Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
932,729,111 RECORDS BREACHED
(Please see explanation about this total.)
from 4,478 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
January 7, 2015 Lokai
New York, New York
BSO HACK

Unknown

Lokai informed customers of a data breach to their system from July 18, 2014 to October 28, 2014 by hackers who gained access to their server that hosts their website. The hackers installed a program that was designed to record information entered by customers.

The information affected included names, addresses, payment card information, expiration dates, verification codes, and user name and passwords.

For those affected who have questions they can call 1-800-981-75711-800-981-7571 Monday through Friday between the hours of 9:00 a.m and 9:00 p.m. Eastern Time.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47853

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 6, 2015 NVIDIA Corporation
Santa Clara, California
BSO HACK

Unknown

NVIDIA Corporation suffered a data breach when hackers infiltrated their network and stole employee usernames and passwords.

The company is requesting that those affected change their password and be cautious of "phishing" emails that look like they are coming from a colleague or friend requesting sensitive information.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47824

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 5, 2015 Morgan Stanley
New York, New York
BSF INSD

350,000

An employee of Morgan Stanley stole customer information on 350,000 clients including account numbers. Additional information on what other information was captured has not yet been released. Files for as many as 900 clients ended up on a website.

The employee has since been fired and the bank is notifying all of the individuals affected and the FBI is currently investigating the incidence.

More Information: http://www.bloomberg.com/news/print/2015-01-05/morgan-stanley-fires-empl...

 
Information Source:
Media
records from this breach used in our total: 0

January 2, 2015 Chic-Fil-A
Atlanta, Georgia
BSO HACK

Unknown

Chic-Fil-A has announced they are investigating a possible data breach to their payment card system. They have not released any details as to the reality of the breach, however, many experts are predicting it could be extensive.

The restaurant chaind operates over 1,850 stores nationwide. Suspicious activity on their payment systems and a report provided to the on December 19, 2014 as to suspicious activity, prompted the company to launch an investigation.

Additional information will be posted as soon as information is available.

More Information: http://www.eweek.com/security/chick-fil-a-may-be-the-latest-retail-data-...

Fast food restaurant chain Chick-fil-A could well be the first retail breach to be publicly confirmed in 2015. Chick-fil-A released a public statement on Jan. 2, confirming that it is investigating a possible data breach at its restaurants. While Chick-fil-A's statement was issued on Jan. 2, the company admitted that it received a report about a potential breach on Dec. 19. After the report was received, Chick-fil-A  indicated that it launched an investigation to determine what had occurred. "The initial report was of potential suspicious activity involving payment cards at a few restaurants," Chick-fil-A stated. "Our investigation is ongoing and we will update as we are able to do so." Chick-fil-A reported 2013 sales of more than $5 billion and has over 1,850 locations, including both stand-alone restaurants and mall locations.  - See more at: http://www.eweek.com/security/chick-fil-a-may-be-the-latest-retail-data-breach-victim.html#sthash.JLp7Xcee.dpuf
Fast food restaurant chain Chick-fil-A could well be the first retail breach to be publicly confirmed in 2015. Chick-fil-A released a public statement on Jan. 2, confirming that it is investigating a possible data breach at its restaurants. While Chick-fil-A's statement was issued on Jan. 2, the company admitted that it received a report about a potential breach on Dec. 19. After the report was received, Chick-fil-A  indicated that it launched an investigation to determine what had occurred. "The initial report was of potential suspicious activity involving payment cards at a few restaurants," Chick-fil-A stated. "Our investigation is ongoing and we will update as we are able to do so." Chick-fil-A reported 2013 sales of more than $5 billion and has over 1,850 locations, including both stand-alone restaurants and mall locations.  - See more at: http://www.eweek.com/security/chick-fil-a-may-be-the-latest-retail-data-breach-victim.html#sthash.JLp7Xcee.dpuf
 
Information Source:
Media
records from this breach used in our total: 0

December 29, 2014 LeapLab
,
BSO INSD

Unknown

LeapLab is being sued by the Federal Trade Commission for purchasing "payday loan applications of financially strapped consumers, and then sold that information to marketers whom it knew had no legitimate need for it".

In another FTC case, Ideal Financial Solutions, used this information sold to them to withdraw millions of dollars from individual accounts without permission.

More Information: http://krebsonsecurity.com/2014/12/payday-loan-network-sold-info-to-scam...

 
Information Source:
Krebs On Security
records from this breach used in our total: 0

December 26, 2014 Sony PlayStation
New York, New York
BSO HACK

Unknown

PlayStation and xBox networks over the holiday season. A group calling itself "LizardSquad" hacked both gaming networks on Christmas Day. 

According to the group and KrebsOnSecurity, "various statements posted by self-described LizardSquad members on their open online chat forum - chat.lizardpartrol.com - suggest that these misguided individuals launched the attack for no other reason than because they thought it would be amusing to annoy and dissapoint people who received new Xbox and Playstation consoles as holiday gifts"

More Information: http://krebsonsecurity.com/2014/12/cowards-attack-sony-playstation-micro...

 
Information Source:
Krebs On Security
records from this breach used in our total: 0

December 26, 2014 Microsoft xBox
Redmond, Washington
BSO HACK

Unknown

Microsoft Xbox Live networks were hacked by a group called "LizardSquad", preventing users from playing games over the holiday.

The assault was a DDoS attack (distributed denial-of-service) which "harness the Internet connectivity of many hacked or misconfigured systems so that those systems are forced to simultaneously flood target network with junk Internet traffic. The goal, of course, is to prevent legitimate visitors from being able to load the site or use the service under attack."

More Information: http://krebsonsecurity.com/2014/12/cowards-attack-sony-playstation-micro...

 
Information Source:
Krebs On Security
records from this breach used in our total: 0

December 24, 2014 Boersma Bros.LLC/dba DutchWear
Grants Pass, Oregon
BSR HACK

Unknown

Boersma Brothers, dba DutchWear suffered a databreach when their website was breached exposing the payment information for customers from November 7 and December 6, 2014.

The information compromised included names, addresses, phone numbers, credit card numbers, expiration dates, and credit card security codes.

The company has set up a toll-free help line for customers at 1-844-835-8656 from 8 a.m. and 4 p.m PST, Monday through Friday.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47840

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 24, 2014 Corday Productions, Inc.
Burbank, California
BSO HACK

Unknown

Corday Productions, Inc. has payroll administered by Sony Pictures Entertainment. As part of the Sony breach, Corday Production Inc.'s employees, independent contractors or employees of contractors providing services to Corday may have had personal information compromised.

The incident is still under investigation as part of the larger Sony investigation. Corday is offering AllClear ID to those who may have been affected. They can be contacted at 1-855-434-80771-855-434-8077  or https://www.allclearid.com/

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47852

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 23, 2014 Rob Kirby, CPA
Santa Rosa, California
BSO PORT

Unknown

Rob Kirby CPA notified customers of a data breach when the car he was driving was broken into and his briefcase, a password protected laptop and flash drive containing confidential client information was stolen.

The information stolen included tax returns for current and previous years, copies of supporting documents associated with the returns, including names, addresses, birth dates, and Social Security numbers for clients, spouses, and dependents.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47844

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 23, 2014 Public Architecture/theonepercent.org
San Francisco, California
BSO HACK

Unknown

On December 8th, 2014 Public Architecture, theonepercent.org, was breached when a hacker broker through the sites security protocols and firewalls to put up a brag page touting his success in hacking. 

The hacker deleted files that affected the operation of the site, and possibly stole usernames, passwords, and contact information.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47847

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 12, 2014 Acosta Sales and Marketing
Jacksonville, Florida
BSO PORT

Unknown

Acosta, Inc. and its subsidiaries (Mosaic Sales Solutions US Operating Co. LLC) informed customers of a data breach when an employee of their Human Resources department had a laptop containing personal information stolen from their car on November 11, 2014.

For those affected, the company has set up a toll free number to assist with questions at 1-877-237-49711-877-237-4971  Monday through Friday 9:00 a.m to 7:00 p.m Eastern Standard Time. The reference number to the incident is #5316120814.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47713

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 12, 2014 University of California Berkeley
Berkeley, California
EDU HACK

Unknown

The University of California Berkeley has notified individuals of a data breach in their Real Estate Division that resulted in unauthorized access to servers used to support a number of Real Estate programs and work stations. 

These workstations contained files that included some personal information. The investigation of the hacking showed that these servers were breached in mid-to late September.

The personal information included names, Social Security Numbers, credit card numbers and driver's license numbers.

The university is offering identity theft protection and fraud resolution through ID Experts for free for one year. For those affected call 1-877-846-63401-877-846-6340  Monday through Friday from 6 a.m to 6 p.m Pacific Time or go to www.myidcare.com/ucbinfo.

 

 

 

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47717

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 11, 2014 Emcor Services Mesa Energy Systems
El Cajon, California
BSO PORT

Unknown

Emcor Services Mesa Energy Systems notified individual of a data breach when a company laptop was stolen that contained customers personal information.

The information contained on thelaptop included names, Social Security numbers, dates of birth, dates of hire, addresses, salaries, gender and ethnicity. The theft occurred on or around November 25, 2014.

The company is offering the services of Kroll for one year at no cost. For those who were affected they can call 1-866-775-42091-866-775-4209  from 8:00 a.m to 5 p.m Central Time, Monday through Friday.

For those with questions for the company can call Mike Cook at 1-949-460-46051-949-460-4605.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47705

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 11, 2014 ABM Parking Services
St. Louis, Missouri
BSO HACK

Unknown

ABM Parking Services notified customers of a data breach when the point of sale software system implemented by Datapark USA Inc, a third party vendor for several Chicago, Illinois parking facilities was hacked. The information was compromised from October 6, 2014 through October 31, 2014.

The hackers were able to compromise certain customer credit and debit card information, including payment card numbers.

A toll-free information line has been made available for those affected. Customers can call 1-877-238-37901-877-238-3790. The company is offering one year free of Experian's ProtectMyID Elite for those affected.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47710

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 9, 2014 Charge Anywhere LLC
South Plainfield, New Jersey
BSF HACK

Unknown

The electronic payment provider Charge Anywhere has notified individuals of a data breach of their networks when an unauthorized person(s) installed "sophisticated malware" that allowed the hackers to "capture segments of outbound network traffic" as the company has explained in a statement released December 9, 2014.

The information captured included customer names, card numbers, expiration dates and verification codes of debit/credit cards.

The company stated that transactions completed from August 17, 2014 through September 24, 2014 were compromised. However, information as far back as November 5, 2009 could have been captured as well.

"The incident is the latest reminder of what happens to businesses that handle credit card data and other sensitive information and yet fail to full encrypt the data as it traverses their network. The company has provided a searchable list of merchants who may have been affected by the breach."

More Information: http://krebsonsecurity.com/2014/12/unencrypted-data-lets-thieves-charge-...

 
Information Source:
Krebs On Security
records from this breach used in our total: 0

December 6, 2014 WellCare Health Plans
Monroe County, New York
MED DISC

47

500 Monroe County residents were notified by WellCare Health of disclosure of some of their personal information when their Medicare records were "mishandled" by a sub-contractor for the insurer.

The insurers vendor had an error in their computer coding causing denial letters to be sent to the wrong members. The information on the letters included names, addresses, member ID numbers and general descriptions of the procedure. According to the insurer, no Social Security numbers or financial information was disclosed in the letter.

Subscribers with questions can call WellCare at (888) 240-4946(888) 240-4946.

More Information: http://www.democratandchronicle.com/story/news/2014/12/06/wellcare-medic...

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 5, 2014 Bebe Retail
Brisbane, California
BSR HACK

Unknown

Bebe Stores have notified customers of a data breach to their point of sale systems that took place last month for several weeks. The goal of the hackers was to obtain payment card information. The hacking took place between November 8, 2014 and November 26, 2014

The retailer is not stating how many cards were affected and the breach is currently being investigated by forensic IT specialists.

Bebe has more than 200 stores that could have been affected.

 

More Information: http://fortune.com/2014/12/05/bebe-data-breach/

 
Information Source:
Media
records from this breach used in our total: 0

December 2, 2014 Dallas Fire-Rescue
Dallas, Texas
MED PORT

Unknown

Dallas Fire-Rescue had several laptops containing patient information come up missing from several of their ambulances.

"According to the city, those computers disappeared between January 1, 2011, and August 29, 2014. The city’s release did not say how many laptops were unaccounted for — or how they disappeared. Messages have been left for Sana Syed, the city’s spokesperson."

No specific information was provided as to what information was in the files. For those patients who have questions can call the Dallas Fire-Rescue EMS staff at (844) 532-5527.

More Information: http://cityhallblog.dallasnews.com/2014/10/dallas-warns-that-small-numbe...

 
Information Source:
Media
records from this breach used in our total: 0

December 1, 2014 American Residuals and Talent Inc.
Los Angeles, California
BSO HACK

Unknown

American Residuals and Talen Inc, dba ART Payroll, a specialized payroll company for the entertainment, advertising and events production industry, notified customers of a breach to their system when hackers infiltrated their servers and obtained personal information.

The information included names, addresses, dates of birth, Social Security number, email addresses, phone numbers, ART account numbers, bank account information, ART account user ID and password.

The company is providing ProtectMyID for 1 year at no cost to those who were affected. For questions call 1-877-297-7780.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47623

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 1, 2014 Highlands-Cashier Hospital
Highlands, North Carolina
MED DISC

25,000

Highlands-Cashier hospital in North Carolina informed patients of a data breach to their servers that contained patient data. The disclosure of the data was due to an error by one of their third party vendors, TruBridge a subsidiary of Computer Programs and Systems, Inc. when they were contracted to complete some specialized computer services.

A data security screening caught the disclosure on September 29, 2014 that exposed patient information between May 2012 through September 2014.

The information exposed included patient names, addresses, dates of birth, treatment information, diagnosis, helath insurance information and Social Security numbers. All of this information could be accessed via the Internet.

For those who might have been affected you can call 1-888-227-14161-888-227-1416  Monday through Friday between 9:00 a.m and 9:00 p.m Eastern Time.

More Information: http://www.phiprivacy.net/highlands-cashiers-hospital-discovers-patient-...

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 25,000

November 28, 2014 University Hospitals
Cleveland, Ohio
MED INSD

692

University Hospital has informed 692 patients of that their personal information has been compromised. An employee of the hospital had been accessing the personal information of patients for over 3 years. The employee has been dismissed.

The information this person accessed included names, addresses, phone numbers, email addresses, medical and health-insurance account numbers, financial information including debt/credit card information and Social Security numbers.

Those with additional questions or concerns can call (866) 329-5860

More Information: http://www.cleveland.com/metro/index.ssf/2014/11/uh_employee_gained_impr...

 
Information Source:
Media
records from this breach used in our total: 692

November 26, 2014 Shutterfly/Tiny Prints/Treats/Wedding Divas
Redwood City, California
BSO HACK

Unknown

Tiny Prints, Treat and Wedding Paper Divas, owned by Shutterfly Inc. notified customers of a data breach to their online system by hackers. The hacking may have exposed customer usernames and passwords. The company is urging customers to change all usernames and passwords to each site.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47602

 

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

November 25, 2014 Texas Health and Human Services
Houston, Texas
GOV DISC

2 million

The Texas Health and Human Services department discovered a data breach it appears by "chance" after terminating their relationship with Xerox Corporation.

"In August, after the transition to a new Medicaid vendor, the Texas commission filed a lawsuit against Xerox, alleging that the contractor had failed to turn over computer equipment, as well as paper records, containing Medicaid and health information for 2 million individuals, "putting the state out of compliance with federal regulations and at risk of massive federal fines," says a statement issued by Texas HHSC in August."

The Texas Health and Human Services department has notified individuals of the data breach communicating that their information may have been compromised. The information includes "Medicaid clients' names, birthdates, Medicaid numbers, and medical and billing records related to care provided through Medicaid, such as reports, diagnosis codes and photographs."

More Information: http://www.govinfosecurity.com/breach-reported-after-vendor-dispute-a-7605

 

 
Information Source:
Media
records from this breach used in our total: 0

November 25, 2014 State Compensation Insurance Fund
Pleasanton, California
GOV HACK

Unknown

The State Compensation Insurance Fund, a state agency that provides workers compensation insurance to businesses informed customers of a data breach when one of their brokers suffered a data breach to their system.

Lucy Gomez Blankley Interpreting Inc., a provider of Stat Fund was the victim of a computer hack that resulted in theft of emails in which contained information regarding patient workers compensation claims.

The specific information included names, addresses, phone, Social Security Number, dates of birth and workers compensation claim number.

The agency is providing one year free of Experian ProtectMyID services to those who were affected. Those with questions can call 1-877-220-1388,

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47592

 
Information Source:
California Attorney General
records from this breach used in our total: 0

November 25, 2014 Godiva Chocolatier Inc.
New York, New York
BSR PORT

Unknown

Godiva notified employees of the company of a data breach when a Human Resources employee, who was traveling to retail sites, had a briefcase stolen from a car. The briefcase contained a lap top that had employee information on it. The lap top was not encrypted.

The information included names, addresses, Social Security numbers and drivers license numbers.

The company is providing Experian ProtectMyID Alert for 12 months for free. For questions call 1-866-328-1993 Monday through Friday 6:00 a.m to 6:00 p.m Pacific time.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47593

 
Information Source:
California Attorney General
records from this breach used in our total: 0

November 24, 2014 Sony Pictures
New York, New York
BSO HACK

47,000

Sony Pictures Entertainment has suffered a data breach when hackers posted threatening messages on company computers.

According to a report the threat "began with a skull appearing on screens, and then a strangely ominous message telling users they’d been hacked by something called #GOP. It gets more bizarre as the message claims this is just the beginning and then threatens to release documents by 11 PM this evening."

The company has completely shut down all email communications and employees are not allowed to use company computers while the entertainment giant works through where and what the threat is and if it is real. The original threat did not give specifics or communicate any kind of "ransom" for the data that had supposedly been hacked.

More Information: https://deadline.com/2014/11/sony-computers-hacked-skull-message-1201295...

 

UPDATE (12/5/2014): A data security analyst has discovered information leaked by the hacker (s) goes beyond what was originally reported.

According to the security company Identity Finder, showed that leaked files included vast amount of personal data on "more than 47,000 celebrities, freelancers, and current and former Sony employees".

"An analysis of 33,000 leaked Sony Pictures documents by data security software firm Identity Finder showed that the leaked files included the personal information, salaries and home addresses for employees and freelancers who worked at the studio. Some of the celebrities include Sylvester Stallone, director Judd Apatow and Australian actress Rebel Wilson, according to the Wall Street Journal, which first reported on the analysis".

Additional information such as contracts, termination dates, termination reason and other data was also leaks. Unfortunately these files were in Excel format without any password protection.

More Information: http://www.cnet.com/news/sony-hack-said-to-leak-47000-social-security-nu...

UPDATE (12/16/2014): "Sony Pictures Entertainment has been sued by two self-described former employees who accuse the movie studio of failing to protect Social Security numbers, healthcare records, salaries and other data from computer hackers who attacked it last month.

 

The proposed class action lawsuit against Sony Corp's studio was filed on Monday in federal court in Los Angeles. It alleges that the company failed to secure its computer network and protect confidential information."

More Information: http://www.reuters.com/article/2014/12/16/sony-cybersecurity-classaction...

 
Information Source:
Media
records from this breach used in our total: 47,000

November 17, 2014 US State Department
Washington, District Of Columbia
GOV HACK

Unknown

The US State Department shut down one of its computer networks when it was believed to have been hacked. Experts believe this is related to the breach to the White House's unclassified computer network.

On Monday Jeff Rathke, a State Department spokesperson said "the department had recently detected "activity of concern" in portions of the system handling non-classified emails, and the weekend maintenance included security improvements responding to the breach."

More Information: http://phys.org/news/2014-11-state-dept-hacked-email.html#inlRlv

on Monday, Rathke said the department had recently detected "activity of concern" in portions of the system handling non-classified emails, and the weekend maintenance included security improvements responding to the breach.

Read more at: http://phys.org/news/2014-11-state-dept-hacked-email.html#jCp
on Monday, Rathke said the department had recently detected "activity of concern" in portions of the system handling non-classified emails, and the weekend maintenance included security improvements responding to the breach.

Read more at: http://phys.org/news/2014-11-state-dept-hacked-email.html#jCp
 
Information Source:
Media
records from this breach used in our total: 0

November 14, 2014 Seattle Public Schools
Seattle, Washington
EDU DISC

8,000

The Seattle Public School District announced in a letter to parents Thursday about a data breach that involved their children's information.

"Late Tuesday night Seattle Public Schools learned that a law firm retained by the district to handle a complaint against the district inadvertently sent personally identifiable student information to an individual involved in the case. The district promptly removed the law firm from the case and is working to ensure that all improperly released records are retrieved or destroyed."

Over 800 special education students were involved in a breach. The information involved in the breach included their names, addresses, student identification numbers, test scores and disabilities.

More Information: http://www.king5.com/story/news/local/seattle/2014/11/14/seattle-public-...

 
Information Source:
Media
records from this breach used in our total: 0

November 14, 2014 Cone Health
Greensboro, North Carolina
MED DISC

2,076

Cone Health notified patients to a data breach when after letters sent from one of its facilities were addressed to the wrong patients.

The information on 2,076 patients included names, Social Security numbers, dates of birth and insurance information.

More Information: http://www.wfmynews2.com/story/news/local/2014/10/09/cone-health-admits-...

 
Information Source:
Media
records from this breach used in our total: 2,076

November 14, 2014 Reeve-Wood Eye Center
Chico, California
MED UNKN

Unknown

The Reeve-Wood Eye Center reported a data breach to the California Attorney General's office. No specific details were provided as to the scope of the breach, type of breach or individuals affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

November 13, 2014 U.S. Weather System
Washington, District Of Columbia
GOV HACK

Satellite systems that forecast weather

Officials from the National Oceanic and Atmospheric Administration (NOAA), which includes the National Weather Service, have notified officials of a data breach to the National Weather Service's satellite network.

Reports are stating "hackers from China breached the federal weather network recently, forcing cybersecurity teams to seal off data vital to disaster planning, aviation, shipping and scores of other crucial uses, officials said."

It appears the system was affected in September, but officials did not communicate that there was a problem until late October. an NOAA spokesman Scott Smullen did confirm that there were hacks and communicated that "incident response began immediately".

More Information: http://www.washingtonpost.com/local/chinese-hack-us-weather-systems-sate...

 

 
Information Source:
Media
records from this breach used in our total: 0

November 12, 2014 Onsite Health Diagnostics
Dallas, Texas
MED HACK

60,582

Dallas-based Onsite Health Diagnostics, a third party contractor with state of Tennessee,  who completes medical testing and health screenings for various government insurance plans has suffered a data breach. The company discovered hackers had gained access to a computer system that houses personal information for members of the Tennessee's State Insurance Plan, Local Government Insurance Plan and Local Education Insurance plan.

The information affected in the breach included health benefit member names, dates of birth, addresses, emails, phone numbers and gender.

More Information: http://www.healthcareitnews.com/news/hackers-swipe-data-60k-vendor-hipaa...

 

 
Information Source:
Media
records from this breach used in our total: 0

November 10, 2014 US Postal Service
Washington, District Of Columbia
GOV HACK

800,000

The US Postal Service is releasing information today that they have been the victim of a cyber attack with Chinese hackers being suspected of hacking into their computer networks compromising the information of over 800,000 employees.

Currently the FBI is investigating the breach and it appears that information obtained included names, dates of birth, Social Security numbers, addresses, dates of employment. According to officials, all postal service employees were affected and they are not yet clear why their information was of interest to these hackers. They are not seeing any evidence of customer information being compromised. The investigators are calling the hackers "sophisticated actors".  More information will be posted as additional information comes out with the investigation.

More Information: http://www.washingtonpost.com/blogs/federal-eye/wp/2014/11/10/china-susp...

 
Information Source:
Media
records from this breach used in our total: 800,000

November 10, 2014 Anthem Blue Cross
Southern and Northern California cities, California
BSF DISC

Unknown

Anthem Blue Cross in California sent text emails with personal details about individuals health information and member specific demographic information such as age, language spoken, specific medical test received or not received as part of the text message.

The company is reviewing whether or not they have to report this information as part of the specific notification laws in California, which does include the breach of medical history, mental or physical condition, medical treatment or diagnosis by a health care professional.

A spokesperson for Blue Cross stated that they are investigating the incident.

More Information: http://bits.blogs.nytimes.com/2014/11/10/oops-health-insurer-exposes-mem...

 

 
Information Source:
Media
records from this breach used in our total: 0

November 10, 2014 Central Dermatology Center
Chapel Hill, North Carolina
MED HACK

Unknown

Central Dermatology Center notified patients of a data breach to their system when malware was found on one of their servers.

The information compromised included patient names, addresses, phone numbers, dates of birth, Social Security Numbers, sex, treatment dates, account balances, email addresses, insurer, providers, employers and race.

Currently, the center has hired an forensic IT firm to investigate the breach. They did not provide the number of individuals at risk.

More Information: http://healthitsecurity.com/2014/11/10/potential-health-data-breach-hits...

 

 
Information Source:
Media
records from this breach used in our total: 0

November 7, 2014 Jessie Trice Community Health Center
Miami, Florida
MED HACK

8,000

Jessie Trice Community Health Center announced a data breach when members of an identity theft ring accessed the personal information of 8,000 patients.

The informaton accessed included names, dates of birth and Social Security Numbers. No medical information was compromised according to the facility.

The FBI and the IRS are currently investigating the breach.

More Information: http://www.clinical-innovation.com/topics/privacy-security/identity-thef...

 
Information Source:
Media
records from this breach used in our total: 8,000

November 3, 2014 Fidelity National Financial
Jacksonville, Florida
BSF HACK

Unknown

Fidelity National Financial, Inc (FNF) informed customers of a breach to their system due to a targeted phishing attack to certain employees.

FNF is the parent company of Ticor Title Company of Oregon, Ticor Title of Nevada, Inc., Lawyers Title Company, and Lawyers Title of Oregon, LLC, which provides title insurance and real estate settlement services in Oregon, Nevada, and/or California.

From April 14, 2014 and April 16, 2014 a certain number of employees were targeted in a phishing attack that allowed the hackers to obtain username and password information for employees of the company. The company hosts their email with a third party vendor and after investigating did not find any evidence that the hackers were able to breach FNF's internal network or systems.

However, the investigation did reveal that personal information was obtained including Social Security numbers, bank account numbers, credit/debit card numbers and driver's license numbers.

The company is offering 12 months free of AllClear ID to those affected. Those affected can call 1-877-676-03741-877-676-0374 to reach an AllClear investigator.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47112

 
Information Source:
California Attorney General
records from this breach used in our total: 0

November 3, 2014 Palm Springs Federal Credit Union
Palm Springs, California
BSF PORT

Unknown

The Palm Springs Federal Credit Union was conducting an audit of their systems and realized that one of their external hard drives that contained customer data was missing.

The information contained on the drive included customer names, addresses, Social Security Numbers and account numbers.

The credit union is offering AllClearID and AllClearID Pro for 12 months at no cost to those who were affected by this breach. For those with questions they can call 1-866-979-25951-866-979-2595 or the credit union at dpitigliano@palmspringsfcu.com.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47289

UPDATE (1/16/2015): The National Credit Union Administration has announced that it will be paying Palm Springs Federal Credit Union $50,000 to help cover expenses incurred due to a data breach the credit union suffered. The regulatory agency is taking responsibility for the breach.

More Information: http://www.bankinfosecurity.com/agency-takes-responsibility-for-breach-a...

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 23, 2014 Reeves International Inc/ Breyer Horses
Pequannock, New Jersey
BSR HACK

Unknown

Reeves International Inc. is informing customers of a data breach of one of their online retail sites called Breyer Horses (www.breyerhorses.com). On September 9, 2014 the company discovered an unauthorized party installed malware on the server hosting the Breyer Horse website, the malware compromised customers' personal data. The dates of the attack were from March 31, 2013 through October 6, 2014.

The information compromised includes names, addresses, website usernames and passwords, payment card account numbers, card expiration dates, and payment card security codes.

For anyone affected or those with questions call 1-877-572-06281-877-572-0628 twenty-four hours a day Monday through Sunday (excluding holidays).

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47096

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 23, 2014 American Soccer Inc./SCORE
Wilmington, California
BSR HACK

Unknown

On October 21, 2014 SCORE discovered an unauthorized access to their server that processes customer payment information.

According to the company on September 4, 2014 unauthorized access to their website compromised personal information of individuals who completed a transaction.

The information includes names, payment card account numbers, expiration dates of cards, SCORE account numbers. Those who were affected conducted a transaction between June 1, 2014 and September 4, 2014. There was no evidence that customer addresses or security codes being compromised after an investigation was conducted.

For those with questions or concerns call 1-800-626-77741-800-626-7774.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46986

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 20, 2014 Staples Inc.
Framingham, Massachusetts
BSR HACK

1.2 million

Several large banks notified Staples Inc. of unusual activity on credit and debit cards used at several locations in Northeastern United States. According to Brian Krebs, Krebs on Security "According to more than a half-dozen sources at banks operating on the East Coast, it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey". Staples Inc. has more than 1800 stores nationwide and is currently investigating the potential breach.

More Information: http://krebsonsecurity.com/2014/10/banks-credit-card-breach-at-staples-s...

UPDATE (11/17/2014): It appears that the breach that happened at Staples was conducted by the same cyber criminals that infiltrated Michaels stores. According to Krebs On Security "Multiple banks interviewed by this author say they’ve received alerts from Visa and MasterCard about cards impacted in the breach at Staples, and that to date those alerts suggest that a subset of Staples stores were compromised between July and September 2014."

More Information: http://krebsonsecurity.com/2014/11/link-found-in-staples-michaels-breach...

UPDATE (12/19/2014): After an investigation, Staples Inc. said that nearly 1.2 million customers payment cards. "Staples said Friday that the investigation revealed that the hackers used malware that provided access to information for transactions at 115 of its stores. The hackers stole cardholder names, payment card numbers, expiration dates and card verification codes.  The company is offering free identity theft protection services.

More Information: http://www.huffingtonpost.com/2014/12/19/staples-breach-payment-cards_n_...

 
Information Source:
Media
records from this breach used in our total: 1,200,000

October 17, 2014 Sourcebooks Inc.
Naperville, Illinois
BSR HACK

Unknown

Sourcebooks Inc. has informed customers of a breach of their shopping cart software that supports several of their websites. The breach dates were from April 16, 2014 and June 19, 2014. An unauthorized party gained access to specific customer purchase information.

The information breached includes first names, last names, email addresses, phone numbers, addresses, account passwords, credit card numbers, expiration dates of credit cards, cardholder names and card verification values.

The company is conducting an investigation including a forensic audit to determine the full extent of the breach.

For those with questions or concerns call 1-844-810-1155 between 8:30 a.m and 5:30 p.m Central Standard Time or go to http://www.sourcebooks.com/cardfaq.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47029

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 14, 2014 Cyberswim.com
Pen Argyl, Pennsylvania
BSR HACK

Unknown

Cyberswim.com notified customers of a data breach to their online ecommerce store and the discovery of customers' personal information being breached.

On September 24, 2014 the company confirmed that an unauthorized individual(s) or entities installed malware on the server hosting their website. This malware was able to access personal information entered by customers when completing a purchase on the site.

Information breached includes names, addresses, website usernames and passwords, payment card account numbers, card expiration dates, and payment card security codes.

Purchases made between May 12, 2014 and August 28, 2014 are the dates this breach occurred.

For those with questions call 1-844-286-4855 between 9:00 a.m and 5:00 p.m Easter time, Monday through Friday (excluding holidays).

More Information: oag.ca.gov/ecrime/databreach/reports/sb24-46986

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 14, 2014 Novant Health Gaffney Family Medical Care
Gaffney, South Carolina
MED PORT

Unknown

Novant Health Gaffney Family Medical Care informed patients of a data breach when their offices were broken into and two of the facilities laptops were stolen.

The information on the laptops was not disclosed.

More Information: http://www.wspa.com/story/26681323/laptops-with-patient-data-stolen-from...

 
Information Source:
Media
records from this breach used in our total: 0

October 13, 2014 Snapsaved.com
Unknown,
BSO HACK

200,000

Snapsaved.com, a third party vendor to Snapchat, announced that their servers were hacked, which in turn caused thousands of photos and videos from the third party service to show up on the Internet.

"On Sunday, thousands of photos and videos from the Snapchat service were put online, apparently taken from sites including Snapsaved.com, which had allowed people to log in using their Snapchat username and password to offer desktop-based rather than handset-based access to the site - and also the chance to store photos, which are meant to be deleted within seconds of being viewed."

Snapsaved posted on Facebook the following:

"I would like to inform the public that snapsaved.com was hacked” due to a mistake in the setup of its web server. “As soon as we discovered the breach in our systems, we immediately deleted the entire website and the database associated with it,” the unsigned statement continues. “As far as we can tell, the breach has effected [sic] 500MB of images, and 0 personal information from the database.”

More Information: http://www.theguardian.com/technology/2014/oct/13/third-party-snapchat-s...

 
Information Source:
Media
records from this breach used in our total: 0

October 13, 2014 University of California Davis Medical Center
Sacramento, California
MED HACK

Unknown

The University California Davis Medical Center discovered abnormal activity in the email account of one of their providers. An investigation determined that the provider's email was compromised by an unknown source. As a result, an unauthorized use and access to their system giving them access to communication between the provider and the patients.

For additional questions regarding the incident contact 1-916-734-8808 or email privacyprogram@ucdmc.ucdavis.edu

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46960

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 13, 2014 Penn Highlands Brookville
Brookville, Pennsylvania
MED HACK

Unknown

The office of Dr. Barry J. Snyder at Penn Highlands Brookville, a healthcare service provider for the Brookville area in Pennsylvania, notified patients of a data breach when a third party accessed the third party vendor's server who maintains records for Dr. Snyder.

The information compromised included patient names, addresses, dates of birth, driver's license numbers, Social Security numbers, phone numbers, insurance information, medical informatino and genders.

The facility is offering free identity monitoring and identity protection services to affected individuals through Kroll Inc. Those affected can call 1-855-401-2640.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 13, 2014 Oak Park Medical Center
Oak Partk, Michigan
MED DISC

Unknown

Medical files were found by a former customer of a Dr. Pramod Raval, who was indicted in a Medicare home health care fraud scheme. Boxes of full files were dumped outside with massive amounts of patient data still intact.

The medical files included files that contained names, Social Security numbers, X-rays, blood types and addresses.

The local police were notified and the files were scheduled to be shredded.

More Information: http://www.clickondetroit.com/news/medical-files-found-dumped-in-oak-par...

 
Information Source:
Media
records from this breach used in our total: 0

October 10, 2014 Sears Holding Company/K-Mart
Hoffman Estates, Illinois
BSR HACK

Unknown

Sears Holding Corp announced Friday that a data breach occurred at their K-Mart stores starting last month, with malicious software targeting their Point of Sale systems that  compromised customers' credit card information.

Currently, Sears Holding Corp is not clear as to the number of affected customer cards and the breach is currently under investigation. K-Mart has said that they were able to remove the malware from their systems.

K-Mart is working currently working with federal investigators.

For those with questions, they are asked to call K-Mart's Customer Care Center at 1-888-488-5978.

More Information: http://abcnews.go.com/Business/wireStory/kmart-latest-victim-data-breach...

 
Information Source:
Media
records from this breach used in our total: 0

Breach Total
932,729,111 RECORDS BREACHED
(Please see explanation about this total.)
from 4,478 DATA BREACHES made public since 2005
Showing 1-50 of 4478 results


X

Sign In!

Loading