Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
872,715,019 RECORDS BREACHED
(Please see explanation about this total.)
from 4,391 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
July 9, 2014 Office of Personnel Management
Washington, District Of Columbia
GOV HACK

Unknown

In March 2014, it has been reported that Chinese hackers broke into the computer networks of the United States government, specifically The Office of Personnel Management, which houses personal information of all federal employees. The hackers appeared to be targeting the files on "tens of thousands of employees who have applied for top-secret security clearance."

"The hackers gained access to some of the databases of the Office of Personnel Management before the federal authorities detected the threat and blocked them from the network, according to the officials. It is not yet clear how far the hackers penetrated the agency’s systems, in which applicants for security clearances list their foreign contacts, previous jobs and personal information like past drug use."

This particular hacking is unusual as the US computer systems are constantly being hacked by international hackers, but up until this point, have been stopped before any information was compromised.

Currently, officials are investigating to pinpoint exactly where these attacks came from.

 
Information Source:
Media
records from this breach used in our total: 0

July 8, 2014 Heartland Automotive/Jiffy Lube
Irving, Texas
BSO PORT

Uknown

Heartland Automotive (Jiffy Lube) has notified customers of a data breach that has occured when one of their company owned laptop was stolen with personal information on it.

The information included names, addresses, dates of birth, Social Security numbers.

The company is offering 12 months free of AllClearID. For those affected call 1-877-437-4004.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 8, 2014 The Houstonian Hotel, Club and Spa
Houston, Texas
BSO HACK

Unknown

Secret Service notified The Houstonian Hotel, Club and Spa regarding a breach to their system that houses customer credit card information.

Once the notification happened, the company launched a forensics investigation and discovered that their POS system had been accessed by an unauthorized third party from December 2013 through June 2014, and that the credit card information stored on these systems were compromised.

The company has since stopped the intrusions, but has not communicated how many individuals were affected by the breach. The company is offering 12 months free of credit monitoring services for those affected.

 
Information Source:
Media
records from this breach used in our total: 0

July 8, 2014 Aecom
Los Angles, California
BSO HACK

Unknown

Aecom has notified current and prior employees of a data breach that exposed employee personnel files. Hackers were able to penetrate their corporate network, which included the employee payroll system for the US specifically.

The information exposed inlcuded names, addresses, Social Security numbers, personal bank account numbers and routing numbers.

The company has set up 12 months of All ClearID at no cost. For those affected they can call which can be reached at 1-877-615-3770.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 8, 2014 Park Hill School District
Kansas City, Missouri
EDU INSD

Unknown

The Park Hill School District has informed current and former Park Hill students and employees of a data breach to their system. A former employee downloaded files onto a hard drive without authorization. When the employee connected it to a home network, the files went onto the Internet.

The information leaked included personnel files and Social Security numbers.

 
Information Source:
Media
records from this breach used in our total: 0

July 7, 2014 Legal Sea Foods
Boston, Massachusetts
BSO HACK

Unknown

Legal Sea Foods informed customers of a data breach that occured on June 5, 2014 that a segment of their mail order web sales and e-commerce environment, that an unauthorized person gained access to a server that contained information from mail order web customer transactions.

After an investigation, transactions made between Jaunary 1, 2014 and May 21, 2014 were potentially affected, which included transactions used with credit cards. Names, credit card numbers, card expiratin dates, and card verification values may have been breached.

The company has informed their payment processing company of the breach and the processor has been working with the credit card companies to provide them the card numbers of those affected.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

July 4, 2014 St. Vincent Breast Center
Indianapolis, Indiana
MED DISC

63,000

St. Vincent Breast Center have announced that patient's health information may have been breached after the center sent around 63,000 letters to the wrong patients. The letters included patient names, addresses and in certain references to scheduled appointments. Reportedly no Social Security numbers, financial information or clinical information.

"St.Vincent Breast Center entered into an agreement with Indianapolis Breast Center P.C. and Solis Women’s Health Breast Imaging Specialists of Indiana P.C. after they both closed last year.

On May 5, St.Vincent Breast Center mailed letters intended for prior patients of the Indianapolis Breast Center and Solis Women’s Health to inform them that St.Vincent was available to provide care. Some letters also welcomed patients who had previously scheduled healthcare services.

Officials said on May 15, people who had accidentally received another person’s letter began calling St.Vincent".

For those affected they can call 1-877-216-3862 from Monday through Friday 9:00 a.m. to 7:00 p.m.

 
Information Source:
Media
records from this breach used in our total: 0

July 3, 2014 Watermark Retirement Communities
Tuscon, Arizona
BSO PORT

Unknown

Watermark Retirement Communities Inc. informed current and former employees of the facility of a data breach when a laptop was stolen on June 13, 2014. The information on these laptops included names, addresses, telephone numbers, email addresses, dates of birth and Social Security numbers. The laptop was password protected.

For those affected they can call 1-800-597-66181-800-597-6618.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 3, 2014 Blue Shield of California/Department of Managed Healthcare
San Francisco, California
BSF DISC

18,000

The Department of Managed Health Care informed individuals of a breach concerning their personal information. Health plans regulated by the Department of Managed Health Care (DMHC) are required to provide the DMHC periodically with current rosters of the medical providers the health plans contract with.

These plans are not supposed to include confidential or personal information in the rosters because these rosters are generally public documents.

"The DMHC discovered that Blue Shield of California had inadvertently included provider Social Security numbers in the rosters Blue Shield provided to the DMHC in February, March and April, 2013". Blue Shield neglected to inform the DMHC that the information was confidential or alert the DMHC that a mistake had been made on the documentation.

The information included Social Security numbers, providers' names, business addresses, business telephone numbers, medical groups, and practice areas.

For those affected Blue Shield is offering you a free-one-year membership in Experian's ProtectMyID Alert.  For those with questions they can call 1-877-371-7902.

 
Information Source:
California Attorney General
records from this breach used in our total: 18,000

July 2, 2014 Milford Schools
Milford, Massachusetts
EDU PORT

25

Up to  25 students at Milford Schools may have had their personal information stolen due to a data breach with a third party billing service, Multi-State Billing Services, located in Somersworth, New Hampshire, when an employee's laptop was stolen from their locked vehicle in May.

The laptop was password protected but not encrypted, contained information on nearly 3,000 students from 19 school districts in Central and Eastern Massachusetts.

The information on the laptop included names, addresses, Medicaid ID numbers and Social Security numbers.

Multi-State Billing will reimburse costs related to security freezes for the next three years. Information about reimbursement can be obtained by emailing customersupport@msb-services.com or phoning (855) 285-7433(855) 285-7433  . Because the children aren't actual victims of identity theft, the credit agencies may charge up to $5 each time to place, temporarily lift or permanently remove a security freeze.

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 25

July 2, 2014 Multi-State Billing Services
Somersworth, New Hampshire
BSF PORT

3,000

Multi-State Billing Services LLC has let 19 school districts that they service, that a laptop that was stolen from an employee's locked vehicle contained records on nearly 3,000 students in 19 different school districts in Central and Eastern Massachusetts. The Central districts include Uxbridge,  Ashburnham-Westminster Regional, Milford, Northboro, Northboro-Southboro Regional, Southboro and Sutton. Information on which Eastern school districts is currently unknown.

The information on the laptop included names, addresses, Medicaid ID numbers and Social Security numbers.

Multi-State Billing will reimburse costs related to security freezes for the next three years. Information about reimbursement can be obtained by emailing customersupport@msb-services.com or phoning (855) 285-7433(855) 285-7433 . Because the children aren't actual victims of identity theft, the credit agencies may charge up to $5 each time to place, temporarily lift or permanently remove a security freeze.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 3,000

July 2, 2014 Uxbridge School District
Uxbridge, Massachusetts
EDU PORT

Unknown

Students at Uxbridge School District may have had their personal information stolen due to a data breach with a third party billing service, Multi-State Billing Services, located in Somersworth, New Hampshire, when an employee's laptop was stolen from their locked vehicle in May.

The laptop was password protected but not encrypted, contained information on nearly 3,000 students from 19 school districts in Central and Eastern Massachusetts.

The information on the laptop included names, addresses, Medicaid ID numbers and Social Security numbers.

Multi-State Billing will reimburse costs related to security freezes for the next three years. Information about reimbursement can be obtained by emailing customersupport@msb-services.com or phoning (855) 285-7433(855) 285-7433  . Because the children aren't actual victims of identity theft, the credit agencies may charge up to $5 each time to place, temporarily lift or permanently remove a security freeze.

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 2, 2014 Goldman Sachs
New York, New York
BSF DISC

Unknown

 

Goldman Sachs Group Inc warned customers of a data breach that occured when an outside contractor emailed confidential client data to a stranger's Gmail account by mistake. The bank has asked a U.S. judge to order Google Inc to delete the email to avert a "needless and massive" breach of privacy.

 

"The breach occurred on June 23 and included "highly confidential brokerage account information," Goldman said in a complaint filed last Friday in a New York state court in Manhattan".

Goldman Sachs did not say how many people were affected and are asking Google to assist in tracking down who has access to the data.

The contractor meant to email a report to a gs.com account but inadvertently sent it to a similar email address with a gmail.com account. Goldman Sachs has not been able to retrieve the report and has not received a response back by the individual who owns the gmail account.

 
Information Source:
Media
records from this breach used in our total: 0

July 1, 2014 Vermont Health Exchange
Williston, Vermont
MED HACK

Unknown

A Romanian hacker accessed the Vermont Health Exchange's development server last December gaining access at least 15 times and going undetected for a month.

"CGI Group, the tech firm hired to build Vermont Health Connect, described the risk as “high” in a report about the attack. It also found possible evidence of sophisticated “counter-forensics activity performed by the attacker to cover his/her tracks.”"

"The report says that no private consumer information was stored on the hacked server, and that CGI Group had “verified that no additional servers [that may store private data] communicated with any of the identified attacker IP addresses.”"

This individual was able to gain access to the server because the defaut password on that server was never changed (in violation of guidelines laid out in the state’s official policy) along with the fact that the access to the server was never restricted to those users who were known and authorized to be on the server.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

June 30, 2014 Butler University
Indianapolis, Indiana
EDU HACK

163,000

Butler University in Indianapolis Indiana informed students, staff and alumni of a data breach to their system. Over 160,000 individuals may have been affected when hackers may have accessed their personal information.

The university was contacted by California officials to "inform them that they had arrested an identity theft suspect who had a flash drive with Butler employee's personal information on it". In a letter sent to those affected, the university has said that "someone hacked the school's network sometime between November 2013 and May 2014".

The school officials have discovered that the information exposed included birthdates, Social Security numbers and bank account information of approximately 163,000 students, faculty and staff, alumni, and prospective students who never enrolle in classes at Butler.

The university is offering a year of free credit monitoring.

 

 
Information Source:
Media
records from this breach used in our total: 163,000

June 30, 2014 San Antonio Metropolitan Health District
San Antonio, Texas
MED PORT

300

San Antonio Metropolitan Health District announced a data breach involving vaccination records of 300 children when a laptop containing these records was stolen.

The records included first and the last name of the patient, the patient's date of birth, an identifier for the patient's doctor, and the name of the immunizations. The laptop has since been recovered.

 
Information Source:
Media
records from this breach used in our total: 0

June 27, 2014 Benjamin F. Edwards & Company
St. Louis, Missouri
BSF HACK

Unknown

On May 27, 2014 Benjamin Franklin Edwards & Company (BFE) discovered an unauthorized access to their database which may have resulted in personal information of it's customers being compromised. The company did not provide the exact information that was stored on their system, nor have they communicated how many individuals were involved.

For those that have an account and may have been affected the company is offering one year free of AllClearPro. They are asking individuals to contact their financial consultant for more information or go to www.enroll.allclearid.com to enroll.

 
Information Source:
records from this breach used in our total: 0

June 26, 2014 Sterne, Agee & Leach
Birmingham, Alabama
BSF PORT

Unknown

Sterne, Agee & Leach has contacted customers regarding a data security incident that occured between May 29th and 30th, 2014.

An employee of the brokerage firm was unable to locate their firm-issued laptop, which was password protected, but the data stored locally on the laptop was not encrypted. The data stored on the laptop included "account information utilized for mailing to certain Private Client Group customers whose accounts were opened between July1, 1992 and June 30, 2013".

The information may have included names, addresses, account numbers and Social Security numbers. The information did not include dates of birth, account holdings, account passwords or access codes.

The firm is offering a free one year membership to Experian's ProtectMyID. Those affected must enroll by September 30, 2014, and can visit the website to enroll at www.protecmyide.com/redeem and utilize the activation code in the letter sent by the firm.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 26, 2014 Record Assist LLC
Houston, Texas
BSO HACK

Unknown

Record Assist, LLC informed cstomers of an unauthorized access to their order processing system for ExpressVitals.com. The unauthorized access could have led to obtaining information such as the individuals name, address, credit card number, security code and Social Security number.

Those who are affected can contact the company at P.O Box 19686, Houston Texas 77224-9868 or call 1-844-245-5654.

 
Information Source:
records from this breach used in our total: 0

June 26, 2014 Orange Public School District
Orange, New Jersey
EDU HACK

Unknown

A 16 year old New Jersey teen has been charged with unlawfully accessing the Orange Public School District's database and changing final grades and attendance records.

The Orange High School sophomore is facing multiple counts of second-degree computer theft for unlawfully accessing and altering data an one cound of hindering apprehension.

Reportedly, the student accessed the computer system after obtaining the password of a staff member. Authorities do not know how the teen was able to gain the password information. An investigation is still underway.

 

 
Information Source:
Media
records from this breach used in our total: 0

June 26, 2014 Splash Car Wash
Greenwich, Connecticut
BSR HACK

120,000

Splash car wash has notified approximately 30,000 customers of a data breach to their system when malwar was found on their point of sale system at several of their locations affecting and potentially breaching credit card data.

The car wash operates 13 locations in New York and Connecticut and was alerted by American Express of the breach. As soon as customers swiped their cards, the information was stolen, not giving the companies system time to encrypt the data. The breach is being investigated by authorities.

 
Information Source:
Media
records from this breach used in our total: 120,000

June 26, 2014 Salina Family Healthcare Center
,
MED DISC

500

"Salina Family Healthcare Center (SFHC) notified more than 500 patients of an unintentional transmission of unsecured personal patient protected health information after discovering the following event:

"On April 8, 2014, a staff member submitted a database to the National Commission for Quality Assurance (NCQA) for our involvement in a care coordination research study. The staff member responsible for our participation in the project inadvertently left a table in that database that included patients’ names, dates of birth, chart numbers and CPT codes associated with their care. Upon opening the email, the NCQA staff member who received the database immediately recognized the breach, deleted the database, and notified our staff member"".

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

June 24, 2014 Riverside County Regional Medical Center
Moreno Valley, California
MED PORT

Unknown

The Riverside Regional Medical Center has notified patients of the loss of a laptop computer that contained personal patient information. The laptop went missing from a diagnostic services office in the hospital sometime between June 17, 2014 and June 18, 2014.

The information on the missing laptop included names, dates of birth, medical record numbers and results of a nerve conduction study, and the names of the referring doctor and the doctor who performed the study.

The hospital did communicate that no Social Security numbers, health insurance information or home addresses were stored on this particular laptop.

For those who were affected, they have been asked to call Christina Quijada at 1-877-500-1255 or the Riverside County Privacy Office at 951-955-5757.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 23, 2014 Silk Road/U.S Marshall Service
Washington, District Of Columbia
BSF HACK

40

"U.S. Marshals Service accidentally CC’d 40 potential Silk Road Bitcoin bidders instead of BCC’ing them. Thanks to a phishing scheme that took advantage of this slipup, though, an Australian bidder lost 100 Bitcoin—worth an estimated $62,000—according to.

A total of 40 individuals received a phishing email on June 21st from someone who claimed to be from "BitFirm Productions". The email asked they these individuals participate in a survey for a client of the fake media firm and to click on a link that was supposed to be a GoogleDoc, instead the link contained malware.

Unfortunately one individual did click on the link that infected his computer and the hackers were able to transfer 100 Bitcoin out of his account.

 

 
Information Source:
Media
records from this breach used in our total: 0

June 20, 2014 UCDC, Washington Center
Washington, District Of Columbia
EDU HACK

Unknown

The University California, Washington Center received a notification of unsolicited emails being sent to alumni of the university. After an investigation, it was revealed that someone accessed the pre-enrollment system, GoSignMeUp.com, which is a cloud-based provider for the online course registration utilized by UCDC to host its online course registration process.

The information breach included usernames, passwords, addresses, principal e-mails, gender, birth dates and UCDC course information. The university has stated that they do not record or store any Social Security numbers or financial account information on any of its databases.

For those who were affected the university is recommending individuals change their password.

Those with questions are asked to contact techhelp@ucdc.edu

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 20, 2014 Mount Olympus Mortgage Company
Irvine, California
BSF INSD

Unknown

Mount Olympus Mortgage Company has notified customers of a data breach when a previous employees downloaded mortgage applications from their system to their private Internet accounts and then sent it to a competitor. The information included names, addresses, Social Security numbers, and other information in connection mortgages.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 19, 2014 Rady's Childrens Hospital
San Diego, California
MED DISC

14,100

Rady's Children's Hospital has suffered a data breach when an employee inadvertently sent an email with a file attached to 6 potential job applicants. The applicants were meant to receive approved information for an internal evaluation, instead they received the original file with the information of 14,100 patients. The information included names, dates of birth, primary diagnoses, medical records and insurance carrier claim information. According to the hospital no Social Security numbers,  credit card information, addresses or parent/guardian information were included in this file.

The file contained information on patientes admitted to the hospital between July 1, 2012 through June 30, 2013.

 
Information Source:
Media
records from this breach used in our total: 0

June 18, 2014 The Metropolitan Companies
New York, New York
BSO HACK

Unknown

The Metropolitan Companies, LLC, which is a conglomerate of companies from staffing services to interpreters suffered a data breach as a result of unauthorized access to their computer systems and may have potentially removed documents that included personal information of their customers.

Through an investigation, it has been disclosed that the information that was breached includes names, addresses, phone numbers, email addresses, Social Security numbers, dates of birth, past education, work history, and financial information. The company has not disclosed the number of individuals affected.

For those that may have been affected the company is providing one year of identity theft protection through Kroll. They can be contacted at 1-855-781-0033 to speak with a licensed investigator or visit their website at Visit www.kroll.idMonitoringService.com.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 17, 2014 Service Alternatives
Coupeville, Washington
BSO HACK

550

Service Alternatives has informed individuals of a data breach to their payroll system. It appears that an unauthorized third person or persons obtained access to that system between November 2013 and March 2014. The information obtained included full names, addresses, dates of birth (excluding foster parents), Social Security number, Driver's license number or identity card number (excluding foster parents), tax documents, documents provided on form I-9 for anyone hired after Oct. 2010 (excluding foster) parents, bank routing number and account number if direct deposit was ever used.

Those who were affected by the breach may call 1-800-292-6697 or email support@servalt-adm.com

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 550

June 16, 2014 Riverside Community College
Riverside, California
EDU DISC

35,212

Riverside Community College has suffered a data breach affecting 35,212 students. On May 30th, a district employee emailed a file containing information about all students who were enrolled in the spring term to a colleague working at home due to illness, for a research report that was on a deadline. The district employee used a personal email account to send the data because the file was too large for the district's secure email to send. The employee then typed in the incorrect email address.

The information contained in the file included names, addresses, birth dates, Social Security numbers, email addresses, student ID numbers, and telephone numbers.

The district has set up a Call Assistance Center at 1-888-266-9438 for affected students. The center will be open from 6 a.m to 6 p.m Monday through Friday for 90 days.

 
Information Source:
records from this breach used in our total: 35,212

June 12, 2014 Redwood Regional Medical Group
Santa Rosa, California
MED PHYS

33,702

A thumb drive containing 33,702 patient records was stolen from the Redwood Regional Medical Group in Santa Rosa California. An employee placed the thumb drive in a "zipped container in an unlocked locker", where the drive was stolen.

The information contained on the device included patients' first and last names, gender, medical record numbers, date of birth, date and time of service, area of body X-rayed, the X-ray technologist's name and the radiation level required to produce the X-ray. No other images such as MRI's or mammograms were stored on the device.

 The medical center was taken over by St. Joseph Health on April 1st. The records were backed up to the drive as a precaution while they were being moved to Santa Rosa Memorial Hospital's electronic medical records system.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

June 11, 2014 PF Chang's
Scottsdale, Arizona
BSO HACK

Unknown

P.F Chang's is investigating a potential data breach, when credit cards showed up on an underground website that criminals use. Brian Krebs broke the story, when the banks he contacted confirmed that the cards had been used at P.F Chang's restaurants.

P.F Chang's is investigating the allegations currently with authorities.

UPDATE (06/30/2014): PF Chang's has had a class action lawsuit filed against the restaurant chain. The company confirmed on June 12, 2014 that a breach had occured. Some experts believe that the lawsuit is unlikely to succeed because some security experts have said, because proving consumer losses linked to the specific restaurant data breach is difficult to do.

Some believe it was a breach of the restaurants POS system, most likely infiltrated by malware, similar to the Target and Salley Beauty breaches, the restaurant chain has yet to divulge any details, including the number of cards exposed.

UPDATE (8/4/2014): "P.F Chang's China Bistro Ltd. stated Monday that the data breach that affected customer credit and debit cards affected 33 locations throughout the continental U.S.", the investigatin is still ongoing.

 
Information Source:
Krebs On Security
records from this breach used in our total: 0

June 11, 2014 Stanford Federal Credit Union
Palo Alto, California
BSF DISC

18,000

Stanford Federal Credit Union informed 18,000 members that their personal information was sent to another member accidentally. According to the letter sent to the members,  credit union employees recognized the error immediately and the data was destroyed without it being read to the recipient. The data sent was a list of members who were pre-approved for loans. The credit union employee who sent the list inadvertently sent it to a member who had the same first name as the staff member it was meant for.

According to the credit union, the member had not yet read the mail and worked with the staff of the credit union to properly destroy it.

 
Information Source:
California Attorney General
records from this breach used in our total: 18,000

June 10, 2014 AT&T Mobility, LLC
Des Peres, Missouri
BSR INSD

Unknown

AT&T has informed California regulators of a data breach that occurred with a third party service provider.

"Employees of one of our service providers violated our strict privacy and security guidelines by accessing your account without authorization," the company said in a letter to affected customers. "AT&T believes the employees accessed your account as part of an effort to request codes from AT&T than are used to unlock AT&T mobile phones in the secondary mobile phone market."

Personal information such as Social Security numbers and phone records were accessed. The incident took place between April 9th through April 21st, but the California regulators were just informed this week.

AT&T would not disclose how many customers were affected, but the law requires disclosure if more than 500 people have been affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 10, 2014 St. Francis Hospital
Columbus, Georgia
MED DISC

1,175

St. Francis Hospital notified patients of a data breach when a mass email to 1, 175 patients was sent out where all email addresses were visible vs. having each patient being blind copied on the email.

The hospital is claiming that no medical treatment or other personal information was part of the email.

Those St. Francis patients who have questions about the incident are asked to call the hospital at 1-800-723-49981-800-723-4998.

 
Information Source:
Media
records from this breach used in our total: 0

June 10, 2014 Access Health CT
Hartford, Connecticut
BSF INSD

413

The Connecticut health insurance exchange has suffered a data breach, when one of the exchanges employees lost a backpack at a local deli that included names, Social Security numbers and birthdates of 413 individuals.

The employee was not authorized to remove these documents from the facility and has since been put on administrative leave.

 
Information Source:
Media
records from this breach used in our total: 413

June 9, 2014 College of the Desert
Palm Desert, California
EDU INSD

1,900

The College of the Desert in Palm Dale Calfornia informed individuals of a data breach in their system when a college employee sent an unauthorized attachment in an email to approximately 78 college employees,  that contained personal information of employees of the college.

The information contained in the attachment included names, Social Security numbers, dates of birth, geners, zip codes, titles of postions held at the university, employment anniversary date, employee identification numbers, insurance information,  active or retired employee status.

Those who are affected are asked to call Stan Dupree, HR and Labor Relations Director at 760-674-3777760-674-3777or sdupree@collegeofthedesert.edu

UPDATE (6/19/2014): According to new reports, The College of the Desert breach affected 1,900 current and former employees. The total individuals affected was not reported when the breach was made public.

 
Information Source:
California Attorney General
records from this breach used in our total: 1,900

June 7, 2014 Walgreens
Atlanta, Georgia
BSR INSD

Unknown

Walgreens has notified some patients of a breach when an employee stole some patients information, which included names, dates of birth, and Social Security Numbers in the form of a Medicare ID number and provided the information to a third party. Walgreens is claiming that no credit card, banking or other personal information was involved.

The company has set up a hotling for those affected, 1-866-312-8654 from 7 a.m to 7 p.m Central Standard time, Monday through Friday.

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 0

June 6, 2014 Miami-Dade County
, Florida
GOV UNKN

Unknown

The county of Miami-Dade informed employees of a data breach where their personal information is being used to file fraudulent unemployment claims, along with credit card fraud. Currently, officials at the county are not clear if this breach happened internally or by external hackers.

They have not released what specific information has been compromised.

Federal officials at the U.S Inspector General's Office are leading the investigation due to false unemployment claims. The Human Resource Department of the agency has put out a statement.

"The recent news report on a “Data Breech” has understandably raised concerns amongst our employees regarding their personal information and whether they are one of the employees impacted by identity theft. Please be advised that when we identify a possible fraudulent unemployment claim, we immediately notify the Departmental Personnel Representative (DPR) for that employee. Our procedures are as follows:

The Human Resources Department receives the Notices of Reemployment Assistance once a claim for unemployment has been filed with the Department of Employment Opportunity (DEO). If a claim is identified as fraudulent (once HR confirms the employee is an active employee) HR contacts the employee’s DPR to provide notice to the Department and notification is immediately sent to the Department of Unemployment indicating that it is a fraudulent claim.

If an employee is notified that a fraudulent claim has been filed on their behalf, the employee should be instructed to do the following:

 

  1. Contact the Unemployment Fraud Hotline to report the fraud at (800) 342-9909(800) 342-9909. They should report that their identity (SS#, Name) is being used to commit Unemployment Fraud.
  2. Make a note of the Master Case File # that has been assigned by the Miami-Dade Police Department:PD130322106429.
  3. File an Identity Theft Affidavit (IRS Form 14039), found at http://www.irs.gov/pub/irs-pdf/f14039.pdf
  4. Notify their banking institutions
  5. Make routine checks on their bank accounts
  6. Conduct thorough reviews on their bank and credit card statements
  7. Visit http://myfloridalegal.com/identitytheft to learn more about Identity Theft


We assure you that fraudulent claims are being taken very seriously and every effort is being made to identify and refer these cases to the proper authorities for appropriate action."

 
Information Source:
Media
records from this breach used in our total: 0

June 6, 2014 Penn State Milton S. Hershey Medical Center
Hershey, Pennsylvania
MED INSD

1,801

Penn State Milton S. Hershey Medical Center began alerting patients of a data breach when an employee accessed clinical data on an unauthorized computer and removable storage device. The employee did have permissions to have access to the files, but downloaded the clinical information on a removable storage device and his personal computer, both of which were not properly secured and outside of the medical centers IT department. The employee also used their personal email account to send emails with a test log of the data to two physicians at the medical center.

 
Information Source:
Media
records from this breach used in our total: 0

June 5, 2014 Highmark
Pittsburgh, Pennsylvania
BSF DISC

3,675

Health Insurer, Highmark Inc. notified customers that are members of either Security Blue or Freedom Blue, that their information may have been mailed to other people. The information mailed was a health risk assessment that included information such as names, addresses, dates of birth and certain medical information.  The health insurer is claiming that no Social Security numbers were compromised.

 
Information Source:
Media
records from this breach used in our total: 0

June 4, 2014 National Credit Adjusters
Hutchinson, Kansas
BSF UNKN

Unknown

National Credit Adjusters have informed individuals of a breach that has happened when they were notified that some customers were receiving phone calls from unauthorized third party debt collectors. The information that these unauthorized debt collectors may have access to include names, addresses, debt balances, dates of birth and Social Security numbers. The information may also expand beyond the individual on the account to co-signers of the account as well.

The hackers pose as legitimate debt collectors but are actually calling with the attempt to scam individuals out of their money.

For those affected, the company is asking individuals call 1-855-737-9123.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 3, 2014 Craftsman Book Company
Carlsbad, California
BSO HACK

Unknown

Craftsman Book Company notified customers of a breach that occured on their site. On Tuesday May 27th the company discovered unauthorized access to their site and recommended a change in their username and password. Since that time they discovered that the breach also included charges on customers credit card. The hackers found another site operated by the company and through the security vulnerabilities in the one site, they were able to get to the Craftsman Book site and ultimately to the customers information.

Since the vulnerability was discovered, the company has shut down the other site and is in the process of securing it.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 30, 2014 Arkansas State University College of Education and Behavioral Science's Department of Childhood Services
Jonesboro, Arkansas
EDU HACK

50,000

Arkansas State University was notified by the Arkansas Department of Human Services of a data breach in their College of Education and Behavioral Science's Department of Childhood Services database, potentially exposing personally identifiable information.

According to A-State's Chief Information Officer Henry Torres,  “we have confirmed unauthorized access to data, but we have no reports regarding illegal use of the information in these files,” Torres said. “We took immediate measures to address this issue after being notified by DHS. We are cooperating with DHS and working with programmers to assess and resolve the situation.”

The breached involved a database related to the "Traveling Arkansas Professional Pathways (TAPP) Registry, which is a professional development system designed to track and facilitate training and continuing education for early childhood practictioners in Arkansas."

To date, the university has stated that Social Security numbers were compromised in the database, no other information as to the specific data was provided by the university.

 
Information Source:
Media
records from this breach used in our total: 50,000

May 29, 2014 Montana Health Department
Helena, Montana
MED HACK

Unknown

The Montana Department of Public Health and Human Services announced a data breach that occured when hackers had access to the server for nearly a year. The server contains names, addresses, dates of birth, Social Security numbers and clinical information of customers along with the Social Security numbers and bank account information of employees.

The agency has set up a help line for those who may have been affected at 1-800-809-29561-800-809-2956.

 
Information Source:
Media
records from this breach used in our total: 0

May 28, 2014 Hospital for Veterans Affairs, Denver
Denver, Colorado
BSF STAT

248

The hospital for Veterans Affairs in Denver had two bio-medical computers stolen from a locked room in the hospital. The computers contained data from tests on approximately 239 VA patients. These computers were used to record data from pulmonary function tests for these patients. The hospital has said that no other data was stored on the computers and the data is encrypted on a password protected application.

 

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

May 28, 2014 Sharper Future
Los Angeles, California
MED STAT

Unknown

The Sharper Future, a mental health facility in Los Angeles has informed clients of a data breach when their offices were burglarized and various electronic equipment that stored patient records which includes names, dates of birth, health and clinical histories, treatment records, CDCR identification numbers and Social Security numbers of their clients.

The facility did report that the information on the stolen equipment was password-protected and did not include financial information. The incident is currently under investigation by authorities.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 28, 2014 Precision Planting
Tremont, Illinois
BSO HACK

Unknown

Precision Planting customers have been impacted by a security breach affecting one of the company's data servers. The company has not communicated specifically how their system was compromised, however the information breached included customer names, addresses, tax identification numbers and financial information. The server also contained some employee W-2 forms, Social Security numbers, and driver's license numbers.

 
Information Source:
Media
records from this breach used in our total: 0

May 28, 2014 Promedica Bay Park Hospital
Oregon, Ohio
MED INSD

500

ProMedica Bay Park Hospital notified patients of a data breach when an employee of the facility accessed records of patients not directly under their care from April 1, 2013 to April 1, 2014.

The information breached included each "patient's full name, date of birth, diagnosis, attending physicians, and medications. Patients' Social Security numbers and financial information are not believed to have been accessed".

The employee was immediately fired once the hospital learned of the privacy breach.

 
Information Source:
Media
records from this breach used in our total: 500

May 26, 2014 Power Equipment Direct
Suwanee, Georgia
BSR HACK

Unknown

Power Equipment Direct has notified customers of a data breach that occured when a small piece of malicious computer code was uploaded to a server that handles their check-out process. The malicious code captured and transmitted screen shots of check-out pages. The company reported that the breach most likely occured from May 4, 2014 until May 5, 2014.

The company is not sure as to what information was captured, it woud have been the information on the screen available at the time the malicious code was enabled.

The company is offering AllClear SECURE at no cost for 12 months. For those affected they can call 1-877-676-0382.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

Breach Total
872,715,019 RECORDS BREACHED
(Please see explanation about this total.)
from 4,391 DATA BREACHES made public since 2005
Showing 51-100 of 4391 results


X

Sign In!

Loading