Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
930,526,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,427 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
March 17, 2014 Kichlerlightinglights.com
New York, New York
BSR HACK

Unknown

KichlerLightingLights is another victim of the ColdFusion botnet. The company's owner Gary Fitterman stated "It was like being attacked by terrorists. When we learned what had happened, we immediately went into frenzy, spent a ton of money to get forensic experts to take a look."

The hacking gang used vunerabilities in Adobe's ColdFusion to build a botnet of hacked ecommerce sites, designed to bilk the customers credit card data, KichlerLightingLights was just another one of the ecommerce sites affected.

The various companies that have been affected all handled credit card processing on their site. Mr. Fitterman has now outsourced all of his credit card processing transactions to a third party company.

Experts state that if you run your own credit card processing you must be diligent about software updates.

 
Information Source:
Media
records from this breach used in our total: 0

March 17, 2014 Maryland Department of Health and Mental Hygiene
Baltimore, Maryland
GOV HACK

14,000

"The Department of Health and Mental Hygiene says hackers hit Service Coordination Incorporated of Frederick, which provides case management services to nearly 14,000 Maryland residents.

SCI,in a letter provided to WBAL News, indicates that its computers were hacked between October 20th and October 30th and that access was gained to confidential information.

That potentially includes names, social security numbers, medical assistance numbers, and other vital information, some shared with the Maryland Developmental Disabilities Administration".

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 14,000

March 14, 2014 Health Source of Ohio
Milford, Ohio
MED PHYS

8,800

Health Source of Ohio reported a breach of patients' personal information when a file containing specific data was accidentally made visible online. According to authorities the file was viewed 47 times.

The file included names, account numbers, addresses, phone numbers, Social Security numbers, birthdates, credit card numbers and limited healthcare information. According to the center not all patients information included financial or Social Security numbers. A specific number was not provided of the 8,800, who may have suffered a breach of their financial information or SSN.

Patients who were affected are advised to contact HSO at 1-800-495-7647

 
Information Source:
Media
records from this breach used in our total: 8,800

March 13, 2014 Silversage Advisors
Irvine, California
BSF PORT

Unknown

On February 20, 2014 Silversage Advisors notified customers of a theft of back-up computer drives from a secure offsite location used as part of the company's disaster recovery plan. The drives contained names, addresses, Social Security numbers, driver's license numbers and account information.

The company is providing one year of Breach Protector credit monitoring and identity theft restoration coverage. For those affected with question they are to call 1-888-969-7500.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 13, 2014 Detroit Medical Center-Harper University Hospital
Detroit, Michigan
MED INSD

1,087

A former Detroit Medical Center-Harper University Hospital employee was found with the personal information of 1,087 patients by West Bloomfield police. The documents included patients health information, names, dates of birth, reasons for patient visits and Social Security numbers.

When the hospital learned of the breach they immediately revoked the employee's access to its computer systems and all of the Detroit Medical Center hospitals.

For patients that were affected they can call 1-855-830-9731 with questions.

 

 

 

 
Information Source:
Media
records from this breach used in our total: 1,087

March 12, 2014 UCSF Family Medicine Center at Lakeshore
San Francisco, California
MED STAT

9,986

UCSF Family Medicine Center at Lakeshore notified patients of a theft of desktop computers that were unencrypted on or around January 11, 2014.  An immediate analysis of what information the computers obtained. On March 6, 2014 UCSF determined that some of the computers stolen contained Social Security numbers, names, dates of birth and medical record numbers, some only contained names, medical record numbers and health information.

Those who were affected were asked to contact UCSF/ID Experts by calling 1-888-236-02991-888-236-0299  Monday through Friday from 6 a.m to 6 p.m Pacific time. When calling individuals are asked to used Access Code: 59832

UPDATE (3/20.2014): The University of California at San Francisco is notifying 9,986 individuals who had information on the computers that were stolen from the UCSF Family Medicine Center at Lakeshore. The computers included information such as names, dates of birth, mailing addresses, medical record numbers, health insurance ID numbers and driver's license numbers. Of the 9,986 files, 125 of them also included Social Security Numbers. Credit monitoring is being offered to those whose Social Security numbers were affected.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 125

March 12, 2014 NoMoreRack.com
New York, New York
BSR HACK

Unknown

As reported by Krebs On Security, for the second time since August 2013, the "online retailer NoMoreRack.com has hired a computer forensics team after being notified by Discover about a potential breach of customer card data."

The Director of Business Development with company, Vishal Agarwal, has confirmed that they were approached by Discover Card in August of 2013, communicating that they were seeing fraudulent activity and the online retailer was the point of compromise.

As stated by Mr. Agarwal "they requested then that we go through a forensics audit, and we did that late October by engaging with Trustwave. Trustwave came out wtih a report at end of October saying there was no clear cut evidence that our systems had been compromised. There were a few minor bugs reported, but not conclusive evidence of anything that caused a leakage in our systems."

Discover reached out the company again in February to notify them that there was additional evidence of fraud associated with their online store from November 1, 2013 through January 15, 2014.

The company has again engaged Trustwave to complete another forensic audit and to also confirm that they are PCI compliant.

 
Information Source:
Media
records from this breach used in our total: 0

March 11, 2014 City of Hope
Duarte, California
MED STAT

Uknown

The City of Hope was informed by one of their vedors, Sutherland Healthcare Solutions, Inc. regarding a burglary that happened in one of their offices, where the thieves stole eight of their computers. Two of the computers contained City of Hope patient and patient guarantor information. Both computers were password protected. Sutherland Healthcare Solutions provides billing services for the City of Hope, who has since suspended their relationship with Sutherland.

The information on the computers contained Social Security numbers, names, addresses, phone numbers, medical record numbers, account numbers and/or diagnoses. Law enforcement is currently investigating the incident.

The City of Hope has secured the services of Kroll, a risk mitigation company, to provide identity theft protection at no cost for one year for those who may have been affected.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 11, 2014 Cornerstone Health Care
Hight Point, North Carolina
MED PORT

548

Cornerstone Health Care reported a laptop containing information for 548 patients was stolen from Cornerstone Neurology sometime between December 31, 2013 and January 6, 2014.

The laptop contained protected health information such as patient names, dates of birth, physician names and nerve conduction scan summaries. The laptop did not contain any addresses, billing information, or Social Security numbers. The laptop was not connected to their third party billing company or their electronic health records.

Since the theft the medical practice has revised its procedures and policies, retrained the staff on securing patient information and replaced locks on rooms with electronic medical devices.

 
Information Source:
Media
records from this breach used in our total: 0

March 11, 2014 Emory Dialysis Center, part of Emory Clinic
Atlanta, Georgia
MED PORT

826

An employee of Emory Dialysis Center, notified the center that his work laptop had been stolen out of his car on February 7, 2014.

The laptop was protected by a password but was not encrypted. The laptop contained information for 826 patients which included dates of services, blood flow test graphs, first and last names for approximately half of the patients, the rest were the patients initials. They center has stated that the laptop did not contain dates of birth, addresses, billing information or Social Security numbers.

HSM (Health Systems Management) who runs the clinic is now password protecting all laptops and encrypting patient information.

 
Information Source:
Media
records from this breach used in our total: 0

March 10, 2014 Statista
New York, New York
BSO HACK

50,000

Online statistics portal, Statista, notified customers of a data breach that occurred with their system. The breach was noticed when the company internally started receiving spam emails. The company investigated and approximately 50,000 of its customers username and password combination were compromised.

The company has not said whether or not the breach goes beyond access to username and passwords, but at present, this seems to be all that has been affected.

The company notified users almost immediately and assured them that the compromised passwords "cannot be used by third parties due to masking procedures".  The company did not encourage customers to change their passwords.

Experts are questioning how secure the passwords are for those that created accounts prior to December 2013 and have stated that "the passwords of those who signed up before this data were stored in the Statista database as MD5 hashes. As many experts will tell you, MD5 passwords can be easily cracked".

The main risk for those affected would be a higher incidence of spam and phishing emails, potentially impersonating Statista.

 
Information Source:
Media
records from this breach used in our total: 0

March 7, 2014 John Hopkins University
Baltimore, Maryland
EDU HACK

1,307

University officials at John Hopkins University announced a data breach of their Department of Biomedical Engineering's Design Team course web server. A hacker claiming to be part of the group Anonymous claimed credit for the hack.

The hackers made an attempt to extort the university out of server passwords, but the university did not comply with the request.

Officials at the university said that the server did not contain Social Security numbers, birth dates, credit card numbers or any financial data. The data the server did contain included employee data that is publicly available from the department's website. Those affected include any students from the BME department who were enrolled in the course from 2006 to this past fall. Approximately 1,307 individuals may have been affected.

There was a coding error that left the database vunerable was identified and fixed but not prior to the hackers infiltrating the system. The server was primarily used to produce the BME department's website. Although the breach happened late last year, it was not realized until someone posted on Twitter in January that the server was open to attack.

 
Information Source:
Media
records from this breach used in our total: 0

March 6, 2014 North Dakota University
Bismarck, North Dakota
EDU HACK

290,780

North Dakota University System has notified individuals of a security breach of a computer server that stores personal information on students, staff and faculty.

On February 7, 2014 the server was hacked into and more than 209,000 current and former students and 780 faculty and staff had personal information stored on thus server that included names and Social Security numbers according to Larry Skogen, the Interim Chancellor.

The university has notified officials and has set up a website www.ndus.edu/data with information and is organizing a call center for questions from those who were affected.

Authorities have announced that "an entity operating outside the Unites States apparently used the server as a launching pad to attack other computers, possibly accessing outside accounts to send phishing emails"

 
Information Source:
Media
records from this breach used in our total: 290,780

March 6, 2014 Los Angeles County Department of Health/Sutherland Healthcare Solutions
Los Angeles, California
MED STAT

168,000

On February 5, 2014 Sutherland Healthcare Solutions, which provides patient billing and collection services for Los Angeles County was broken into and computers were stolen. Information that was stored on these computers included first and last names, Social Security numbers, billing information, dates of birth, addresses, diagnoses and other medical information.

Currently the breach is being investigated by authorities and the agency is offering credit monitoring services through ID Experts free for 12 months. To enroll in the free services by calling 1-877-868-92841-877-868-9284 or going to www.myidcare.com/securityandprotection.

UPDATE (3/7/2014): The Los Angeles County Department of Health and Human Services (DHS) announced recently that they will be notifying 168,000 patients of a data breach at Sutherland Healthcare Solutions. When originally reported the number of patients was not divulged.

UPDATE (5.27.2014):  The Los Angeles County Department of Supervisors voted on Tuesday to tighten and add current requirements for county computers and hard drives. Currently, all laptops are required to be encrypted and the vote on Tuesday now extends that requirement to all county departments’ computer workstation hard drives as well.  They also voted to have "all County-contracted agencies that exchange personally identifiable information and protected health information data with the County"  be encrypted as a requirement for any contract.

 
Information Source:
California Attorney General
records from this breach used in our total: 168,000

March 5, 2014 Sally Beauty Supply
Denton, Texas
BSR HACK

25,000

As reported by Krebs on Security, it appears that Sally Beauty Supply may be one of the latest victims of a string of credit card data breaches affecting their payment systems.

"On March 2, a fresh batch of 282,000 stolen credit and debit cards went on sale in a popular underground crime store.  Three different banks contacted by KrebsOnSecurity made targeted purchases from this store, buying back cards they had previously issued to customers".

The banks used a "common point of purchase" or "CPP" to determine where the cards were used over the same period of time. "Each bank independently reported that all of the cards (15 in total) had been used within the last ten days at Sally Beauty Supply locations across the United States".

The company had also detected some kind of intrusion into their network at or around the same time that the stolen card mapping or "CPP" dates that the banks found associated with Sally Beauty Supply. The company's initial investigation did not show any evidence that data was compromised at the store level. The company hired Verizon Enterprise Solutions for the initial and continued investigation.

UPDATE (3-17-2014): Sally Beauty has confirmed that the breach they suffered was due to hackers breaking into their network, stealing credit card data from stores. Originally the retailer would not confirm that they suffered a breach as they had no evidence that any credit card data was stolen. The company confirmed that "fewer than 25,000 records containing card present (track 2) payment card data have been illegally accessed on our systems and we believe have been removed." The company also states " As experience has shown in prior data security incidents at other companies, it is difficult to ascertain with certainty the scope of a data security breach/incident prior to the completion of a comprehensive forensic investigation. As a result, we will not speculate as to the scope or nature of the data security breach."

 
Information Source:
Media
records from this breach used in our total: 25,000

March 5, 2014 OANDA
New York, New York
BSF HACK

Unknown

OANDA informed customers of an unauthorized breach affecting some of their clients. On Monday March 3, 2014 a historical log of some payments received via PayPal (prior to 2007) was accessed. The company states that the incident did not impact any fxTrade services, client trades or funds.

The information accessed included named and email addresses. The company states that usernames or passwords for thier "fxPense" expense reporting tool may have been accessed. These accounts are not related to fxTrade. They are asking customers who registered for this service and use the same username and password on any other external websites, to change those passwords.

Upon learning of the breach, the company shut down access to the system and alerted the FBI, their regulators and relevant privacy offices of the breach.

For additional questions or concerns those who may have been affected can call their respective local office http://www.oanda.com/corp/contact/ or via frontdesk@oanda.com.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 5, 2014 Point Park University
Pittsburgh, Pennsylvania
EDU UNKN

1800

On Wednesday March 5, 2014 Point Park University in Pittsburgh Pennsylvania notified employees of a possible data breach that included names, home addresses, Social Security numbers, wage information, birthdates, bank accounts and routing numbers.

The Point Park President stated that as many as 1,800 employees could have been affected by this breach.

"The university was expecting a package from its payroll processing vendor Ceridian, but when the package arrived to campus it was missing all of the accompanying reports, according to an internal email obtained by the Pittsburgh Post-Gazette."

The university is working with authorities and an investigation has been launched. The law firm that represents the university is currently putting a letter together to those who were affected that will include call-center information and other services offered.

 
Information Source:
Media
records from this breach used in our total: 1,800

March 4, 2014 Smucker's
Orrville, Ohio
BSR HACK

Unknown

Smucker's announced a data breach to their Online Store, stealing customer data that could have included customer names, addresses, email addresses, phone numbers, credit card or debit card numbers, expiration dates, and verification codes.

The hackers utilized a sophisticated malware that steals information from Web server applications. This particular malware obtains form data submitted by visitors as customers entered the data for the online checkout process.

These particular hackers look for weaknesses in either the end-users computer or weakensses in the Web server. If there is a weakenss in either one, that web session then becomes compromised and the hackers "suck down customer data post or pre-encryption (this all depends on whether the data was incoming or outgoing)".

KrebsOnSecurity noted "when a reader first directed my attention to the Smucker's breach notice, I immediately recalled seeing the cmopany's name among a list of targets picked last year by a criminal hacking group that plundered sites running outdated, vulnerable versions of ColdFusion, a Web applicatoin platform made by Adobe Systems Inc".

 
Information Source:
Media
records from this breach used in our total: 0

March 4, 2014 Eureka Internal Medicine
Eureka, California
MED PHYS

Unknown

Eureka Internal Medicine has notified patients of a potential security breach. It was discovered from September 25, 2013 until around October 9, 2013 that their janitorial service was mixing paper recycling containing patient information with the regular trash vs. moving it to the locked shredding bin.

As a result, the paper containing patient information ended up in the regular trash which was picked up and disposed of by the waste management company vs. being secured in the locked bin for pick up for secure shredding.

Information that may have been in the regular trash bins could have included full names of patients, Social Security numbers, insurance plan information and medical information.

Anyone who is potentially affected by the breach and has questions may call the representing attorney's office at 1-888-233-2305.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 4, 2014 Assisted Living Concepts, LLC
Chicago, Illinois
MED HACK

Unknown

Assisted Living Concepts LLC has notified current and former employees of a potential data breach regarding their payroll records and an unauthorized third party access of this data.

Assisted Living Concepts utilizes an external vendor that provides them with payroll services. On February 14, 2014, the payroll vendor notified the facility of evidence of unauthorized third party access to their payroll information.

The company launched an investigation and discovered evidence of this unauthorized access that obtained access to their vendor user credentials and access to the vendor's systems, which contained payroll files for current and former employees.

The FBI and IRS have advised the company that they believe the personal information accessed may be used by criminals to file faudulent tax reutrns. The IRS is encouraging anyone who might have been affected by this unauthorized access file their tax return as soon as possible. Those affected can also call the IRS Identity Protection Specialized Unit at 1-800-908-44901-800-908-4490  with any questions.

 

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

March 4, 2014 Capital One
Salt Lake City, Utah
BSF INSD

Unknown

Capital One has sent notification to customers regarding a possible breach to their personal information. They discovered that a former employee of the company may have improperly accessed customer accounts, which could have been linked to unauthorized transactions.

The information accessed included names, account numbers, SOcial SEcurity numbers, payment information and other account information. The credit card company has notified law enforcement of the breach.

The company is also offering one year of Equifax's Credit Watch GOld with 3-in-1 Monitoring by February 28, 2014 for those that may have been affected.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

March 3, 2014 Various Taxi Cab Companies in Chicago
Chicago, Illinois
BSO HACK

466

In an unprecedented move, First American Bank made a public announcement regarding fraudulent activity they were seeing on both credit and debit cards of customers with their bank specifically related to cab rides in the city of Chicago.

The bank is urging both residents and tourists to avoid paying for their cab rides with either debit or credit cards. The ongoing breach appears to be related to the card processing systems used by a significant amount of taxis in the city of Chicago.

The bank has reported the breach to MasterCard. They have also reached out to Banc of America Merchant Services and Bank of America, the payment processors for the affected payment systems within the affected taxi cab companies. First American Bank is urging that Banc of America Merchant Services and Bank of America discontinue payment processing for the taxi companies who have been targeted in this breach. So far, neither entity is commenting on the breach or appear to be haulting the processing services.

 

 
Information Source:
Media
records from this breach used in our total: 0

March 3, 2014 City of Detroit
Detroit, Michigan
GOV HACK

1,700

The City of Detroit announced a security breach that affected files of approximately 1,700 city employees. Apparently the breach occured when an employee clicked on a software link that contained malicious software that released a code that froze access to numerous files.

The files included names, birth dates and Social Security numbers of current and former city employees. A city spokesperson communicated that it didn't appear that the malicious code gained access to the information in the files, however the city is taking all necessary steps to mitigate any damage.

 
Information Source:
Media
records from this breach used in our total: 1,700

March 1, 2014 Managed Med, A Psychological Organization
Los Angeles, California
MED UNKN

Unknown

Managed Med, A Pschological Corporation has notified the California Attorney Generals office of a data breach with their system. Currently they have not communicated what information was involved in the breach, the dates or how many people were affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 28, 2014 Sears
Hoffman Estates, Illinois
BSR HACK

Unknown

Sears announced that the Secret Service is investigating Sears Holdings Corporation as a target of a similar security breach that hit Target and Neiman Marcus toward the end of 2013.

Sears spokesperson, Howard Riefs in an emailed statement stated "there have been rumors and reports throughout the retail industry of security incidents at various retailers, and we are actively reviewing our systems to determine if we have been a victim of a breach,” additionally,  “we have found no information based on our review of our systems to date indicating a breach.” said Riefs.

 
Information Source:
Media
records from this breach used in our total: 0

February 28, 2014 80's Tees
Mt. Pleasant, Pennsylvania
BSR HACK

3,503

80sTees.com, Inc. announced a data breach that was much larger than originally thought. The online retailer originally reported the breach in April of 2013 to customers whose credit card numbers had been used fraudulently. Since that time, the retailer's investigation uncovered that the scope of the exposure to customer credit card information was larger than originally believed.

The company has notified any customer who used the site from June 3, 2012 through April 30, 2013 that their credit card may have been used fraudulently. 

Originally the company was contacted by Discover Card requesting an investigation due to some unauthorized charges experienced by Discover cards customers. The company completed their own investigation and on February 27, 2013 learned that a small number of Visa customers had also experienced unauthorized charges. On March 6, 2013 Mastercard also contacted the company regarding fraudulent charges against their credit card holders.

The company hired a forensic investigator who discovered that the company had been a victim of a cyber attack that gained access to and installed malware on their website server in eary June 2012. Their anitvirus and malware scans did not detect the malware.

April 3, 2013 the company notified approximately 3,503 customers of the breach. This is the amount that was reported to the company by the credit card companies. 

On April 22, 2013, the company received a report from the forensic investigator that 2,598 credit cards were compromised.

On April 30, 2013 the company received calls from two customers stating that their cards had been compromised. The company investigated those customers' complaints and reported the issue to the Secret Service. The Secret Service asked the company to not provide any additional notice until their investigation had been completed.

The Secret Service investigation uncovered that the hackers had set up an unauthorized email account that captured the company's credit card transactions without their knowledge. The Secret Service could not definitely say who the hacker or hackers were. Based on the information the company received, they believed it to be a former high level employee who has since died.

 

 

 

 
Information Source:
California Attorney General
records from this breach used in our total: 3,503

February 27, 2014 L.A Care Health Plan
Los Angeles, California
MED DISC

Unknown

Los Angeles Care Health Plan notified customers of a data breach to their system. Customers were informed that a processing error occured in their system that may have involved accidental disclosure of their information. They were made aware of an issue in their payment portal that allowed one member to see another members name, address and member identification number.

Upon learning about the breach, they temporarily disabled the payment portal and reassigned new membership ID's to those members affected.  The disclosures took place  from January 22, 2014 through January 24, 2014. The breach is being blamed on a manual processing error which has now been corrected.

They are stating that the information was limited to member name, address and member identification number and did not include any other information, such as Social Security number, Driver's License number, or financial account numbers.

The company has requested those affected either email L.A Care's Privacy Office at PrivacyOfficer@lacare.org or by telephone 1-855-270-2327 or a letter to 1055 West 7th Street, 10th Floor, Los Angeles, CA 90017.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 27, 2014 Oak Associates Funds
Boston, Massachusetts
BSF PORT

Unknown

Boston Financial Data Services notified customers of a dta secccurity incident that occurred between January 23 to January 27, 2014 that may have involved customer personal information.

The incident involved the theft of a company electronic device. The device contained a data file that had certain Oak Associates Funds records. This file may have contained names, addresses, email addresses, phone numbers, Social Security numbers, and certain account information, which may have included numbers, shares, balances, set-up dates, and contact instructions.

The company has notified authorities and an investigation is underway. The company is offering one year of Experian's ProtectMyID Alert. Those affected can enroll in the program by visiting the Experian ProtectMyID website at www.protecmyid.com/redeem or by calling 1-877-371-7902. An activation code was supplied in the notification letter sent by the company.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

February 27, 2014 Eastern Alliance Insurance Group
Birmingham, Alabama
BSO INSD

23

Eastern Alliance Insurance Group utilized myMatrix  as the pharmacy benefits manager responsible for pharmaceutical claims associated with workers compensation benefits provided through policies issued by Eastern Alliance Insurance Group.

Based on an investigation by the company and federal law enforcement a former employee improperly accessed information on customers of Eastern Alliance Insurance Group. The information stolen included names and Social Security Numbers. They are claiming no credit card numbers were compromised.

The company is offering free credit monitoring and identity protection from First Watch Technologies. Thos affected can call Jeffrey P. Lisenby, General Counsel at 1-800-282-6242 or contact myMatrixx toll free at 1-888-770-5571.

 

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 23

February 26, 2014 Indiana University
Bloomington, Indiana
EDU HACK

146,000

Indiana University announced that the personal data of 146,000 students and graduates was breached. The information included their Social Security numbers and addresses and may have affected students and graduates from 2011 to 2014 at seven of its campuses.

According to the university "The information was not downloaded by an authorized individual looking for specific sensitive data, but rather was accessed by three automated computer data-mining applications, called webcrawlers, used to improve Web search capabilities."

The university also announced that the information was stored in an insecure location for the past 11 months. The site has since been locked down.

The university has set up a hotline 1-866-254-14841-866-254-1484 for students as well as a website http://bit.ly/1kbX505 with information on how to monitor credit accounts and answers to any additional questions regarding an individuals exposure. The university will also be providing the Social Security numbers of those affected to the three major credit-reporting agencies.

 
Information Source:
Media
records from this breach used in our total: 146,000

February 26, 2014 Apple
Cupertino, California
BSO HACK

Unknown

Apple has revealed a security protocol breach of their iOS and OS X systems. The hacker was able to insert him/herself between the initial verfication and verification session's destination server. This type of hacking allows the hacker to take over as the trusted user. The destination server sees the hacker as the trusted user and will then allow the hacker to access secured connections such as websites, email messages, applications where you would typically enter a user id and password.

 
Information Source:
Media
records from this breach used in our total: 0

February 26, 2014 The Variable Annuity Life Insurance Company
Amarillo, Texas
BSF INSD

774,723

Variable Annuity Life Insurance Company has announced a breach that occurred in 2007. The company just discovered the breach in November of 2013. The discovery led to a previous employee of the company in possession of information relating to some of their customers.  The information included customer names and either partial or complete Social Security numbers.

The company has stated that they know of no unusual activity involving the stolen files but have set up identity protection services for one year for the affected parties.

Call 1-713-831-6316 with questions.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 26, 2014 McKenna Long & Aldridge
Albany, New York
BSO HACK

441

McKenna Long & Aldridge (MLA) informed current and former employees of suspicious activity on servers belonging to one of their vendors. Information potentially breached included Federal Wage and Tax Statement Forms W-2, names, addresses, wages, taxes and Social Security numbers, dates of birth, ages, genders, ethnicities, Visa, Passport or Federal Form I9 documents numbers.

The law firm operates 15 offices throughout the United States and one in Korea and the data breach could have affected current and former employees in any of the 14 offices.

As a result of an investigation the information related to the current and former employees was accessed on November 28, 2013, December 11, 2013, and December 12, 2013. The breach was a result of malicious software placed on the vendors servers.

MLA is providing one year of credit monitoring and identity theft protection at no cost. Those affected must enroll by May 31, 2014 by calling 1-877-371-79021-877-371-7902  or visit the ProtectID website at http://www.protectmyid.com/redeem.

 

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 441

February 25, 2014 Mt. Gox- Worlds Largest Bitcoin Exchange
,
BSF HACK

Unknown

Tuesday, February 25, 2014 one of the largest Bitcoin exchanges in the world was hacked and 744,408 BTC (bitcoins) went missing, which is equivalent to $350 million dollars at todays trading prices.

MtGox publicly declared that "transaction malleability" was the reason behind the theft and reportedly the hackers went undetected for over 2 years. It has been reported they hackers detected a weakness in the "hot wallet"

This is not the first time Mt. Gox has been hacked. In 2011 the exchange was also infiltrated by hackers. Last year the U.S. authorities seized $5 million of the company's U.S. assets.

Mt. Gox has suspended all withdrawals and has shutdown its website.

 
Information Source:
Media
records from this breach used in our total: 0

February 21, 2014 Discover Financial Services
Salt Lake City, Utah
BSF CARD

Unknown

Discover Financial Services sent a notice to their card holders that they were replacing their current cards in wake of all of the retail data breaches. They stated this was not due to a breach of their own systems.

The card replacement specifically replaces the security codes on the back of the card withouth changing the card holders current account number.

They have stated to their members this was strictly a security measure on behalf of Discover Financial Services. No information was communicated in the letter that the members card had been compromised.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 20, 2014 Department of Resources, Recycling and Recovery
Sacramento, California
GOV DISC

Unknown

On January 23, 2014 a Human Resource Officer with the office of Resources, Recycling, Recovery notified individuals that an email went out mistakenly to numerous third parties associated with the agency.  These third party specialists were hired by the agency to assist in HR issues and are known to the agency as "Personal Liaisons".  The report that was mistakenly sent contained first initials, middle initials, last names and Social Security numbers.

The agency has contacted these third party liaisons asking them to immediately delete the email and shred any paper reports.

The company is also recommending anyone affected by the breach, place a fraud alert  with the credit agency's.

For those affected who have further questions, they should call Romana Herrera at (916) 341-6285.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 20, 2014 Alaska Communications
Anchorage, Alaska
BSR HACK

Unknown

Alaska Communications informed customers of a potential data breach on January 27, 2014. One of the company desktop computers was infected with a virus and subsequently sent data outside of their network. Possible personal information compromised could have included names, addresses, dates of birth, and Social Security numbers. The company stated they did not see any evidence of dependent, medical, or banking information that was compromised.

The company is offering 1 year of AllClear ID protection at no cost and can be reached at 8-1-866-979-2593 for both AllClear Secure and AllClear PRO services.

Any further questions or concerns about the incident there is more information at the company's website http://www.alaskacommunications.com/

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

February 19, 2014 University of Maryland
College Park, Maryland
EDU HACK

309,079

The University of Maryland, located in College Town Maryland, had one of their records databases hacked Tuesday January 18, 2014 around 4:00 a.m by an outside source.

This particular database holds information dating back to 1998 and includes names, Social Security numbers, dates of birth and university identification numbers for 309,079 people affiliated with the school at their College Park and Shady Grove campuses.

The hackers did not alter anything in the actual database, but apprarently have made a "copy" of the information. The university commented at how sophisticated the attack was by the hacker or hackers and they must have had a "very significant understanding" of how the database was designed and maintained, including the level of encryption and protection of the database.

According to the university President, school officials are investigating the breach and taking steps to prevent any further system intrusions.

The college has put out the following statements:

"The University is offering one year of free credit monitoring to all affected persons. Additinoal information will be communicated within the next 24 hours on how to activate this service.

University email communications regarding this incident will not ask you to provide personal information. Please be cautious when sharing personal information.

All updates regarding this matter will be posted to this website.  If you have any questions or comments, please call our special hotline at 301-405-4440 or email us at datasecurity@umd.edu".

 

 
Information Source:
Media
records from this breach used in our total: 309,079

February 15, 2014 Kickstarter
Greenpoint, Brooklyn, New York
BSO HACK

Unknown

The crowd-funding site, Kickstarter, was infiltrated by hackers who made off with user information including usernames, email addresses, mailing addresses, phone number and encrypted passwords.

The company has said that no credit card information was taken.

"Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one," the site said in a blog post, adding that "as a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password."

The company was made aware of the breach when contacted by law enforcement.  The company communicated that they "immediately closed the security breach and began strengthening security measures throughout the Kickstarter system." The site also said "no credit card data of any kind was accessed by hackers" and that "there is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts."

 
Information Source:
Media
records from this breach used in our total: 0

February 15, 2014 Blue Shield of California
San Francisco, California
BSO UNKN

Unknown

On January 15, 2014, Blue Shield of California received information that a transaction confirmation page on their website was displaying Agent ID numbers and in some cases those Agent ID numbers were the agent's Social Security number.

The website page shows billing, payment and other account information associated with an applicant/policyholder's Blue Shield account. Blue Shield uses the agent's name and agent ID number as a means of associating the agent with their client in order to facilitate record keeping and policy administration.  The transaction confirmation pages that display and agent's ID/SSN number were visible to those policy holders who applied and/or initiated payment of a current policy through Blue Shield's Website from December 20, 2013 and January 16, 2014.

It is unknown at this time if the exposed SSN's have been misused.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 14, 2014 Forbes.com
New York, New York
BSO HACK

Unknown

Forbes.com announced on their Facebook page February 14th, that they had been a target of a data breach by hackers.

They claim that "the email address for anyone registered with Forbes.com has been exposed Please be wary of emails that purport to come from Forbes, as the list of email addresses may be used in phishing attacks.  The passwords were encrypted, but as a precaution, we will strongly encourage Forbes.com readers to change their passwords on our system once we make sign-on available again".

 
Information Source:
Media
records from this breach used in our total: 0

February 14, 2014 Experian
Costa Mesa, California
BSF HACK

Unknown

Experian notified customers of a potential security breach of their information. Between January 30, 2014 and January 31, 2014 the nationwide credit agency noticed unauthroized access into consumer information without proper authorization using an Experian client's login information. The consumer information consists of information typically found in a consumer report. This information includes names, addresses, Social Security numbers, dates of birth, and account information.

For assistance or any question regarding this breach the agency has provided a toll free number, 800-232-8081 for an Experian representative.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

February 13, 2014 Zevin Asset Management LLC
Boston, Massachusetts
BSF INSD

Unknown

Zevin Assett Management LLC has notified customers of a potential security breach of their customers' data. In mid September 2013 a Zevin employee used an online service provider to host a document listing Zevin's usernames and passwords for certain custodian accounts. According to the company, two documents, one password protected and an inadvertent "test" version of the document that was neither password protected or deleted.

Both versions were accesible online (one through the use of a password and one without a password) and visible from September 2013 through December 30, 2013.

Possible information compromised included names, Social Security numbers, financial account numbers, and account holdings.

The company is offering 1 year free of credit monitering services and asked to contact Benjamin Lovell, President if they want the enroll in the service.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

February 12, 2014 Las Vegas Sands Hotels and Casinos
Las Vegas, Nevada
BSO HACK

Unknown

Las Vegas Sands recently launched an investigation into a security breach of several of their casino websites.  Both the Venetian and the Palazzo had the homepage of their websites hacked and there could be others.

Currently it is unknown if credit card information and/or customer data was compromised.

The hackers responsible for the breach posted employee information including email addresses and Social Security numbers, on the website for the Sands Casino Resort in Bethlehem. The hackers also posted an image of Sands Chairman and CEO Sheldon Adelson posing with the Israeli Prime Minister, Benjamin Netanyahu.

In additional to Las Vegas and Bethlehem, websites for casinos in Macau and Singapore were also hacked.

UPDATE (2/28/2014): Las Vegas Sands Casino released a statement that the attackers who breached the company website did compromise customer and employee data, which included Social Security numbers, driver's license numbers and a mailing database. The data breach affected customers at their location in Bethlehem Pennsylvania. They are currently investigating their additional locations to see if similar data was affected. Origininally the company had communicated that customer data was not affected.

 
Information Source:
Media
records from this breach used in our total: 0

February 11, 2014 Bank of the West
San Francisco, California
BSF UNKN

Unknown

Bank of the West notified individuals regarding a recent data breach that may have involved stolen personal information such as Social Security and driver's-license numbers.

The company sent letters and e-mails to anyone who applied for a job with the company before Dec. 19, the date the breach was discovered.

Currently they are not releasing any information as to the type of information breached or the timeframes the information may have beeen exposed.

"It could've been user name and pass code; it could've been more personal information like Social Security numbers, driver's license, date of birth," said Debra Jack, Bank of the West spokeswoman. "We don't have conclusive evidence that personal information was taken, but we sent those letters as a precaution."

The target of the breach was an online application system that had been retired earlier in 2013, the company disabled the affected servers and is now investigating with help from the FBI.


 
Information Source:
Media
records from this breach used in our total: 0

February 10, 2014 Freeman
Dallas, Texas
BSF DISC

Unknown

The company, Freeman, announced a data breach regarding employee W2 forms.  Some employees may have received a W2 form that belonged to another employee. The company announced that one of their vendors, ADP, who works with a large national vendor that mails all of ADP's W2's, has experienced an error in their technology.

A glitch in the mail vendors' technology caused the barcode to input the incorrect barcode on the envelopes. The US Postal Service and delivered based on the barcode, not the name or address shown on the envelope.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 10, 2014 Nielsen
New York, New York
BSO INSD

Unknown

Nielsen company announced that an undisclosed number of Nielsen Audio employees are being notified that their personal information including names and Social Security numbers may be at risk after an employee with their Human Resources department mistakenly sent out a mass email containing the data.

It is currently unknown how many employees were affected.

The Nielsen Audio employee mistakenly emailed a file containing the information to other Nielsen Audio employees, who then forwarded the email containing the file to others within the Nielsen environment. These employees were unaware of the contents of the file.

 
Information Source:
Media
records from this breach used in our total: 0

February 10, 2014 University of Miami Health System
Miami, Florida
MED PHYS

13,000

The University of Miami Health System (UHealth) notified patients of a data breach when an offsite storage vendor communicated that the records could not be located. The Health System, which is one of the largest health providers in Southern Florida, discovered the breach on June 27, 2013. They have just recently begun notifying patients of the breach.

The information in the missing files included patient names, dates of birth, physician names, insurance company names, medical record names, facility visited, procedures, diagnostic codes, and Social Security numbers.

More Information: http://blogs.miaminewtimes.com/riptide/2014/02/security_breach_at_jackso...

UPDATE (8/26/2014): The University of Miami Health System has agreed to a class-action settlement for the data breach that occurred in 2013 when records went missing from an offsite storage facility the medical system used.

Under the settlement agreement, the UHealth will be required to conduct various risk assessments, remediate any identified problems, and ensure vendors have adequate security controls in place. The agreement states that the university will pay $100,000 in individual claims, $90,000 in attorneys’ fees, and $1,500 to the named plaintiff that initiated the lawsuite. Both parties have asked the federal district court to approve the recently-filed proposed settlement agreement.  http://www.phiprivacy.net/wp-content/uploads/Carsten_proposedsettlement.pdf

 

 
Information Source:
Media
records from this breach used in our total: 13,000

February 8, 2014 Medtronic
Minneapolis, Minnesota
MED HACK

Unknown

It has been reported that Medtronic, the world's largest medical device maker's computer network  has been hacked sometime in the first half of 2013. It is not clear what type of information the hackers were targeting. Federal laws meant to safeguard medical information require companies to disclose any breach involving patient information, so far Medtronics has not made these disclosures.

The attacks point to Chinese hackers and the medical device company was not aware of the intrusions until federal authorities contacted them and they have now formed a task force to investigate the breach. A spokewoman for the medical device maker would not comment on any specific attacks.

 
Information Source:
Media
records from this breach used in our total: 0

February 8, 2014 Boston Scientific
Natick, Massachusetts
MED HACK

Unknown

It has been reported that Boston Scientific, a medical device maker's computer network  has been hacked sometime in the first half of 2013. It is not clear what type of information the hackers were targeting. Federal laws meant to safeguard medical information require companies to disclose any breach involving patient information, so far Boston Scientific has not made these disclosures.

Denise Kaigler, a Senior Vice President of Corporate Affairs with Boston Scientific stated "like many companies, Boston Scientific experiences attempts to penetrate our networks and systems and we take such attempts seriously. We have a dedicated team to detect and mitigate attacks when they occur as well as to implement solutions to prevent future attacks." Ms. Kaigler would not comment on the specifics of any attack, but described the media reporting as "inaccurate".

The attacks point to Chinese hackers and the medical device company was not aware of the intrusions until federal authorities contacted them and they have now formed a task force to investigate the breach.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

Breach Total
930,526,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,427 DATA BREACHES made public since 2005
Showing 201-250 of 4427 results


X

Sign In!

Loading