Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,421 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
February 8, 2013 Talk Fusion
Brandon, Florida
BSO HACK

Unknown

A computer network attack resulted in the exposure of customer information.  The cyber attack was discovered on December 13, 2012 and affected customer databases with names, Social Security numbers, credit and debit card numbers, payment card expiration dates, payment card security codes, addresses, telephone numbers, dates of birth, and mothers' maiden names may have been exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 11, 2013 Crafts Americana Group, Inc. (Knitpicks.com, ArtistsClub.com, ConnectingThreads.com)
Columbus, Ohio
BSR DISC

Unknown

Customers who had credit card numbers on file after using them at Knitpicks.com, ArtistsClub.com, or ConnectingThreads.com may have had their information exposed.  A file on the Crafts Americana Group, Inc. servers was accessible for a period of time before being removed on January 25, 2013.  The file contained names, credit card numbers, addresses, and phone numbers.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 17, 2013 Sierra View District Hospital
Porterville, California
MED HACK

Unknown

The Information Technology Department at Sierra View District Hospital detected unusual activity on its computer network.  Patient information may have been affected and the investigation is ongoing.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 17, 2013 Heyman HospiceCare, Floyd Medical Center
Rome, Georgia
MED PORT

Unknown

The theft of a password-protected laptop from an employee's car may have resulted in the exposure of patient information.  The theft occurred on January 4, 2013 and was reported immediately.  Patients who were treated between July 1, 2006 and January 3, 2013 may have had their names, Social Security numbers, addresses, phone numbers, dates of birth, insurance policy numbers, diagnoses, visit notes, physician names, caregiver names, and advance directives exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 15, 2013 Walgreens
Richmond, Kentucky
BSR INSD

Unknown

A Walgreens pharmacist used patient information to obtain prescriptions for powerful drugs.  The fraudulent activity occurred between April 2011 and January 2012.  The dishonest pharmacist pleaded guilty to aggravated identity theft, wire fraud, and fraudulently acquiring controlled substances on November 19, 2012.

She was sentenced to 25 months in prison and one month of supervised release.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 13, 2013 Sinai Medical Center of Jersey City LLC
Jersey City, New Jersey
MED INSD

Unknown

A pediatrician misused patient information in order to defraud Medicaid of nearly one million dollars.  The pediatrician owned Sinai Medical Center and billed Medicaid for wound repairs and other procedures that were never performed.  Police arrested the dishonest pediatrician on January 16, 2013.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 11, 2013 Lee Miller Rehab Associates
Baltimore, Maryland
MED STAT

10,480 (No SSNs or financial information reported)

A network server was stolen or discovered stolen on January 15, 2012.  The incident appeared on the HHS website in February of 2013.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

February 11, 2013 American HomePatient Inc., LifeGas
Brentwood, Tennessee
MED PORT

1,103 (No SSNs or financial information reported)

A laptop was stolen or discovered stolen on October 11, 2012.  The incident appeared on the HHS website in February of 2013.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

February 11, 2013 Riderwood Village
Baltimore, Maryland
MED PORT

3,230 (No SSNs or financial information reported)

Five laptops were stolen during the weekend of November 17, 2012.  They did not contain Social Security numbers and did contain unspecified personal information of patients.  A notice about the incident was sent on January 18, 2013 and the breach appeared on the HHS website in February of 2013.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

February 19, 2013 Hotusa Group
,
BSR HACK

Unknown

Hotusa Group is headquartered in Barcelona, Spain.

A server breach or other incident related to credit cards may have affected people who used their American Express cards at locations linked to Hotusa Group's servers.  Account numbers, names, credit card expiration date, and other credit card information may have been exposed for American Express and other cards. The incident occurred on August 24, 2012.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 20, 2013 Mid-Florida Urological Associates
Orlando, Florida
MED INSD

Unknown

A dishonest employee misused patient information in order to claim them as her children and receive insurance compensation.  The dishonest employee was charged with insurance fraud and ID theft.

UPDATE (02/22/2013): Orlando Health patient records were accessed.  The Orlando Health hospitals include MD Anderson Cancer Center Orlando, Orlando Regional Medical Center, Winnie Palmer Hospital for Women and Babies, Dr. P. Phillips Hospital, Arnold Palmer Hospital for Children, South Seminole Hospital, South Lake Hospital, and Health Center Hospital.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 21, 2013 Zendesk
San Francisco, California
BSR HACK

Unknown

An official notice can be found here: http://www.zendesk.com/blog/weve-been-hacked.

Those with questions may call (415) 287-9976.

A hacker accessed Zendesk information that was online.  Three clients who use Zendesk to store information had user lists downloaded by the hacker.  Users who contacted those clients for support may have had their email addresses and the subject lines of those email addresses accessed.

UPDATE (02/22/2013): Tumblr, Twitter, and Pinterest were the affected clients. Twitter let users know that emails, phone numbers, Twitter usernames, and any other information that was provided to Twitter may have been exposed.  Passwords were not compromised.

 
Information Source:
Media
records from this breach used in our total: 0

February 22, 2013 NBC.com
New York, New York
BSO HACK

Unknown

NBC's website was attacked by malware in the form of a Citadel Trojan.  The purpose of the attack was most likely to steal usernames, passwords, and other personal information.  NBC is unclear on how the malware entered their system.

 
Information Source:
Media
records from this breach used in our total: 0

February 22, 2013 Minnesota Department of Natural Resources, Minnesota Department of Motor Vehicles
Little Falls, Minnesota
GOV INSD

5,000 (No SSNs or financial information reported)

An employee working as an administrative manager in the Enforcement Division viewed the DMV information of around 5,000 people outside of work hours and for no job-related reason.  His activities between January 2008 and October 2012 were discovered and he was discharged on January 11, 2013.  It is believed that the driver's license and other motor vehicle record information was viewed for curiosity and not malicious purposes.

UPDATE (05/01/2013): A group of people who had their driver's license information accessed filed lawsuits against Minnesota.  The state asked the federal judge hearing the case to dismiss the motions and argued that the state isn't liable under a federal law that protects the privacy of driver's license data.  The employee responsible for the breach is facing criminal charges; though the breach may not have been for malicious purposes.

UPDATE (08/07/2013): The lawsuit was filed against other state employees as well as the employee responsible for the breach.

UPDATE (9/25/2013): A district court dismissed the lawsuit.  The judge ruled that state agencies are not liable for a rogue employee's actions.  The case against the dishonest employee is still active.  The liability of the employee's supervisors has been limited and they will not pay damages for the breach.

 
Information Source:
Media
records from this breach used in our total: 0

February 19, 2013 Kork and Keg
Greencastle, Indiana
BSR HACK

Unknown

Fraudulent activity on the accounts of DePauw University students was linked to Kork and Keg.  It is not clear how the store's payment system was compromised; however it was a common link among those who had their accounts breached.  Kork and Keg did not make a statement.

 
Information Source:
Media
records from this breach used in our total: 0

February 18, 2013 Express Scripts, Ernst & Young
St. Louis, Missouri
BSF DISC

Unknown

A partner at Ernst & Young is accused of sneaking into the headquarters of Express Scripts Holding Co.  It is not clear how the Ernst & Young partner got into the headquarters, but it is believed that he emailed over 20,000 pages of data to a personal account.  Express Scripts Holding Co. accused Ernst & Young of stealing the information in order to develop its health care division. Express Scripts Holding filed a lawsuit; the accused partner is no longer employed by Ernst & Young.

 
Information Source:
Media
records from this breach used in our total: 0

February 5, 2013 U.S. Department of Energy
Washington, District Of Columbia
GOV HACK

Unknown

The U.S. Department of Energy discovered that unidentified malicious activity had been detected on 14 servers and 20 workstations in January.  The personal information of several hundred employees was exposed.  The U.S. Department of Energy had known about the need to patch computers, network ssytems, and servers since 2012.

 
Information Source:
Media
records from this breach used in our total: 0

February 13, 2013 Los Angeles Times, OffersandDeals.latimes.com
Los Angeles, California
BSO HACK

Unknown

The Los Angeles Times learned that a segment of its website housed malicious code for six weeks.  The subdomain OffersandDeals.latimes.com redirected visitors to a malicious website.  The website then used code to receive compensation for web traffic.  The compromise appears to have occurred sometime before December 23, 2012.  An LA Times spokesperson initially responded to the breach by claiming that a glitch in Google's display ad exchange had caused a malicious script warning rather than actual malicious script.

 
Information Source:
Media
records from this breach used in our total: 0

February 14, 2013 FCC, Emergency Alert System
Washington, District Of Columbia
GOV HACK

Unknown

The Emergency Alert Systems (EAS) of several TV stations nationwide were hacked and alerted people to a fictitious zombie attack.  The FCC ordered local broadcasters to change their passwords on EAS equipment and check the security of firewalls before resuming normal internet connections.

 
Information Source:
Media
records from this breach used in our total: 0

February 14, 2013 Häagen-Daz
Tampa, Florida
BSR HACK

Unknown

Anyone who made a purchase at the Häagen-Daz inside the food court in International Plaza since April of 2012 may have been affected by identity theft.  A flash drive that contained key-logger software was connected to a register at the store.  It recorded payment card transactions and allowed thieves to make counterfeit credit cards.  Two men were arrested in June of 2012 for using fraudulent card information and that information was later linked to the Häagen-Daz shop.

 
Information Source:
Media
records from this breach used in our total: 0

February 13, 2013 Jawbone
San Francisco, California
BSR HACK

Unknown

Hackers were able to access Jawbone's MyTALK customer accounts for several hours.  Names, email addresses, and encrypted passwords were exposed.  Any customers who were affected received an email warning them to reset their passwords.

 
Information Source:
Media
records from this breach used in our total: 0

February 8, 2013 United States Federal Reserve, Grand Banks Yachts
Washington, District Of Columbia
GOV HACK

Unknown

The hacking group known as Anonymous claimed responsibility for a hack of the Alabama Criminal Justice Center and indicated that they had access to US Federal Reserve servers. Some internal documents were also exposed.  The hack attack was a response to the US Federal Reserve's reaction, or failure to react, to the February 4 hack of the Alabama Criminal Justice Center.  Anonymous released a document showing that they had extensive access to US Federal Reserve servers and internal documents.  Anonymous hacked into the Grand Banks Yachts website and used it to host a file that contained the document.

UPDATE (08/23/2013): Federal Reserve employee data was posted on a website.  Phone numbers, emails, and other Federal Reserve employee information was placed on a publicly accessible spreadsheet.  Anonymous claims to have full details of every Federal Reserve Bank of America employee.  The information may have been from the breach in February.  

 
Information Source:
Media
records from this breach used in our total: 0

February 25, 2013 Mercedes-Benz of Walnut Creek
Walnut Creek, California
BSR PHYS

Unknown

A February 7 or 8 office burglary at Mercedes-Benz of Walnut Creek resulted in the exposure of customer information.  Locked file cabinets that contained customer deal files were burglarized and customer files were taken from the Service Department.  The theft was discovered on the morning of February 8 and immediately reported.  Customer names, Social Security numbers, addresses, credit reports, driver's license information, insurance information, and credit card numbers may have been exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 26, 2013 Massachusetts Mutual Life Insurance Company, Convey Compliance Systems, Inc.
Springfield, Massachusetts
BSF DISC

Unknown

An error at Convey Compliance Systems, Inc. resulted in 1099 forms being mailed to incorrect addresses.  The 1099 forms contained names, Social Security numbers, tax identification numbers, and addresses.  The financial information of some Massachusetts Mutual Life Insurance Company clients was exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 28, 2013 First National Bank of Southern California
, California
BSF PORT

Unknown

The city in which the theft occurred was not revealed.

A back-up tape that contained First National Bank of Southern California client information was stolen on February 1, 2013 from a data service provider.  Social Security numbers, taxpayer identification numbers, account balances, and account numbers were exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 1, 2013 Samaritan Hospital, Rensselaer County Jail
Troy, New York
MED INSD

Unknown

A nursing supervisor of Rensselaer County Jail was found to have misused credentials to access patient records without cause.  The Rensselaer County Jail information is maintained by Samaritan Hospital.  The hospital learned of the breach in November 2011, disabled the employee's account, and notified the sheriff's office immediately.  Subsequently, the Hospital may have delayed notifying patients because of the ongoing investigation.  Notifications were sent out during the first week of March in 2013.

UPDATE (04/01/2013): A total of 48 people have been notified.  Patients from as far back as 2006 may have been affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 26, 2013 First Choice Home Health Care Services Inc., Reliance Home Care, LLC
Detroit, Michigan
MED INSD

Unknown

A group of co-conspirators used Medicaid information from Medicare beneficiaries in and near Detroit to defraud Medicaid and file for $24.7 million in fraudulent claims.  The fraud took place between 2008 and May of 2012.  Hundreds of patients had their information misused so that co-conspirators could bill Medicare for psychotherapy, home health services, and other medical services.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

March 1, 2013 Bank of Hawaii, First Hawaiian Bank
Oahu, Hawaii
BSR HACK

Unknown

An unnamed restaurant in Oahu experienced a computer system breach.  Customers who visited the restaurant during a period in February had their credit and debit cards blocked by Bank of Hawaii and First Hawaiian Bank when the breach was discovered.  Not all of the payment cards that were blocked had been compromised.

 
Information Source:
Media
records from this breach used in our total: 0

February 27, 2013 Information Handling Services, Inc. (IHS)
Englewood, Colorado
BSO HACK

Unknown

Hackers breached the servers of IHS and may have been able to access credit card, customer, and nuclear information.  IHS does not believe that confidential information was compromised.  However, the hacker group claimed to have obtained the records of 8,500 customers. The hacker group is known to attack sites in order to further their goal of revealing sensitive nuclear data to pressure the Israeli government and others into disclosing their nuclear activities.

UPDATE (05/13/2013): The unauthorized parties acquired the relevant data from the IHS Jane's environment on or about November 22, 2012.

 
Information Source:
Media
records from this breach used in our total: 0

February 27, 2013 Bit9, Inc.
Waltham, Massachusetts
BSO HACK

Unknown

Hackers were able to exploit a vulnerability in a web application and use an SQL injection.  The breach occurred in July of 2012, however the server was shut down until January of 2013. Hackers then used Bit9's systems to attack other organizations who relied on Bit9 as a security platform vendor.  Three unnamed companies were affected.  The vulnerability was caused by Bit9 failing to install its own security software.

 
Information Source:
Media
records from this breach used in our total: 0

March 1, 2013 Fabric Depot
Portland, Oregon
BSR HACK

Unknown

On January 7, 2013 Fabric Depot became aware of a breach that had occurred sometime around October 16, 2012.  Fabric Depot changed their online payment system and notified customers.  Customer names, credit card numbers, credit card verification codes, debit card numbers, and account billing addresses may have been exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 4, 2013 TD Bank, N.A.
Cherry Hill, New Jersey
BSF PORT

Unknown

Two backup tapes with customer and customer dependent names, Social Security numbers, addresses, account numbers, debit card numbers, and credit card numbers went missing while being transported between two TD Bank office locations in March of 2012.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 4, 2013 The Prudential Insurance Company of America, Unisys
Newark, New Jersey
BSF DISC

Unknown

An administrative error resulted in documents with sensitive information from Unisys members being emailed to an incorrect party associated with Unisys. The mistake occurred on December 13, 2012.  The document may have contained names, Social Security numbers, dates of birth, and salary information. The mistake was immediately noticed by the recipient and the information was deleted from their computer.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 4, 2013 Family Intervention Services
Hiram, Georgia
MED PHYS

Unknown

A caller contacted a local news team member and an investigation of mishandled medical documents began.  The documents were in an unlocked dumpster and contained Social Security numbers, bank account information, addresses, dates of birth, and health information.  The documents were associated with Family Intervention Services and an unnamed orthopedic office.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

March 3, 2013 Evernote
Redwood City, California
BSO HACK

50,000,000 (No SSNs or financial information reported)

Evernote's breach notice can be found here: http://evernote.com/corp/news/password_reset.php.

A hacker or hackers attacked and may have accessed Evernote's online system. Evernote reset all user passwords as a precaution.  User names, email addresses, and encrypted passwords may have been exposed. 

UPDATE (03/09/2013): A total of 50 million users were told to reset their passwords.

 
Information Source:
Media
records from this breach used in our total: 0

March 7, 2013 Uniontown Hospital
Uniontown, Pennsylvania
MED HACK

Unknown

A hacker or hackers accessed patient information and posted it online.  The breach was discovered by a data privacy expert. Uniontown indirectly notified the public of the breach and breach containment after the privacy expert attempted to reach Uniontown Hospital for several days.  Names, encrypted passwords, contact names, email addresses, and usernames may have been exposed.  It is unclear how long the information was available.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

March 8, 2013 University of Connecticut Health Center
Farmington, Connecticut
MED INSD

1,400 (Unknown number of Social Security numbers)

An employee accessed patient records for reasons unrelated to their job function.  The Heath Center became aware of an unauthorized access in January of 2013.  Patient names, addresses, dates of birth, and in some cases health information and Social Security numbers may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0

February 25, 2013 Sprouts
Phoenix, Arizona
BSR CARD

Unknown

A number of credit card terminals in 19 California and Arizona stores were affected by point-of-sale malware between January 25 and 29.  Credit card and debit card numbers were exposed.  Customer PINs associated with the payment cards were not affected. Sprouts identified the issue within a few days of the breach and updated customer information protection procedures in all of its stores.

 
Information Source:
Media
records from this breach used in our total: 0

February 25, 2013 Capella University
Minneapolis, Minnesota
EDU INSD

Unknown

Capella University's official breach notice can be found here: http://www.atg.state.vt.us/assets/files/Capella%20University%20Security%20Breach

%20Notice%20to%20consumer.pdf

A collection department employee sent sensitive information to a personal email account.  The incident was discovered on January 28 and the employee was fired.  A small group of learners may have had their names, Social Security numbers, and other information that was kept by Capella's collection department exposed.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

March 11, 2013 Stanley Black & Decker, Inc.
New Britain, Connecticut
BSR PORT

Unknown

Those with questions or concerns may contact (877) 795-2356.

The theft of an employee's laptop resulted in the exposure of information from employees and people who received checks from Stanley Black & Decker.  Names, and the account numbers and routing numbers associated with direct deposits may have been exposed. The laptop was stolen from a finance employee on January 28.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 15, 2013 Facebook
Menlo Park, California
BSO HACK

Unknown

Facebook's official notification can be found here: http://www.facebook.com/notes/facebook-security/protecting-people-on-facebook/10151249208250766

Facebook discovered that hackers had exploited a vulnerability and accessed unspecified data.  Facebook found no evidence that Facebook user data was compromised.  Malware was installed on a number of employee laptops after a small number of them visited a mobile developer website that turned out to be unsafe. Microsoft, Twitter, and Apple were affected by the same issue around the same time.

 
Information Source:
Media
records from this breach used in our total: 0

February 22, 2013 Microsoft
Redmond, Washington
BSR HACK

Unknown

Microsoft's official notice can be found here: https://blogs.technet.com/b/msrc/archive/2013/02/22/recent-cyberattacks.aspx?Redirected=true

Microsoft security discovered that a number of employee devices were affected by malware.  The employees had visited unsafe websites and downloaded material. It is unclear if the employee devices spread the infection to other areas of Microsoft's network, but Microsoft found no evidence of customer data being affected. Facebook, Twitter, and Apple were affected by a similar issue around the same time.

 
Information Source:
Media
records from this breach used in our total: 0

February 19, 2013 Apple
Cupertino, California
BSR HACK

Unknown

Apple detected malware on employee computers.  A small number of employee computers had been affected after their users went to a website for software developers.  Facebook, Microsoft, and Twitter experienced the same breach around the same time.

 
Information Source:
Media
records from this breach used in our total: 0

January 16, 2013 Utah Department of Health, Goold Health Systems
Salt Lake City, Utah
MED PORT

6,000 (No SSNs or financial information reported)

An employee of Goold Health Systems lost an unencrypted USB memory stick that contained the information of around 6,000 Medicaid recipients in Utah.  Goold Health Systems is a contractor for the Utah Department of Health.  Medicaid recipient names, Medicaid identification numbers, ages, and recent prescription drug use were on the memory stick.  The memory stick was lost during travel between Salt Lake City, Denver, and Washington.  The loss was confirmed on Tuesday, January 15.  

 
Information Source:
Media
records from this breach used in our total: 0

January 13, 2013 Advanced Micro Devices (AMD), Nvidia
Sunnyvale, California
BSR INSD

Unknown

Four managers who left AMD to work for Nvidia are being sued by AMD for intellectual property theft.  AMD accused the former employees of setting up a spying ring in the company before leaving to work for rivaling company Nvidia.  One of the managers is accused of using two external hard drives to download Microsoft Outlook email files, licensing agreements, and strategic plans from his work computer before leaving AMD in July of 2012. Another employee is accused of taking an AMD technical work and development database with over 200 files.  The four employees are accused of taking over 150,000 documents.

 
Information Source:
Media
records from this breach used in our total: 0

April 9, 2012 Intel, Advanced Micro Devices (AMD)
Hudson, Massachusetts
BSR INSD

Unknown

A former Intel employees pleaded guilty to stealing documents for competitive advantage.  The employee worked for AMD at the time of the theft and was able to retain access to some of Intel's processor designs and chip fabrication process documents.  He used his vacation time from Intel to begin working at AMD.  The dishonest employee was charged with one count of stealing trade secrets for stealing a stack of documents in 2008 and four counts of wire fraud.  Intel valued the documents at between $200 million and $400 million.

 
Information Source:
Media
records from this breach used in our total: 0

March 15, 2013 Tribune Co.
Sacramento, California
BSO INSD

Unknown

A former employee revealed a password and username combination for Tribune Co. to hackers.  The hackers were part of anonymous and used the information to access Tribune Co.'s servers in 2010.  A number of online stories that had been published through Tribune Co. were defaced by hackers as a result.  

The former employee of a TV station owned by Tribune Co. was indicted on charges of conspiracy to cause damage to a protected computer, transmission of malicious code, and attempted transmission of malicious code.

UPDATE (04/23/2013): The former employee worked at Reuters as a deputy social media editor at the time of the cyber attack.  He was fired from Reuters in April of 2013.

 
Information Source:
Media
records from this breach used in our total: 0

March 19, 2013 Subway
, California
BSR HACK

Unknown

No specific California city was involved.  Subway restaurants in California, Massachusetts, and Wyoming were involved.

A former owner of a Subway franchise used software from his new job to access the computer systems of Subway restaurants.  The former owner sold point-of-sale software to Subway restaurants across the country and then worked with an accomplice to remotely hack into at least 13 Subway point-of-sale systems.  The fraud began in 2011.  Fraudulent Subway gift cards totaling at least $40,000 were created.  Two of the California participants were indicted on March 6.

 
Information Source:
Media
records from this breach used in our total: 0

March 19, 2013 General Services Administration (GSA)
Washington, District Of Columbia
GOV DISC

Unknown

GSA users may have been able to view the financial information and trade secrets of other GSA users due to a security vulnerability.  The specific database that was affected is called the System for Award Management (SAM).  Contractor and vendor registration records are cataloged by SAM.  It is not clear how GSA became aware of the issue or how long it was a problem.  Agency officials revealed that users could purposefully or inadvertently view the information of other users after following a series of steps.

UPDATE (03/23/2013):  Users had Social Security numbers and tax identification numbers exposed.

 
Information Source:
Media
records from this breach used in our total: 0

March 16, 2013 Lawrence Melrose Medical Electronic Record, Inc.
Melrose, Massachusetts
MED INSD

Unknown

Patients at Baystate Gastroenterology, Hallmark Health Medical Associates, Main Street Family Practice, and Womens Healthcare Associates were affected.  Patients of Maury Goldman, MD and John Mudrock, MD were also affected.

An employee of Lawrence Melrose accessed patient information for reasons unrelated to their work.  It is unclear what type of patient information was exposed and how many patients were affected.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,421 DATA BREACHES made public since 2005
Showing 3851-3900 of 4421 results


X

Sign In!

Loading