Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
930,526,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,427 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
July 29, 2013 Sheet Metal Local 36 Welfare Fund, People Resource Corporation
St. Louis, Missouri
MED UNKN

4,560 (No Social Security numbers or financial information reported)

A data breach occured between August 1, 2012 and July 8, 2013.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 29, 2013 MED-EL Corporation
Durham, North Carolina
MED DISC

609 (No Social Security numbers or financial information reported)

An email error that occrred on June 25 resulted in the exposure of health information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 29, 2013 Northrop Grumman Retiree Health Plan, CVS Caremark
Fall Church, Virginia
MED PHYS

4,305 (No Social Security numbers or financial information reported)

A breach involving paper records from CVS Caremark affected 4,305 Northrop Grumman Retiree Health Plan enrollees.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 4, 2013 Behavioral Health Network
Springfield, Massachusetts
MED PHYS

Unknown

A concerned citizen found medical records in a publicly accessible dumpster.  Behavioral Health Network has a shredding vendor and did not have an explanation for the breach.  Behavioral Health Network picked up the remaining files.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 2, 2013 Advantage Health Solutions
Indianapolis, Indiana
MED DISC

Unknown

A patient discovered that he could see the information of other users by logging into his Advantage Health Solutions account.  Any patients who put in a name or date of birth other than their own were able to see the records of people with those names or dates of birth.  Names, phone numbers, addresses, primary care physicians, medical bills, types of medications, and other medical information were exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 1, 2013 Union Security Insurance Company
Kansas City, Missouri
MED UNKN

1,127 (No Social Security numbers or financial information reported)

A breach that occurred on May 17 may have exposed protected health information.  It involved email and/or the improper disposal of records.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

June 9, 2013 Laboratory Corporation of America (LabCorp)
Burlington, North Carolina
MED STAT

Unknown

The theft of a computer that was scheduled to be destroyed may have exposed patient names, birthdates, and Medicare subscriber numbers.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

June 9, 2013 Office of Kara Falck, Other World Computing
Takoma Park, Maryland
MED PORT

Unknown

A hard drive from the therapy service was purchased and then returned to Other World Computing.  A doctor in Germany later contacted the therapy service and confirmed that he had received the hard drive.  Client information, progress notes, and billing notes could be found on the hard drive though the doctor had believed he was purchasing a new or refurbished hard drive.  Other World Computing or the hard drive's manufacturer failed to clear the hard drive before it was resold.  The hard drive was resold to its original owner in order to safeguard the therapeutic client information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

May 21, 2013 Sovereign Medical Group, LLC
Ridgewood, New Jersey
MED HACK

27,800 (No Social Security numbers or financial information reported)

An October 10, 2012 breach resulted in the exposure of information.  The incident or incidents involved one or more network servers, theft, and/or hacking.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

May 21, 2013 Hawaii State Department of Health - Adult Mental Health Division
Honolulu, Hawaii
MED HACK

674 (No Social Security numbers or financial information reported)

An employee noticed unusual activity on a computer and a hacking incident was discovered on September 25, 2012.  Information stored on a computer file may have been accessed and dated back to 1997.  Names, dates of birth, addresses, phone numbers, consumer record numbers, and a limited number of Social Security numbers were exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 1, 2014 Snapchat
Venice, California
BSO HACK

Unknown

The hacker or group known as "Lightcontact" is claiming to have hacked Snapchat.com. Reportedly, the group published a database containing Snapchat user names and phone numbers and posted it to several public forums such as Reddit.com.

UPDATE: Snapchat has announced a security update to their mobile image sharing services to include an opt out option to the Find Friends system. This update is said to prevent others from looking up their account information through address books. This update will allow a person to no longer appear if this type of search is initiated. According to security vendor AdaptivMobile, the compromised accounts are concentrated mostly in California and New York, with the two states accounting for nearly 2.3 million accounts. Other regions affected include Illinois, Colorado and Florida(1/4/2014)

 
Information Source:
Media
records from this breach used in our total: 0

January 1, 2014 Skype breach
Redmond, Washington
BSO HACK

Unknown

On January 1st, the Syrian Electronic Army is reportedly taking credit for hacking into user accounts on Skype. The amount of users affected is unknown. Reportedly, the hackers infiltrated a users account and monitors the activity and sells the data.

 
Information Source:
Media
records from this breach used in our total: 0

December 20, 2013 StakerLaw Tax and Estate Planning Law
Camarillo, California
BSF PHYS

Client files which included social security numbers and other asset information.

On Friday December 20, 2013 the owner of the firm had his home burglarized in which the firms back-up hard drive was stolen which contained the firms customer files containing sensitive personal information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 30, 2013 T-Mobile Supplier
Unknown,
BSO HACK

Unknown

A  supplier  for T-Mobile reported a breach of files stored on their servers. This breach included the breach of names, addresses, Social Seurity numbers and/or Driver's License numbers. This access was discovered in late November 2013.  They believe that the primary goal of the hackers was to obtain credit card data, but credit card information was not included in these files.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 30, 2013 Wichcraft Operating LLC
New York, New York
BSO HACK

Unknown

An unauthorized third party accessed their systems compromising payment card information of certain customers in possibly two of their locations, New York and San Francisco. The breached occured from approximately August 11, 2013 to October 2, 2013.

Based on their investigation, the information accessed by the unauthorized party may have included names, payment card numbers, security codes and expiration dates. They are claiming that not all of these data elements were accessed for each customer.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 29, 2013 American Express Company
New York, New York
BSF UNKN

Unknown

American Express announced, as part of an investigation by law enforcement and/or American Express, the company discovered a data breach that involved customer information. The data recovered included American Express cardholder acount numbers, names and other card information such as the expiration date. They have stated that Social Security numbers were not impacted and their systems did not detect any unauthorized activity on card holders accounts as related to this incident.

UPDATE: (1/16/2014): American Express has sent out a new letter addressed to customers affected by the data breach. This new communication entailed information that one of the merchants that they purchased goods with was affected by the breach. The information breached did not change, in that card holder account numbers, names and other card information such as expiration date were compromised. No Social Security numbers were impacted.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 27, 2013 Briar Group
Brighton, Massachusetts
BSO HACK

Unknown

Briar Group confirms it was the source behind a Seaport data breach. After an investigation by the Briar Group, who runs eight restaurants and bars in the city, confirmed that their systems were compromised causing the data breach that affected hundreds of individuals who visited the Seaport area of Boston sometime in November.

Currently, a number has not been released as the investigation regarding the breach is ongoing. The breach included unauthorized access to card data at their restaurants sometime between October and November 2013.

 
Information Source:
Media
records from this breach used in our total: 0

December 27, 2013 Colorado Community Health Alliance (CCHA)
Denver, Colorado
MED INSD

Unknown

1,918 Medicaid patients data was breached after a temporary employee from an outside contractor Colorado Community Health Alliance (CCHA) sent the information to his/her own personal email address according to media reports. The Colorado Department of Health Care Policy and Financing believes this information may have been intended for the employee's use in another business.

The information included patient names, date of birth, addresses, telephone numbers, health conditions and Medicaid identification numbers. Social Security numbers were not involved.

 
Information Source:
Media
records from this breach used in our total: 0

January 2, 2014 Straight Dope Message Board
Chicago, Illinois
BSO HACK

Unknown

The security team at The Straight Dope discovered hackers broke into their online message board forum. This resulted in unauthorized access of members usernames, emails and passwords. The message board does not store Social Security numbers or credit card information. The company is suggesting all users change their password in their system.

 
Information Source:
Media
records from this breach used in our total: 0

January 2, 2014 Eye Surgery Education Council
Fairfax, Virginia
MED HACK

4,748

Reportedly, the Eye Surgery Education Councils system was hacked and user accounts with partial email addresses, user names and clear text passwords were dumped onto the Internet.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 13, 2014 Update Legal
San Francisco, California
BSO INSD

Unknown

On or around September 9, 2013, Update Legal was informed by San Francisco Police that a suspect in custody had digital photographs of I-9 forms on the smartphone in this persons possession. This individual potentially obtained Social Security numbers, date of birth, driver's license numbers, email addresses, passport identification, state ID cards, military dependent's ID cards, US Citizen's ID cards, Certification of Birth Abroad, Birth Certificates and addresses.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 14, 2014 Southwest General Health Center
Middleburg Heights, Ohio
MED PHYS

480

Southwest General Hospital notified approximately 480 patients who were part of a obstetrics study that some of their private information was recently lost, including names, data on births, clinical information and medical record numbers. The data was included in one binder and the binder was discovered missing early in December 2013. The binder did not include Social Security numbers or financial information.

 
Information Source:
Media
records from this breach used in our total: 0

January 17, 2014 Easton-Bell Sports Inc.
Van Nuys, California
BSR HACK

Unknown

Easton Bell Sports Inc., out of Van Nuys California informed customers of a data breach in December. The company has stated that one of their vendors servers was the attack of vicious malware and was breached on or around December 1, 2013.

The breach may have impacted online purchases made from December 1, 2013 to December 31, 2013. The customer information breached may have included names, addresses, phone numbers, email addresses, credit card numbers, along with the 3 or 4 digit security code on the back of cards.

Once the breach was discovered, the company immediately shut the server down and took steps to stop any further infiltration of the system. The company has hired a computer forensics expert to conduct an investigation.

The amount of customers affected is currently unknown.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 17, 2014 E-Benefits Department of Veteran Affairs
, District Of Columbia
GOV UNKN

Unknown

As reported by a local T.V station in Moore County North Carolina, a Navy veteran  reported to have been utilizing the E-Benefits portal through the Department of Veteran Affairs to check his own benefits. He was on the VA's E-Benefits website trying to track down his own history for a bank loan. Instead, windows kept popping up displaying other veterans' medical and financial information. He has since reported the issue to the Department of Defense, the VA and Senator Kay Hagan's office.

The VA has responded with a statement to ABC11 on Friday January 17, 2014 with the following:

"The Department of Veterans Affairs (VA) takes seriously our obligation to properly safeguard personal information.  Wednesday evening, during a process to improve software supporting the joint VA and Department of Defense benefits web portal eBenefits, VA discovered a software defect. During that limited timeframe, some Veterans and Servicemembers who had registered and logged into eBenefits were able to see a combination of their own information as well as data from other eBenefits users.  VA took immediate action upon discovering the software defect and shut the eBenefits system down in order to limit any problems.  VA is conducting a full review to be certain the underlying technological issues have been resolved before the system is returned to operation.

VA's independent Data Breach Core Team (DBCT) is reviewing this issue and believes a relatively limited number of Veterans have been affected. Once the DBCT determines the number of users impacted, their identities and other pertinent facts, VA will take the appropriate response, which may include free credit monitoring for the affected individuals, consistent with VA's standard practice".

 
Information Source:
Media
records from this breach used in our total: 0

January 23, 2014 W.J Bradley
Centennial, Colorado
BSF INSD

Unknown

W.J Bradley Mortgage Capital, LLC announced in a letter to customers that information disclosed to the Emery Team at W.J Bradley Mortgage Capital, LLC in connection with numerous loan transactions had been breached. According to the company, information on specific loan transactions had been taken from their computer systems and copied by several former loan officers of the company. This information was then shared with another mortgage company not associated with W.J Bradley.

The company communicated that the information taken included income, marital status, and loan information. There is no evidence that the information was released to the public at large.

A court order was obtained by W.J Bradley requiring the return of all private customer information to the company, prohibiting the defendants from sending that information to others, and requiring that the defendants destroy all copies of the information in their possession.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 24, 2014 Coca-Cola Company
Atlanta, Georgia
BSR STAT

Unknown

The Coca-Cola Company announced the theft of several computers from one of their locations that contained personal information on employees and other individuals. The company did not detail the specific information that was stored on the stolen computers. The theft was discovered on December 19, 2013.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 28, 2014 Bring It To Me
San Diego, California
BSR HACK

Unknown

BringItToMe.com informed certain customers that a data breach occurred at one of their vendors that may have compromised personal or payment card information. No details have been released as to the specific personal or payment card information that may have been breached

The company was recently informed that the online ordering software provider, Big Tree Solutions, discovered unauthorized modifications in their software that could potentially allow new payment card information entered between October 14, 2013 and January 13, 2014 to have been obtained by an unauthorized user.

According to the company the unauthorized modification has been corrected and other security measures have been put into place.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 31, 2014 White Lodging Services Corporation
Merrillville, Indiana
BSR HACK

Unknown

White Lodging, a company that maintains hotel franchises under nationwide brands such as Hilton, Marriott, Sheraton and Westin may have been the victim of a data breach potentially exposing credit and debit card information. The company has not released the number of potential cards that may have been affected.

The breach was first noticed by various banking sources, who were sharing data indicating that they were seeing a pattern of fraud on hundreds of cards that were all used at Marriott hotels around March 23, 2013 through the end of last year. The breach seemed to only occur at those Marriott locations that were managed by White Lodging Services Corporation.

Reportedly the breach appears to have affected mainly restaurants, gift shops and other establishments within hotels managed by White Lodging.

 
Information Source:
Media
records from this breach used in our total: 0

January 30, 2014 UC Davis Health System
Sacramento, California
MED HACK

Unknown

UC Davis Health Center has informed patients of a potential data breach to their system. They recently learned that one of their medical provider's email accounts was impacted by an email "phishing" scam, which malicious software is used to access records. In this case this malware targeted the medical provider's email account.

They are currently investigating the breach and are unclear as of now if direct access to the information contained in this provider's emails was breached. Potential records breached include names, medical record numbers and dates of clinical visits to this provider.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 7, 2014 Easter Seals of Superior California
Suwanee, Georgia
MED PHYS Unknown

On December 10, 2013, an Easter Seal Society of Superior California employee's company vehicle were broken in to, and a company laptop containing health record information belonging to minors may have been breached.

The laptop contained emails that may have had specific information such as children's names, dates of birth, health care provider information, health care billing information, patient identification numbers, and occupational therapy notes.

The company is investigating any potential fraud that may have been associated with this information.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 10, 2014 Freeman
Dallas, Texas
BSF DISC

Unknown

The company, Freeman, announced a data breach regarding employee W2 forms.  Some employees may have received a W2 form that belonged to another employee. The company announced that one of their vendors, ADP, who works with a large national vendor that mails all of ADP's W2's, has experienced an error in their technology.

A glitch in the mail vendors' technology caused the barcode to input the incorrect barcode on the envelopes. The US Postal Service and delivered based on the barcode, not the name or address shown on the envelope.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 8, 2014 Medtronic
Minneapolis, Minnesota
MED HACK

Unknown

It has been reported that Medtronic, the world's largest medical device maker's computer network  has been hacked sometime in the first half of 2013. It is not clear what type of information the hackers were targeting. Federal laws meant to safeguard medical information require companies to disclose any breach involving patient information, so far Medtronics has not made these disclosures.

The attacks point to Chinese hackers and the medical device company was not aware of the intrusions until federal authorities contacted them and they have now formed a task force to investigate the breach. A spokewoman for the medical device maker would not comment on any specific attacks.

 
Information Source:
Media
records from this breach used in our total: 0

February 8, 2014 Boston Scientific
Natick, Massachusetts
MED HACK

Unknown

It has been reported that Boston Scientific, a medical device maker's computer network  has been hacked sometime in the first half of 2013. It is not clear what type of information the hackers were targeting. Federal laws meant to safeguard medical information require companies to disclose any breach involving patient information, so far Boston Scientific has not made these disclosures.

Denise Kaigler, a Senior Vice President of Corporate Affairs with Boston Scientific stated "like many companies, Boston Scientific experiences attempts to penetrate our networks and systems and we take such attempts seriously. We have a dedicated team to detect and mitigate attacks when they occur as well as to implement solutions to prevent future attacks." Ms. Kaigler would not comment on the specifics of any attack, but described the media reporting as "inaccurate".

The attacks point to Chinese hackers and the medical device company was not aware of the intrusions until federal authorities contacted them and they have now formed a task force to investigate the breach.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 5, 2014 K. Min Yi, MD, Inc.
San Jose, California
MED PHYS

4,676

Dr. K. Min Yi informed patients of a burglary that occurred at the surgeon's facility on May 28, 2013, in which the burglars stole a desktop hard drive and an external hard drive that had over 4,000 patients records on them.

The information included patients medical history, including lab and radiology reports, surgical information, names, addresses, telephone numbers, dates of birth and insurance information of the primary insured individual. They do not believe that patient Social Security numbers were compromised, however the SSN of the primary insured may have been exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 12, 2014 Las Vegas Sands Hotels and Casinos
Las Vegas, Nevada
BSO HACK

Unknown

Las Vegas Sands recently launched an investigation into a security breach of several of their casino websites.  Both the Venetian and the Palazzo had the homepage of their websites hacked and there could be others.

Currently it is unknown if credit card information and/or customer data was compromised.

The hackers responsible for the breach posted employee information including email addresses and Social Security numbers, on the website for the Sands Casino Resort in Bethlehem. The hackers also posted an image of Sands Chairman and CEO Sheldon Adelson posing with the Israeli Prime Minister, Benjamin Netanyahu.

In additional to Las Vegas and Bethlehem, websites for casinos in Macau and Singapore were also hacked.

UPDATE (2/28/2014): Las Vegas Sands Casino released a statement that the attackers who breached the company website did compromise customer and employee data, which included Social Security numbers, driver's license numbers and a mailing database. The data breach affected customers at their location in Bethlehem Pennsylvania. They are currently investigating their additional locations to see if similar data was affected. Origininally the company had communicated that customer data was not affected.

 
Information Source:
Media
records from this breach used in our total: 0

February 10, 2014 Nielsen
New York, New York
BSO INSD

Unknown

Nielsen company announced that an undisclosed number of Nielsen Audio employees are being notified that their personal information including names and Social Security numbers may be at risk after an employee with their Human Resources department mistakenly sent out a mass email containing the data.

It is currently unknown how many employees were affected.

The Nielsen Audio employee mistakenly emailed a file containing the information to other Nielsen Audio employees, who then forwarded the email containing the file to others within the Nielsen environment. These employees were unaware of the contents of the file.

 
Information Source:
Media
records from this breach used in our total: 0

February 11, 2014 Bank of the West
San Francisco, California
BSF UNKN

Unknown

Bank of the West notified individuals regarding a recent data breach that may have involved stolen personal information such as Social Security and driver's-license numbers.

The company sent letters and e-mails to anyone who applied for a job with the company before Dec. 19, the date the breach was discovered.

Currently they are not releasing any information as to the type of information breached or the timeframes the information may have beeen exposed.

"It could've been user name and pass code; it could've been more personal information like Social Security numbers, driver's license, date of birth," said Debra Jack, Bank of the West spokeswoman. "We don't have conclusive evidence that personal information was taken, but we sent those letters as a precaution."

The target of the breach was an online application system that had been retired earlier in 2013, the company disabled the affected servers and is now investigating with help from the FBI.


 
Information Source:
Media
records from this breach used in our total: 0

February 15, 2014 Kickstarter
Greenpoint, Brooklyn, New York
BSO HACK

Unknown

The crowd-funding site, Kickstarter, was infiltrated by hackers who made off with user information including usernames, email addresses, mailing addresses, phone number and encrypted passwords.

The company has said that no credit card information was taken.

"Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one," the site said in a blog post, adding that "as a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password."

The company was made aware of the breach when contacted by law enforcement.  The company communicated that they "immediately closed the security breach and began strengthening security measures throughout the Kickstarter system." The site also said "no credit card data of any kind was accessed by hackers" and that "there is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts."

 
Information Source:
Media
records from this breach used in our total: 0

February 14, 2014 Forbes.com
New York, New York
BSO HACK

Unknown

Forbes.com announced on their Facebook page February 14th, that they had been a target of a data breach by hackers.

They claim that "the email address for anyone registered with Forbes.com has been exposed Please be wary of emails that purport to come from Forbes, as the list of email addresses may be used in phishing attacks.  The passwords were encrypted, but as a precaution, we will strongly encourage Forbes.com readers to change their passwords on our system once we make sign-on available again".

 
Information Source:
Media
records from this breach used in our total: 0

February 15, 2014 Blue Shield of California
San Francisco, California
BSO UNKN

Unknown

On January 15, 2014, Blue Shield of California received information that a transaction confirmation page on their website was displaying Agent ID numbers and in some cases those Agent ID numbers were the agent's Social Security number.

The website page shows billing, payment and other account information associated with an applicant/policyholder's Blue Shield account. Blue Shield uses the agent's name and agent ID number as a means of associating the agent with their client in order to facilitate record keeping and policy administration.  The transaction confirmation pages that display and agent's ID/SSN number were visible to those policy holders who applied and/or initiated payment of a current policy through Blue Shield's Website from December 20, 2013 and January 16, 2014.

It is unknown at this time if the exposed SSN's have been misused.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 20, 2014 Department of Resources, Recycling and Recovery
Sacramento, California
GOV DISC

Unknown

On January 23, 2014 a Human Resource Officer with the office of Resources, Recycling, Recovery notified individuals that an email went out mistakenly to numerous third parties associated with the agency.  These third party specialists were hired by the agency to assist in HR issues and are known to the agency as "Personal Liaisons".  The report that was mistakenly sent contained first initials, middle initials, last names and Social Security numbers.

The agency has contacted these third party liaisons asking them to immediately delete the email and shred any paper reports.

The company is also recommending anyone affected by the breach, place a fraud alert  with the credit agency's.

For those affected who have further questions, they should call Romana Herrera at (916) 341-6285.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 21, 2014 Discover Financial Services
Salt Lake City, Utah
BSF CARD

Unknown

Discover Financial Services sent a notice to their card holders that they were replacing their current cards in wake of all of the retail data breaches. They stated this was not due to a breach of their own systems.

The card replacement specifically replaces the security codes on the back of the card withouth changing the card holders current account number.

They have stated to their members this was strictly a security measure on behalf of Discover Financial Services. No information was communicated in the letter that the members card had been compromised.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 25, 2014 Mt. Gox- Worlds Largest Bitcoin Exchange
,
BSF HACK

Unknown

Tuesday, February 25, 2014 one of the largest Bitcoin exchanges in the world was hacked and 744,408 BTC (bitcoins) went missing, which is equivalent to $350 million dollars at todays trading prices.

MtGox publicly declared that "transaction malleability" was the reason behind the theft and reportedly the hackers went undetected for over 2 years. It has been reported they hackers detected a weakness in the "hot wallet"

This is not the first time Mt. Gox has been hacked. In 2011 the exchange was also infiltrated by hackers. Last year the U.S. authorities seized $5 million of the company's U.S. assets.

Mt. Gox has suspended all withdrawals and has shutdown its website.

 
Information Source:
Media
records from this breach used in our total: 0

February 26, 2014 Apple
Cupertino, California
BSO HACK

Unknown

Apple has revealed a security protocol breach of their iOS and OS X systems. The hacker was able to insert him/herself between the initial verfication and verification session's destination server. This type of hacking allows the hacker to take over as the trusted user. The destination server sees the hacker as the trusted user and will then allow the hacker to access secured connections such as websites, email messages, applications where you would typically enter a user id and password.

 
Information Source:
Media
records from this breach used in our total: 0

February 26, 2014 The Variable Annuity Life Insurance Company
Amarillo, Texas
BSF INSD

774,723

Variable Annuity Life Insurance Company has announced a breach that occurred in 2007. The company just discovered the breach in November of 2013. The discovery led to a previous employee of the company in possession of information relating to some of their customers.  The information included customer names and either partial or complete Social Security numbers.

The company has stated that they know of no unusual activity involving the stolen files but have set up identity protection services for one year for the affected parties.

Call 1-713-831-6316 with questions.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 27, 2014 L.A Care Health Plan
Los Angeles, California
MED DISC

Unknown

Los Angeles Care Health Plan notified customers of a data breach to their system. Customers were informed that a processing error occured in their system that may have involved accidental disclosure of their information. They were made aware of an issue in their payment portal that allowed one member to see another members name, address and member identification number.

Upon learning about the breach, they temporarily disabled the payment portal and reassigned new membership ID's to those members affected.  The disclosures took place  from January 22, 2014 through January 24, 2014. The breach is being blamed on a manual processing error which has now been corrected.

They are stating that the information was limited to member name, address and member identification number and did not include any other information, such as Social Security number, Driver's License number, or financial account numbers.

The company has requested those affected either email L.A Care's Privacy Office at PrivacyOfficer@lacare.org or by telephone 1-855-270-2327 or a letter to 1055 West 7th Street, 10th Floor, Los Angeles, CA 90017.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 28, 2014 Sears
Hoffman Estates, Illinois
BSR HACK

Unknown

Sears announced that the Secret Service is investigating Sears Holdings Corporation as a target of a similar security breach that hit Target and Neiman Marcus toward the end of 2013.

Sears spokesperson, Howard Riefs in an emailed statement stated "there have been rumors and reports throughout the retail industry of security incidents at various retailers, and we are actively reviewing our systems to determine if we have been a victim of a breach,” additionally,  “we have found no information based on our review of our systems to date indicating a breach.” said Riefs.

 
Information Source:
Media
records from this breach used in our total: 0

June 7, 2013 Raley's Supermarket
West Sacramento, California
BSR HACK

Unknown

Raley's supermarket announced they may have been the target of a cyberattack that affected customers who used their credit or debit cards at any of its stores. The supermarket chain launched an investigation but had yet to find any evidence of unauthorized access to payment card data.

Reportedly, the supermarket chain was contacted by a credit card company regarding  suspicious activity on customers credit cards on May 30, 2013.

 
Information Source:
Media
records from this breach used in our total: 0

March 3, 2014 Various Taxi Cab Companies in Chicago
Chicago, Illinois
BSO HACK

466

In an unprecedented move, First American Bank made a public announcement regarding fraudulent activity they were seeing on both credit and debit cards of customers with their bank specifically related to cab rides in the city of Chicago.

The bank is urging both residents and tourists to avoid paying for their cab rides with either debit or credit cards. The ongoing breach appears to be related to the card processing systems used by a significant amount of taxis in the city of Chicago.

The bank has reported the breach to MasterCard. They have also reached out to Banc of America Merchant Services and Bank of America, the payment processors for the affected payment systems within the affected taxi cab companies. First American Bank is urging that Banc of America Merchant Services and Bank of America discontinue payment processing for the taxi companies who have been targeted in this breach. So far, neither entity is commenting on the breach or appear to be haulting the processing services.

 

 
Information Source:
Media
records from this breach used in our total: 0

March 4, 2014 Smucker's
Orrville, Ohio
BSR HACK

Unknown

Smucker's announced a data breach to their Online Store, stealing customer data that could have included customer names, addresses, email addresses, phone numbers, credit card or debit card numbers, expiration dates, and verification codes.

The hackers utilized a sophisticated malware that steals information from Web server applications. This particular malware obtains form data submitted by visitors as customers entered the data for the online checkout process.

These particular hackers look for weaknesses in either the end-users computer or weakensses in the Web server. If there is a weakenss in either one, that web session then becomes compromised and the hackers "suck down customer data post or pre-encryption (this all depends on whether the data was incoming or outgoing)".

KrebsOnSecurity noted "when a reader first directed my attention to the Smucker's breach notice, I immediately recalled seeing the cmopany's name among a list of targets picked last year by a criminal hacking group that plundered sites running outdated, vulnerable versions of ColdFusion, a Web applicatoin platform made by Adobe Systems Inc".

 
Information Source:
Media
records from this breach used in our total: 0

Breach Total
930,526,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,427 DATA BREACHES made public since 2005
Showing 4201-4250 of 4427 results


X

Sign In!

Loading