Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
930,526,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,427 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
May 9, 2014 Baylor Regional Medical Center
Dallas, Texas
MED HACK

1981

Baylor Regional Medical Center at Plano communicated to patients a data breach that occured when a "phishing" email went out to affiliated physicians. The physicians may have been unaware that is was a "phishing" scam and inadvertently created unauthorized access to their email accounts.

The email accounts may have included emails that contained patient information, including names, addresses, dates of birth, or telephone numbers, some clinical information such as treating physician, department, diagnosis, treatment received, medical record number, medications, medical service code or health insurance information and Social Security numbers.

 
Information Source:
Media
records from this breach used in our total: 1,981

May 8, 2014 Boulder Community Health
Boulder, Colorado
MED PHYS

16

Boulder Community Health is investigating another data breach of their facility. It has been reported this is the third such incident for this facility since 2008.

Nine people have claimed that they had their records stolen and hard copies mailed to them. Two of these individuals said that there was a letter in theirs that stated their records were mailed “to demonstrate the easy access the hospital and their partners provide to some with bad motives.”

There is an ongoing investigation to understand the extent of the breach. "The hospital — previously known as Boulder Community Hospital until a name change last month — is asking anyone else who thinks their records might have been stolen to call its legal office at 303-440-2342 ".

UPDATE (5/12/2014): Seven more patients have claimed that an anonymous source has sent them copies of their medical records in the mail. It is still unclear as to whether the souce is taking the medical records from inside of the hospital or from somewhere outside of the hospital. The breach is still under investigation.

 

 
Information Source:
Media
records from this breach used in our total: 0

May 7, 2014 Green's Accounting
Greenfield, California
BSF STAT

Unknown

The office of Brent Green, CPA was burglarized on April 6, 2014 where the burglars took a network server computer and hard drives containing personal information of their clients. Their server was unencrypted and contained Social Security numbers, names, and addresses of both individuals and their independents.

For additional information or questions, those affected are asked to call Brent Green at 831-64-5562.

 
Information Source:
records from this breach used in our total: 0

May 7, 2014 Gingerbread Shed Corporation
Tempe, Arizona
BSR HACK

Unknown

Gingerbread Shed Corporation notified customers of unauthorized access to their system that compromised the personal data of its customers. The information included names, addresses, phone numbers, email addresses, credit card information, user names and passwords for website accounts.

The company has established a confidential phone line for those affected that have questions 1-866-597-8199 and use reference # 5474042814.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 6, 2014 California Department of Child Support Services
Rancho Cordova, California
GOV PHYS

Unknown

The California Department of Child Support Services has notified individuals of a data breach that resulted in unauthorized disclosure of personal information. On April 7, 2014 letters from the Solano County Department of Child Support Services were misplaced while in the custody of a contracted courier who was transporting mail to the US Post Office.

Those affected are asked to call the Department of Child Support Services at 1-866-901-3212.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 6, 2014 Molina Healthcare
Long Beach, California
MED PHYS

5,000

Molina Healthcare has communicated to former members about a data breach that included their Social Security numbers.

Molina said it contracted with a printing company to print postcards that contained information about benefits offered. Unfortunately the postcards did not contain names of the individuals, but addresses and Social Security numbers of the individual.

 

 

 
Information Source:
Media
records from this breach used in our total: 5,000

May 5, 2014 ground (ctrl)
Sacramento, California
BSO HACK

Unknown

ground(ctrl) operates social networking community websites focused on musicians, informed customers of a data breach to their website. The information breached included e-mail addresses and passwords. The company did inform customers that their credit card information was never stored with them and was not at risk.

For those affected, the company is recommending that usernames and passwords be changed. For questions individuals can call 1-877-463-2875 or via email at security@groundctrl.com.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 5, 2014 UMASS Memorial Medical Center (UMMMC)
Worcester, Massachusetts
MED INSD

2,400

UMass Memorial Medical Center informed patients of a data breach that occurred when a former employee stole personal information from the medical centers files.

The information stolen included names, dates of birth, Social Security numbers and addresses. The former employee had access to this information from May 6, 2002 to March 4, 2014. Investigators believe that this individual stole the information in order to open credit card and cell phone accounts.

 
Information Source:
Media
records from this breach used in our total: 2,400

May 1, 2014 JCM Partners LLC
Suwanee, Georgia
BSO HACK

Uknown

JCM Partners informed customers of a data breach that occured when a file containing personal information of housing applicants was taken from a JCM database and posted on an unauthorized website. An internal investigation was launched.

The information in the file included Social Security numbers, driver's license numbers, email addresses and mailing addresses.

The company is providing 12 months of AllClear Secure and those affected are automatically eligible and can call 1-877-979-2595.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 30, 2014 Boomerang Tags.com
Pismo Beach, California
BSR HACK

Unknown

Boomerand Tags.com notified customers of a data breach to their online website. The company released a letter to customers stating that hackers installed some form of malware onto the server that manages their website. The motivation of the hackers appears to be to gain the credit card information of the individual. Individuals financial information may have been exposed from July 4, 2013 through February 18, 2014.

Any further questions for those who may have been affected they can email the company at http://www.boomerangtags.com/page.php?c=contact#email_form

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 28, 2014 AOL
New York, New York
BSO HACK

Unknown

AOL has sent a message to millions of its account holders of a data breach to their system urging them to change their usernames and passwords. AOL won't confirm an exact number but it appears to be approximately 2 percent of its accounts.

AOL noticed the attack when a significant amount of spam began appearing from spoofed emails from AOL account holders email addresses.

 
Information Source:
Media
records from this breach used in our total: 0

April 28, 2014 Seton Northwest Hospital
Austin, Texas
MED INSD

180

A computer-like device was stolen from Seton Northwest Hospital that is used in the sleep lab. The device according to the hospital, is a Hewlett Packard desktop device that is used to capture and manipulate data from sleep studies. "It does not function like a normal computer. The operator would need a password and access to Seton systems to get a hold of patient data". Reportedly the data consists of names, dates of birth and Seton account numbers.

The device was stored inside a locked storage area at Seton Northwest Hospital, where the device was stolen.

In response Seton Healthcare sent the following statement:

"But to be safe, Seton already has offered, at no cost to patients, ID protection for a year to all the 180 or so patients whose information we believe is on this data storage device. Seton is sincerely sorry that this incident occurred and plans to work closely with the patients involved to protect them from harm."

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

April 25, 2014 Willis North America Inc.
Nashville, Tennessee
BSO DISC

Unknown

Willis North America Inc, informed customers that on "March 19, 2014 an email was sent internally to a group of current Willis Associates who were enrolled in the medical Plan's Healthy Rewards Program". The original email sent out to customers was as a reminder for a special program through their company, however the individual who sent the email "accidentally attached a spreadsheet to the email that was not meant to be included".

The information on the spreadsheet included names, email addresses, dates of birth, social security numbers, employee ID numbers, and office locations by city/state/zip, Wellness credits, an individuals credit status codes, insurance coverage codes, internal codes for plan geographic region and type of reward applicable, last effective date of medical plan elections, election selections, original and last start dates, and when medical plan coverages began.

The spreadsheet did not include any information that revealed health conditions, health treatments or health claims, or personal health information regarding spouses or dependents.

The company has arranged for two years of identity theft protection at no charge. Those affected can find the information at www.trustedid.com/enhanced-identity-theft-protection. To register to to www.trustedid.com/willis and enter the activation code WNAIDE0314 OR CALL 1-888-880-0761.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

April 22, 2014 NCO Financial Systems Inc.
Horsham, Pennsylvania
BSF DISC

Unknown

NCO Financial Systems Inc. informed customers of a data breach when their third party communication vendor, RevSpring, Inc. sent an email to a number of loan customers that mistakenly included an attachment that contained loan statements. The information on these statements included names, addresses, Social Security numbers, and account numbers.

The company is offering 12 months free of ProtectMyID through Experian. A letter with a code went out to those individuals affected. Those with questions are asked to call 1-866-274-43711-866-274-4371.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 22, 2014 Snelling Staffing LLC
Dallas, Texas
BSO DISC

Unknown

Snelling Staffing LLC informed current and previous employees of a data breach that exposed personal information to others via the Internet due to an installation error of a cloud based server at the home of a former Snelling employee, on January 24, 2014.

The information exposed included Social Security numbers, driver's license numbers, dates of birth, home addresses, medical information, alleged criminal activity and/or drug test results.

The company did discover that breach and shut down access to the information within the same day.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 22, 2014 Iowa State University
Ames, Iowa
EDU HACK

29,780

Iowa State University has reported a data breach of one of their systems that exposed a large amount of data of individuals who were enrolled in the university over the past 17-year period.

Social Security numbers of approximately 30,000 people who enrolled in certain classes between 1995 and 2012 along with university ID numbers for nearly 19,000 additional people. Authorities believe that the person or persons motivation was apparently to generate enough computing power to create the virtual currency bitcoin.

The university is offering AllClear ID for 12 months free for those whose Social Security numbers were affected. AllClear representatives can be reached at 1-877-403-02811-877-403-0281.

Here is the link to the universities information regarding the breach http://www.news.iastate.edu/news/2014/04/22/serverbreach

For those who suspect fraud or question whether a request you receive is legitimate, please contact the ISU Foundation at 515-294-4607515-294-4607, the ISU Alumni Association at 515-294-6525515-294-6525, or Iowa State’s computer security team at serverbreach@iastate.edu.

 
Information Source:
Media
records from this breach used in our total: 29,780

April 18, 2014 University Pittsburgh Medical Center
Pittsburgh, Pennsylvania
MED HACK

27000

The University Pittsburgh Medical Center (UPMC) informed employees of a data breach that compromised employee's personal data, including their Social Security number and  the potential for fraudulent tax returns being filed in their name.

The number of employees affected was approximately 800. The full extent of the information exposed has not been communicated, however, due to the tax fraud, information such as names, addresses and Social Security numbers were assumed to be involved.

UPMC was aware of the breach in February and thought that the breach included only 27 individuals, but soon became aware that the breach was much larger. An investigation is currently being conducted.

UPDATE (4/21/2014): The extent of the data breach at UPMC thought to be around 800 employees, is much more extensive than originally believed. The current numbers are around 27,000 employees affected. UPMC is offering Lifelock for 12 months for those affected. A letter went out to those individuals with the information. For additional questions, UPMC has provided a toll free hotline (1-855-306-8274) or email JohnHouston@upmc.edu. A class action lawsuit has been filed against UPMC.

UPDATE (5/14/2014): On Friday May 9, 2014 the law firm of Kraemer, Manes & Associates sued University Pittsburgh Medical Center (UPMC) and Ultimate Software Group of Weston, Fla., over the loss of employee data and subsequent identity thefts. They are seeking class-action status in U.S. District Court, and would represent current and former UPMC employees who have been affected by the breach.

 
Information Source:
Media
records from this breach used in our total: 27,000

April 17, 2014 Aaron Brothers
Coppell, Texas
BSR HACK

400,000

Aaron Brothers, a division of Michaels Stores Inc. appears to been a part of the data breach of Michaels Stores Inc. The company confirmed on Thursday April 17, 2014 that the payment system breach also affected its Aaron Brothers chain. Approximately 400,000 cards were potentially breached from June 26, 2013 through February 27, 2014.

 
Information Source:
Media
records from this breach used in our total: 400,000

April 14, 2014 Wilshire Mutual Funds
Kansas City, Missouri
BSF DISC

Unknown

Wilshire Mutual Funds informed customers of a data breach that took place on March 13, 2014. It was brought to the company's attention that a copy of individuals 1099-Div tax form was sent by fax to an incorrect shareholders in error.

The information contained on the 1099-Div form included registered owner's names, the registration of the mutual fund account, the addresses of record, the last 4 digits of the Social Security numbers, the fund and account numbers assigned in their recordkeeping system, the taxable amounts, and the Payer's (Wilshire Equity Fund) Federal ID number.

Those affected with questions are asked to call 1-866-591-15681-866-591-1568 or to send written correspondence to P.O. Box 219512, Kansas City, MO 64121-9512 or by overnight mail to 430 W. 7th Street, Kansas City, MO 64105.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

April 11, 2014 Veterans Of Foreign Wars Of The United States
Kansas City, Missouri
NGO HACK

55,000

The office of The Veterans Of Foreign Wars Of The United States notified members that an unauthorized party accessed VFW's webserver through the use of a trojan and malicious code. The hacker, thought to be in China, was able to download tables containing the names, addresses, Social Security numbers of approximately 55,000 VFW members.

The motivation of the hacker, according to IT experts, was to gain access to information regarding military plans or contracts and not for purposes of identity theft, although they have not ruled that out.

VFW is providing 12 months free of AllClearID. Members can call 1-855-398-6437 with any questions. A security code must be provided and was provided in the letter sent to those affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 55,000

April 11, 2014 LaCie USA
Tigard, Oregon
BSR HACK

Unknown

LaCie USA was informed by the FBI that they had found indications that an unauthorized person used malware to gain access to information from customer transactions that were made through LaCie's website.  Reportedly, the transactions that may have been affected happened from March 27, 2013 through March 10, 2014.

The information breached included names, addresses, payment card numbers and card expiration dates. Also included could be an individuals LaCie username and password to access the website.

For those affected they are asked to call Monday through Friday from 9:00 a.m through 7:00 p.m EDT (eastern time).

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 11, 2014 University Urology, P.C.
Knoxville, Tennessee
MED PHYS

1,144

University Urology P.C of Knoxville Tennessee informed patients of a data breach regarding their personal information. According to the practice, the information was limited to names and addresses and that no Social Security numbers, financial account information or clinical information was exposed.

According to a statment by the facility, an administrative assistant had compiled the data in an effort to sell it to a competing provider, helping them gain patient business. Patients contacted University Urology to let them know that the competing provider had been soliciting their business.

 
Information Source:
Media
records from this breach used in our total: 0

April 9, 2014 Clinical Reference Laboratory
Lenexa, Kansas
MED PHYS

Unknown

Clinical Reference Laboratory, Inc. notified individuals of a breach regarding their personal information. On or around February 6, 2014 Clinical Reference Laboratory (CRL) sent a packet of invoices via the United States Postal Service to Nationwide Insurance for services performed. The package was damaged when it arrived at the USPS facility and some of the invoice pages were missing.

The information in these missing pages included names, dates of birth, the last 4 digits of individuals Social Security number and the type of lab tests conducted.

The company has arranged a free one year subscription through Equifax Personal Solutions.

For those affected with questions they can call CRL at 1-855-758-75431-855-758-7543 or disclosurehelp@crlcorp.com.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

April 8, 2014 StumbleUpon
San Francisco, California
BSO HACK

Unknown

The San Francisco based Internet company has informed customers of a potential breach that may have occured in their system. The company sent notification out to customers noticing suspicious activity on their account and in turn locked their accounts and reset their passwords.

The company reported that the breach included only passwords.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 7, 2014 American Express Company
New York, New York
BSF CARD

Unknown

Amercian Express Company informed customers that their credit card information was recovered as part of an investigation by law enforcement agencies and/or American Express. The information reportedly only included the American Express Card account numbers, no Social Security numbers were impacted.

Those individuals who notice suspicious activity on their account are asked to call 1-855-693-22131-855-693-2213 to notify the company.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 7, 2014 Deltek Inc.
Herndon, Virginia
GOV HACK

80,000

Software developer Deltek Inc. informed approximately 80,000 employees of a breach that occured in Deltek's GovWin IQ system.

The company confirmed that on March 13, 2014 they suffered a cyberattack where hackers obtained usernames, passwords and credit card information for individuals who use the GovWin IQ system. Of the 80,000 individuals affected, 25,000 of those may have had credit card information breached.

Those individuals who did have credit card information affected, the company is offering a membership to TransUnion Monitoring services for free.

It has also been reported that authorities have already made an arrest in this case.

Deltek has set up an email address for users to submit questions: protect@deltek.com.

 
Information Source:
Media
records from this breach used in our total: 25,000

April 6, 2014 BigMoneyJobs.com
Uknown,
BSO HACK

36,802

The recruiting site BigMoneyJobs.com has apparently been breached by a hacker that goes by the name of ProbablyOnion by exploiting an SQL Injection vulnerability. The details of over 36,000 users have been leaked online due to the breach.

The information included names, home addresses, phone numbers, emails and passwords of 36,802 users have been published in a Excel file. The information covers both individuals looking for a job and companies looking for talent.

 
Information Source:
Media
records from this breach used in our total: 0

April 3, 2014 Cole Taylor Mortgage
Portland, Oregon
BSF DISC

Unknown

Cole Taylor Mortgage (a division of Cole Taylor Bank) informed customers of a data breach that occured due to an error by one of their third party vendors. Information was inadvertently made accessible to employees of another federally regulated bank.

The information included names, addresses, Social Security numbers, loan numbers and certain loan information. According to the mortage company, the breach was caused by a technical error by the vendor that provides them information technology services and solutions to both banks.

The company has established a dedicated toll-free hotline for those who were affected at 1-800-572-9809.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 3, 2014 Central City Concern
Portland, Oregon
NGO INSD

15

Central City Concern, a non-profit in Portland Oregon, notified individuals of a data breach that was perpetrated by an ex-employee of the agency.  Federal law enforcement officers notified the non-profit that this former employee copied files from approximately 15 clients from its Access Center with the intention of filing fraudulent tax returns.

CCC began an investigation and has noted that this former employee may have accessed files from March 23, 2010 through May 24, 2013. The former employee stated to authorities that they had only copied 15 files. The non-profit has set up 12 months free monitoring through Experians ProtectMyID alert. Any questions for the agency, those affected are asked to call 1-866-778-1144 Monday through Friday 6:00 a.m to 6:00 p.m.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 15

April 2, 2014 Kaiser Permanente Northern California Division of Research
Oakland, California
MED HACK

5,100 patients

Kaiser Permanente's Northern California Division of Research informed research patients of a data breach to their system. The company discovered that a server was infected by a malicious software that caused a breakdown in the server's security barriers allowing the hackers to obtain personal information.

The information included firs names, last names, dates of birth, ages, genders, addresses, race/ethnicities, medical record numbers, lab results all associated with research provided by individuals as part of research studies.

Currently the company has stated that no Social Security numbers or their Kaiser electronic medical record information used for ongoing medical care was not affected.

Those affected with questions are asked to call 1-877-811-00191-877-811-0019 from 8 a.m to 6 p.m PDT Monday through Friday or the Department of Health and Human Services through the Office for Civil Rights at 1-800-368-10191-800-368-1019.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 2, 2014 Boxee
Ridgefield Park, New Jersey
BSO HACK

158,128

The personal data of over 158,000 Boxee.tv forum accounts were hacked and leaked online to a Tor Internet site and at least one researcher. The information included email addresses, birth dates, IP addresses, message histories, and password changes. It also included message archives and past password changes.

The company was purchased by Samsung last July.

 
Information Source:
Media
records from this breach used in our total: 0

April 2, 2014 California Correctional Institution
Tehachapi, California
GOV PHYS

Unknown

On March 9, 2014 an employee roster was discovered within an unsecure desk drawer at one of the correctional facilities.

The roster included full names and the last 6 digits of Social Security numbers.

For those affected they are being directed to call Tim Fites, Information Security Coordinator at 1-661-823-5011.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 28, 2014 Palomar Health
Escondido, California
MED PORT

5,000 patients

Palomar Health in Escondido had a laptop stolen along with two flash drives from an employee's SUV. Approximately 5,000 patients were affected by the breach.

The flash drives contained patient names, dates of birth, information regarding individual diagnosis, individual treatment and insurance information. The computer was encrypted but the flash drives were not. The information dates back to 2008.

The Oceanside police have recovered the laptop and the missing flash drives, one person was arrested and a possible second suspect arrest may follow.

Those patients who may have been affected can reach the health care system for more information at 1-866-313-79931-866-313-7993. The company is offering credit monitoring services for those individuals whose medicare numbers were compromised.

Palomar could face a fine as high as $250,000 from the California Department of Health.

 
Information Source:
Media
records from this breach used in our total: 0

March 27, 2014 Orlando Health's Arnold Palmer Medical Center
Orlando, Florida
MED PORT

586

A computer flash drive containing patient information on 586 children treated at Orlando Health's Arnold Palmer Medical Center is missing or reportedly been "misplaced"

The information included last names, assigned medical record numbers, dates of birth, gestational ages, birth weights, dates of hospitalizations, and in some cases, transfer dates of children who were patients at Arnold Palmer Hospital for Children or Winnie Palmer Hospital for Women and Babies between 2009 and 2013.

 
Information Source:
Media
records from this breach used in our total: 0

March 27, 2014 The University of Wisconsin-Parkside
Kenosha, Wisconsin
EDU HACK

15,000

Students were notified by officials from The University of Wisconsin-Parkside of a data breach that occured to their system by hackers that installed malware on one university server.

The information that is at risk includes names, addresses, telephone numbers, email addresses and Social Security numbers. The breach affects students who were either admitted or enrolled at the university since the fall of 2010.

The server was shut down and the hacking was reported to local authorities. After launching an investigation it appears the malware was searching for credit card information and they show no evidence that any Social Security numbers were compromised.

The university has set up a website with information for those who may have been affected http://www.uwp.edu/explore/contactus/index.cfm 

 
Information Source:
Media
records from this breach used in our total: 15,000

March 27, 2014 Sorenson Communications and CaptionCall
Salt Lake City, Utah
GOV HACK

Unknown

On March 7 it was discovered that there was an unauthorized access to Sorenson Communications employee data via the payroll vendor utilized for both Sorenson Communications and CaptionCall employees. The personal information breached includes both the employee, beneficiaries, dependents, and emergency contacts, or anyone listed in the employees HR account with the company.

The information includes names, dates of birth, addresses, Sorenson income histories, Social Security Numbers, W-2 information, and emergency contact data and appeared to have happened between February 20, 2014 through March 3, 2014.

The FBI has been contacted and is investigating the breach. An email was sent to all those affected on March 11th with instructions on how to enroll in the company-provided credit monitoring services. If an email was not received they are requesting those individuals contact the Human Resources Department at hrsupport@sorenson.com to obtain the information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 25, 2014 University of Kentucky HealthCare/Talyst
Lexington, Kentucky
MED PORT

1,079

UK Healthcare is notifying 1,079 patients that a laptop with their personal health information was stolen on February 4, 2014 from Talyst, a third party pharmacy billing management company.

The vendor's laptop included names, dates of birth, medical record numbers, diagnosis, medications, laboratory results, progress notes, allergies, height and weights, dates of service, physician name and clinics, insurance carrier, insurance identification numbers.

 
Information Source:
Media
records from this breach used in our total: 0

March 25, 2014 American Express
New York, New York
BSF HACK

Unknown

American Express sent out notification to cardholders regarding unauthorized activity on their cards from unnamed merchants. American Express has stated that names, card account numbers and expiration dates of cards could have been affected. At this time they have stated that no Social Security numbers have been affected.

American Express has placed a fraud alert on their cardholders credit reports. For those affected they are to call 1-800-297-7672 for identity theft assistance or email www.americanexpress.com/idtheftassistance.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 22, 2014 California DMV
Sacramento, California
GOV HACK

Unknown

The California DMV is investigating a potential data breach of their credit card processing systems. Reportedly several large financial institutions received private alerts this week from MasterCard about compromised cards used for charges.

As reported by Krebs on Security, "the alert, sent privately by MasterCard to financial institutions this week, did not name the breached entity but said the organization n question experienced a "card-not-present" breach-industry speak for transactin conducted online. The alert further stated that the date range of the potentially compromised transactions extended from August 2, 2013 to January 31, 2014, and that the data stolen included the card number, expiration date, and three-digit security code printed on the back of cards".

Krebs contacted 5 different financial institutions, two mid-sized California banks and "confirmed receipt of the MasterCard notice, and said that all of the cars MasterCard alerted them about as cmopromised had been used for charges bering the notation "STATE OF CALIF DMV INT."

The DMV, who originally stated they would investigate, put out a statement at 6:44 Eastern Time on March 22, 2014, placing blame on the the third party credit card processing company.

The total amount of individuals potentially affected at this time is unknown. KrebsOnSecurity stated that they had received a list of more than 1,000 cards, from one bank, that were potentially exposed that included credit card numbers, expiration dates and three-digit security codes printed on the back.

 
Information Source:
Krebs On Security
records from this breach used in our total: 0

March 21, 2014 Castle Creek Properties, Inc./Rosenthal Wine Shop
Malibu, California
BSR HACK

Unknown

Castle Creek Properties Inc/ Rosenthal Malibu Estate notified customers of unauthorized access to computer systems used to process credit card transactions at their Rosenthal wine shop.

The unauthorized access may have compromised payment card data of visitors who used their cards for payment of items at the wine shop tasting room. Information compromised included names, addresses, payment card account numbers, card expiration dates and security codes.

The company is offering a complimentary one year membership of Experian ProtectMyID Alert. For those affected and wish to enroll in the services they are asked to call 1-310-899-8903.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 21, 2014 San Francisco Department of Public Health/Sutherland Healthcare Solutions
San Francisco, California
MED STAT

Unknown

San Francisco Health Network/San Francisco Department of Public Health has notified patients that their information may have been compromised as well, due to the recent theft of computers at Sutherland Healthcare Solutions. Sutherland is the third party billing company for the San Francisco Department of Public Health.

The information contained in the stolen computers included names, dates of birth, Social Security numbers, dates and location of services and names of insurance companies or payers.

The agency is providing one year of ID Experts. Anyone who was affected is encouraged to contact ID Experts with any questions and to enroll in the service by calling 1-866-486-4809 or by going to their website www.myidcare.com/idexpertshealthcareprotection. Documentation was sent to the affected parties that provided steps for enrollment and an access code for entry. Deadline to enroll is July 31, 2014

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 20, 2014 Marian Regional Medical Center
Santa Maria, California
MED DISC

Unknown

Marian Regional Medical Centers (Santa Maria and Arroyo Grande Campuses) notified patients of a data breach. A secured electronic file containing patients information was sent to a contracted health insurance plan in error. The health insurance plan notified the company immediately that they received the email in error.

The file included names, addresses, types of insurance, dates of birth, dates of service, types of laboratory tests and test results for dates of service between March 1 and March 6, 2014. The company has stated that the Social Security number was not included in the electronic file.

For those affected the company has asked questions or concerns to be directed to a toll free number 1-877-906-16031-877-906-1603.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 20, 2014 Auburn University
Auburn, Alabama
EDU HACK

Unknown

Auburn University notified individuals of a compromised server within the College of Business network. This incident could have resulted in unauthorized access to personal information including Social Security numbers and names. The investigation is ongoing and the University has reportedly patched the vulnerability in their system.

They have no evidence as of yet if any information was accessed or misused in any way. The University is offering a one year complimentary membership of Experian's ProtectMyID Alert.  For questions or concerns, affected parties should call 1-877-371-7902.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

March 18, 2014 Hickory Grove Gas Station
Vincent, Ohio
BSR HACK

100 reported, could go as high as 300

A local area gas station in Vincent Ohio off of Ohio 339 has a credit card breach and those affected are customers who recently used either debit or credit cards at the gas station. So far 100 people have reported fraudulent charges on their account that dates back to at least a month ago. Reports are saying that the number could go as high as 300 victims.

It appears hackers infiltrated the network that gas station and grocery store uses. The breach could have also potentially happened through the Kentucky-based credit card processing company they use. They have stopped accepting any credit or debit cards until a full investigation is completed.

Those who think they have been victimized are asked to call the Vincent Ohio Sheriffs Department.

 
Information Source:
Media
records from this breach used in our total: 100

March 18, 2014 Yellowstone Boys and Girls Ranch (YBGR)
Billings, Montana
MED PHYS

Unknown

The Yellowstone Boys and Girls Ranch which treats mental health issues for children and teens reported that a binder was lost or destroyed sometime in 2013. The binder contained information that included names, addresses, dates of birth, parents' names, programs and treatment professionals' information. They have stated that no financial or Social Security information was stored in this binder.

 
Information Source:
Health IT Security
records from this breach used in our total: 0

March 18, 2014 The Shelburne Country Store
Shelburne, Vermont
BSR HACK

Unknown

The Shelburne Country Store notified customers of a computer hack to their payment processing system, similar to reported attackes by other national retailers such as Target and Neiman Marcus.

The information compromised included names, addresses, credit or debit card numbers, expiration dates and verfication codes. They believe the breach occured between November 13, 2013 and January 6, 2014.  They are unclear as to how many purchases were affected.

The company has set up AllClear ID protect your identity for 12 months at no cost to those affected. They can either email support@allclearid.com or call 1-855-434-8077.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

March 18, 2014 IRS
, Pennsylvania
GOV INSD

20,000

A former emloyee of the IRS took home a computer thumb drive that contained personal information on 20,000 current and former employees and contractors. The information included Social Security numbers, names and addresses. The thumb drive was plugged into the employees unsecured network, which could have left the information vulnerable.

This incidence dates back to 2007 before the IRS stared using automatic encryption. The IRS will not comment why they did not discover this breach until now, or if the employee who used the thumb drive is still working at the IRS.

 
Information Source:
Media
records from this breach used in our total: 20,000

March 17, 2014 Service Coordination Inc.
Frederick, Maryland
MED HACK

9,700

Hackers infiltrated the computers of a state-licensed provider of services to developmentally disabled individuals. The information stolen included Social Security numbers and medical information for approximately 9,700 clients.

The non-profit learned of breach in late October 2013. The U.S Justice Department asked the non-profit organization to delay notification of the breach to allow for a federal investigation.

The investigation did lead to the alleged hacker and their equipment and accounts have been seized.

"Service Coordination is one of five private organizations licensed by the state's Developmental Disabilities Administration, an agency of the Maryland Department of Health and Mental Hygiene."

 
Information Source:
Media
records from this breach used in our total: 9,700

March 17, 2014 Arcadia Home Care and Staffing
Southfield, Michigan
MED INSD

Unknown

Arcadia Home Care/Arcadia Health Services, Inc. notified employess of unauthorized access of their files by an independent contractor for Arcadia by the name of Charles E. Symes, II and his new business Alegre.  Mr. Symes was previously authorized to use Arcadia's database, which contained personal information, but only for authorized purposes and access.

The company discovered Mr. Symes gaining unauthorized access to employee's personal information which included names, Social Security numbers, addresses, bank account information, California driver's license and other information.

The company believes the information was breached on or around January 2014 through March 1, 2014. For questions the company is asking those affected to call1-800-733-8427800-733-8427.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 17, 2014 ELightBulbs.com
Maple Grove, Minnesota
BSR HACK

Unknown

Elightbulbs.com is in a series of companies who have had security breaches due to exposure of ColdFusion weaknesses. The online company was contacted by Discover card alerting them to a pattern of fraudulent activity on cards that were recently used at their store. This is a similar incident to what happened with Smucker's. ELightbulbs.com was listed in the ColdFusion botnet panel.

The Vice President of the company, Paul McLellan said "he first learned of the breach on November 7, 2013 from his company's processor, Heartland Payment Systems". He also stated that "shortly before we were told by Heartland, we paid $6,000 a year for a company to brutalize our server, for protection and peace of mind. Turns out this flaw had existed for two years and they never saw it."

The FBI has stated that group responsible for the attack have also compromised much higher-profile targets as well.

 
Information Source:
Media
records from this breach used in our total: 0

Breach Total
930,526,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,427 DATA BREACHES made public since 2005
Showing 151-200 of 4427 results


X

Sign In!

Loading