.m.

 
Information Source:
Media
records from this breach used in our total: 0

July 3, 2014 Watermark Retirement Communities
Tuscon, Arizona
BSO PORT

Unknown

Watermark Retirement Communities Inc. informed current and former employees of the facility of a data breach when a laptop was stolen on June 13, 2014. The information on these laptops included names, addresses, telephone numbers, email addresses, dates of birth and Social Security numbers. The laptop was password protected.

For those affected they can call 1-800-597-66181-800-597-6618.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 3, 2014 Blue Shield of California/Department of Managed Healthcare
San Francisco, California
BSF DISC

18,000

The Department of Managed Health Care informed individuals of a breach concerning their personal information. Health plans regulated by the Department of Managed Health Care (DMHC) are required to provide the DMHC periodically with current rosters of the medical providers the health plans contract with.

These plans are not supposed to include confidential or personal information in the rosters because these rosters are generally public documents.

"The DMHC discovered that Blue Shield of California had inadvertently included provider Social Security numbers in the rosters Blue Shield provided to the DMHC in February, March and April, 2013". Blue Shield neglected to inform the DMHC that the information was confidential or alert the DMHC that a mistake had been made on the documentation.

The information included Social Security numbers, providers' names, business addresses, business telephone numbers, medical groups, and practice areas.

For those affected Blue Shield is offering you a free-one-year membership in Experian's ProtectMyID Alert.  For those with questions they can call 1-877-371-7902.

 
Information Source:
California Attorney General
records from this breach used in our total: 18,000

July 2, 2014 Milford Schools
Milford, Massachusetts
EDU PORT

25

Up to  25 students at Milford Schools may have had their personal information stolen due to a data breach with a third party billing service, Multi-State Billing Services, located in Somersworth, New Hampshire, when an employee's laptop was stolen from their locked vehicle in May.

The laptop was password protected but not encrypted, contained information on nearly 3,000 students from 19 school districts in Central and Eastern Massachusetts.

The information on the laptop included names, addresses, Medicaid ID numbers and Social Security numbers.

Multi-State Billing will reimburse costs related to security freezes for the next three years. Information about reimbursement can be obtained by emailing customersupport@msb-services.com or phoning (855) 285-7433(855) 285-7433  . Because the children aren't actual victims of identity theft, the credit agencies may charge up to $5 each time to place, temporarily lift or permanently remove a security freeze.

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 25

July 2, 2014 Multi-State Billing Services
Somersworth, New Hampshire
BSF PORT

3,000

Multi-State Billing Services LLC has let 19 school districts that they service, that a laptop that was stolen from an employee's locked vehicle contained records on nearly 3,000 students in 19 different school districts in Central and Eastern Massachusetts. The Central districts include Uxbridge,  Ashburnham-Westminster Regional, Milford, Northboro, Northboro-Southboro Regional, Southboro and Sutton. Information on which Eastern school districts is currently unknown.

The information on the laptop included names, addresses, Medicaid ID numbers and Social Security numbers.

Multi-State Billing will reimburse costs related to security freezes for the next three years. Information about reimbursement can be obtained by emailing customersupport@msb-services.com or phoning (855) 285-7433(855) 285-7433 . Because the children aren't actual victims of identity theft, the credit agencies may charge up to $5 each time to place, temporarily lift or permanently remove a security freeze.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 3,000

July 2, 2014 Uxbridge School District
Uxbridge, Massachusetts
EDU PORT

Unknown

Students at Uxbridge School District may have had their personal information stolen due to a data breach with a third party billing service, Multi-State Billing Services, located in Somersworth, New Hampshire, when an employee's laptop was stolen from their locked vehicle in May.

The laptop was password protected but not encrypted, contained information on nearly 3,000 students from 19 school districts in Central and Eastern Massachusetts.

The information on the laptop included names, addresses, Medicaid ID numbers and Social Security numbers.

Multi-State Billing will reimburse costs related to security freezes for the next three years. Information about reimbursement can be obtained by emailing customersupport@msb-services.com or phoning (855) 285-7433(855) 285-7433  . Because the children aren't actual victims of identity theft, the credit agencies may charge up to $5 each time to place, temporarily lift or permanently remove a security freeze.

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 2, 2014 Goldman Sachs
New York, New York
BSF DISC

Unknown

 

Goldman Sachs Group Inc warned customers of a data breach that occured when an outside contractor emailed confidential client data to a stranger's Gmail account by mistake. The bank has asked a U.S. judge to order Google Inc to delete the email to avert a "needless and massive" breach of privacy.

 

"The breach occurred on June 23 and included "highly confidential brokerage account information," Goldman said in a complaint filed last Friday in a New York state court in Manhattan".

Goldman Sachs did not say how many people were affected and are asking Google to assist in tracking down who has access to the data.

The contractor meant to email a report to a gs.com account but inadvertently sent it to a similar email address with a gmail.com account. Goldman Sachs has not been able to retrieve the report and has not received a response back by the individual who owns the gmail account.

 
Information Source:
Media
records from this breach used in our total: 0

July 1, 2014 Vermont Health Exchange
Williston, Vermont
MED HACK

Unknown

A Romanian hacker accessed the Vermont Health Exchange's development server last December gaining access at least 15 times and going undetected for a month.

"CGI Group, the tech firm hired to build Vermont Health Connect, described the risk as “high” in a report about the attack. It also found possible evidence of sophisticated “counter-forensics activity performed by the attacker to cover his/her tracks.”"

"The report says that no private consumer information was stored on the hacked server, and that CGI Group had “verified that no additional servers [that may store private data] communicated with any of the identified attacker IP addresses.”"

This individual was able to gain access to the server because the defaut password on that server was never changed (in violation of guidelines laid out in the state’s official policy) along with the fact that the access to the server was never restricted to those users who were known and authorized to be on the server.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

June 30, 2014 Butler University
Indianapolis, Indiana
EDU HACK

163,000

Butler University in Indianapolis Indiana informed students, staff and alumni of a data breach to their system. Over 160,000 individuals may have been affected when hackers may have accessed their personal information.

The university was contacted by California officials to "inform them that they had arrested an identity theft suspect who had a flash drive with Butler employee's personal information on it". In a letter sent to those affected, the university has said that "someone hacked the school's network sometime between November 2013 and May 2014".

The school officials have discovered that the information exposed included birthdates, Social Security numbers and bank account information of approximately 163,000 students, faculty and staff, alumni, and prospective students who never enrolle in classes at Butler.

The university is offering a year of free credit monitoring.

 

 
Information Source:
Media
records from this breach used in our total: 163,000

Breach Total
930,526,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,427 DATA BREACHES made public since 2005
Showing 51-100 of 4427 results


X

Sign In!

Loading