Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
872,602,323 RECORDS BREACHED
(Please see explanation about this total.)
from 4,377 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
January 10, 2014 Barry University
Portland, Oregon
EDU HACK

Unknown

Barry University informed individuals of a security incident that may have affected personal information maintained by the university.

On May 14, 2013, Barry University detected malware which infected a laptop owned and used by Barry University. The files infected included full names, dates of birth, Social Security numbers, driver's license numbers, bank account numbers.

The university is offering a free one-year credit monitoring service. They've supplied a phone number to those affected at 1-800-981-7571 and to reference number 47911.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

December 2, 2013 UNICEF ("U.S.Fund")
New York, New York
GOV HACK

Unknown

On December 2, 2013 the United States Fund for UNICEF discovered unauthorized access to one of the U.S Fund's servers on or around November 4, 2013. The initial investigation by the agency showed only one server affected, however the personal information exposed included names, credit card numbers, credit card security codes, expiration dates of the cards, bank account numbers, phone numbers, and email addresses.

 

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

January 3, 2014 Agency of Human Services
Williston, Vermont
GOV DISC

Unknown

Vermont Agency of Human Services notified individuals of a data breach containing names and Social Security numbers of individuals. The email distribution list inadvertently included all AHS employees and some contractors. According to the agency, the email was opened by numerous AHS employees, a subsequent email was promptly sent that instructed recipients of the email to "hard delete" it so it did not remain in their email delete box.

For those with questions or concerns can call Joanne Dunster, Benefit Programs Assistant Administrator/ESD HIPAA Liaison at 1-802-769-6155.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

March 11, 2014 City of Hope
Duarte, California
MED STAT

Uknown

The City of Hope was informed by one of their vedors, Sutherland Healthcare Solutions, Inc. regarding a burglary that happened in one of their offices, where the thieves stole eight of their computers. Two of the computers contained City of Hope patient and patient guarantor information. Both computers were password protected. Sutherland Healthcare Solutions provides billing services for the City of Hope, who has since suspended their relationship with Sutherland.

The information on the computers contained Social Security numbers, names, addresses, phone numbers, medical record numbers, account numbers and/or diagnoses. Law enforcement is currently investigating the incident.

The City of Hope has secured the services of Kroll, a risk mitigation company, to provide identity theft protection at no cost for one year for those who may have been affected.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 7, 2014 John Hopkins University
Baltimore, Maryland
EDU HACK

1,307

University officials at John Hopkins University announced a data breach of their Department of Biomedical Engineering's Design Team course web server. A hacker claiming to be part of the group Anonymous claimed credit for the hack.

The hackers made an attempt to extort the university out of server passwords, but the university did not comply with the request.

Officials at the university said that the server did not contain Social Security numbers, birth dates, credit card numbers or any financial data. The data the server did contain included employee data that is publicly available from the department's website. Those affected include any students from the BME department who were enrolled in the course from 2006 to this past fall. Approximately 1,307 individuals may have been affected.

There was a coding error that left the database vunerable was identified and fixed but not prior to the hackers infiltrating the system. The server was primarily used to produce the BME department's website. Although the breach happened late last year, it was not realized until someone posted on Twitter in January that the server was open to attack.

 
Information Source:
Media
records from this breach used in our total: 0

March 10, 2014 Statista
New York, New York
BSO HACK

50,000

Online statistics portal, Statista, notified customers of a data breach that occurred with their system. The breach was noticed when the company internally started receiving spam emails. The company investigated and approximately 50,000 of its customers username and password combination were compromised.

The company has not said whether or not the breach goes beyond access to username and passwords, but at present, this seems to be all that has been affected.

The company notified users almost immediately and assured them that the compromised passwords "cannot be used by third parties due to masking procedures".  The company did not encourage customers to change their passwords.

Experts are questioning how secure the passwords are for those that created accounts prior to December 2013 and have stated that "the passwords of those who signed up before this data were stored in the Statista database as MD5 hashes. As many experts will tell you, MD5 passwords can be easily cracked".

The main risk for those affected would be a higher incidence of spam and phishing emails, potentially impersonating Statista.

 
Information Source:
Media
records from this breach used in our total: 0

March 13, 2014 Silversage Advisors
Irvine, California
BSF PORT

Unknown

On February 20, 2014 Silversage Advisors notified customers of a theft of back-up computer drives from a secure offsite location used as part of the company's disaster recovery plan. The drives contained names, addresses, Social Security numbers, driver's license numbers and account information.

The company is providing one year of Breach Protector credit monitoring and identity theft restoration coverage. For those affected with question they are to call 1-888-969-7500.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 17, 2014 Arcadia Home Care and Staffing
Southfield, Michigan
MED INSD

Unknown

Arcadia Home Care/Arcadia Health Services, Inc. notified employess of unauthorized access of their files by an independent contractor for Arcadia by the name of Charles E. Symes, II and his new business Alegre.  Mr. Symes was previously authorized to use Arcadia's database, which contained personal information, but only for authorized purposes and access.

The company discovered Mr. Symes gaining unauthorized access to employee's personal information which included names, Social Security numbers, addresses, bank account information, California driver's license and other information.

The company believes the information was breached on or around January 2014 through March 1, 2014. For questions the company is asking those affected to call1-800-733-8427800-733-8427.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 17, 2014 ELightBulbs.com
Maple Grove, Minnesota
BSR HACK

Unknown

Elightbulbs.com is in a series of companies who have had security breaches due to exposure of ColdFusion weaknesses. The online company was contacted by Discover card alerting them to a pattern of fraudulent activity on cards that were recently used at their store. This is a similar incident to what happened with Smucker's. ELightbulbs.com was listed in the ColdFusion botnet panel.

The Vice President of the company, Paul McLellan said "he first learned of the breach on November 7, 2013 from his company's processor, Heartland Payment Systems". He also stated that "shortly before we were told by Heartland, we paid $6,000 a year for a company to brutalize our server, for protection and peace of mind. Turns out this flaw had existed for two years and they never saw it."

The FBI has stated that group responsible for the attack have also compromised much higher-profile targets as well.

 
Information Source:
Media
records from this breach used in our total: 0

March 17, 2014 Kichlerlightinglights.com
New York, New York
BSR HACK

Unknown

KichlerLightingLights is another victim of the ColdFusion botnet. The company's owner Gary Fitterman stated "It was like being attacked by terrorists. When we learned what had happened, we immediately went into frenzy, spent a ton of money to get forensic experts to take a look."

The hacking gang used vunerabilities in Adobe's ColdFusion to build a botnet of hacked ecommerce sites, designed to bilk the customers credit card data, KichlerLightingLights was just another one of the ecommerce sites affected.

The various companies that have been affected all handled credit card processing on their site. Mr. Fitterman has now outsourced all of his credit card processing transactions to a third party company.

Experts state that if you run your own credit card processing you must be diligent about software updates.

 
Information Source:
Media
records from this breach used in our total: 0

March 12, 2014 NoMoreRack.com
New York, New York
BSR HACK

Unknown

As reported by Krebs On Security, for the second time since August 2013, the "online retailer NoMoreRack.com has hired a computer forensics team after being notified by Discover about a potential breach of customer card data."

The Director of Business Development with company, Vishal Agarwal, has confirmed that they were approached by Discover Card in August of 2013, communicating that they were seeing fraudulent activity and the online retailer was the point of compromise.

As stated by Mr. Agarwal "they requested then that we go through a forensics audit, and we did that late October by engaging with Trustwave. Trustwave came out wtih a report at end of October saying there was no clear cut evidence that our systems had been compromised. There were a few minor bugs reported, but not conclusive evidence of anything that caused a leakage in our systems."

Discover reached out the company again in February to notify them that there was additional evidence of fraud associated with their online store from November 1, 2013 through January 15, 2014.

The company has again engaged Trustwave to complete another forensic audit and to also confirm that they are PCI compliant.

 
Information Source:
Media
records from this breach used in our total: 0

March 11, 2014 Cornerstone Health Care
Hight Point, North Carolina
MED PORT

548

Cornerstone Health Care reported a laptop containing information for 548 patients was stolen from Cornerstone Neurology sometime between December 31, 2013 and January 6, 2014.

The laptop contained protected health information such as patient names, dates of birth, physician names and nerve conduction scan summaries. The laptop did not contain any addresses, billing information, or Social Security numbers. The laptop was not connected to their third party billing company or their electronic health records.

Since the theft the medical practice has revised its procedures and policies, retrained the staff on securing patient information and replaced locks on rooms with electronic medical devices.

 
Information Source:
Media
records from this breach used in our total: 0

March 11, 2014 Emory Dialysis Center, part of Emory Clinic
Atlanta, Georgia
MED PORT

826

An employee of Emory Dialysis Center, notified the center that his work laptop had been stolen out of his car on February 7, 2014.

The laptop was protected by a password but was not encrypted. The laptop contained information for 826 patients which included dates of services, blood flow test graphs, first and last names for approximately half of the patients, the rest were the patients initials. They center has stated that the laptop did not contain dates of birth, addresses, billing information or Social Security numbers.

HSM (Health Systems Management) who runs the clinic is now password protecting all laptops and encrypting patient information.

 
Information Source:
Media
records from this breach used in our total: 0

March 18, 2014 Yellowstone Boys and Girls Ranch (YBGR)
Billings, Montana
MED PHYS

Unknown

The Yellowstone Boys and Girls Ranch which treats mental health issues for children and teens reported that a binder was lost or destroyed sometime in 2013. The binder contained information that included names, addresses, dates of birth, parents' names, programs and treatment professionals' information. They have stated that no financial or Social Security information was stored in this binder.

 
Information Source:
Health IT Security
records from this breach used in our total: 0

March 20, 2014 Marian Regional Medical Center
Santa Maria, California
MED DISC

Unknown

Marian Regional Medical Centers (Santa Maria and Arroyo Grande Campuses) notified patients of a data breach. A secured electronic file containing patients information was sent to a contracted health insurance plan in error. The health insurance plan notified the company immediately that they received the email in error.

The file included names, addresses, types of insurance, dates of birth, dates of service, types of laboratory tests and test results for dates of service between March 1 and March 6, 2014. The company has stated that the Social Security number was not included in the electronic file.

For those affected the company has asked questions or concerns to be directed to a toll free number 1-877-906-16031-877-906-1603.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 21, 2014 Castle Creek Properties, Inc./Rosenthal Wine Shop
Malibu, California
BSR HACK

Unknown

Castle Creek Properties Inc/ Rosenthal Malibu Estate notified customers of unauthorized access to computer systems used to process credit card transactions at their Rosenthal wine shop.

The unauthorized access may have compromised payment card data of visitors who used their cards for payment of items at the wine shop tasting room. Information compromised included names, addresses, payment card account numbers, card expiration dates and security codes.

The company is offering a complimentary one year membership of Experian ProtectMyID Alert. For those affected and wish to enroll in the services they are asked to call 1-310-899-8903.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 21, 2014 San Francisco Department of Public Health/Sutherland Healthcare Solutions
San Francisco, California
MED STAT

Unknown

San Francisco Health Network/San Francisco Department of Public Health has notified patients that their information may have been compromised as well, due to the recent theft of computers at Sutherland Healthcare Solutions. Sutherland is the third party billing company for the San Francisco Department of Public Health.

The information contained in the stolen computers included names, dates of birth, Social Security numbers, dates and location of services and names of insurance companies or payers.

The agency is providing one year of ID Experts. Anyone who was affected is encouraged to contact ID Experts with any questions and to enroll in the service by calling 1-866-486-4809 or by going to their website www.myidcare.com/idexpertshealthcareprotection. Documentation was sent to the affected parties that provided steps for enrollment and an access code for entry. Deadline to enroll is July 31, 2014

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 20, 2014 Auburn University
Auburn, Alabama
EDU HACK

Unknown

Auburn University notified individuals of a compromised server within the College of Business network. This incident could have resulted in unauthorized access to personal information including Social Security numbers and names. The investigation is ongoing and the University has reportedly patched the vulnerability in their system.

They have no evidence as of yet if any information was accessed or misused in any way. The University is offering a one year complimentary membership of Experian's ProtectMyID Alert.  For questions or concerns, affected parties should call 1-877-371-7902.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

March 18, 2014 The Shelburne Country Store
Shelburne, Vermont
BSR HACK

Unknown

The Shelburne Country Store notified customers of a computer hack to their payment processing system, similar to reported attackes by other national retailers such as Target and Neiman Marcus.

The information compromised included names, addresses, credit or debit card numbers, expiration dates and verfication codes. They believe the breach occured between November 13, 2013 and January 6, 2014.  They are unclear as to how many purchases were affected.

The company has set up AllClear ID protect your identity for 12 months at no cost to those affected. They can either email support@allclearid.com or call 1-855-434-8077.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

March 22, 2014 California DMV
Sacramento, California
GOV HACK

Unknown

The California DMV is investigating a potential data breach of their credit card processing systems. Reportedly several large financial institutions received private alerts this week from MasterCard about compromised cards used for charges.

As reported by Krebs on Security, "the alert, sent privately by MasterCard to financial institutions this week, did not name the breached entity but said the organization n question experienced a "card-not-present" breach-industry speak for transactin conducted online. The alert further stated that the date range of the potentially compromised transactions extended from August 2, 2013 to January 31, 2014, and that the data stolen included the card number, expiration date, and three-digit security code printed on the back of cards".

Krebs contacted 5 different financial institutions, two mid-sized California banks and "confirmed receipt of the MasterCard notice, and said that all of the cars MasterCard alerted them about as cmopromised had been used for charges bering the notation "STATE OF CALIF DMV INT."

The DMV, who originally stated they would investigate, put out a statement at 6:44 Eastern Time on March 22, 2014, placing blame on the the third party credit card processing company.

The total amount of individuals potentially affected at this time is unknown. KrebsOnSecurity stated that they had received a list of more than 1,000 cards, from one bank, that were potentially exposed that included credit card numbers, expiration dates and three-digit security codes printed on the back.

 
Information Source:
Krebs On Security
records from this breach used in our total: 0

March 27, 2014 Orlando Health's Arnold Palmer Medical Center
Orlando, Florida
MED PORT

586

A computer flash drive containing patient information on 586 children treated at Orlando Health's Arnold Palmer Medical Center is missing or reportedly been "misplaced"

The information included last names, assigned medical record numbers, dates of birth, gestational ages, birth weights, dates of hospitalizations, and in some cases, transfer dates of children who were patients at Arnold Palmer Hospital for Children or Winnie Palmer Hospital for Women and Babies between 2009 and 2013.

 
Information Source:
Media
records from this breach used in our total: 0

March 25, 2014 University of Kentucky HealthCare/Talyst
Lexington, Kentucky
MED PORT

1,079

UK Healthcare is notifying 1,079 patients that a laptop with their personal health information was stolen on February 4, 2014 from Talyst, a third party pharmacy billing management company.

The vendor's laptop included names, dates of birth, medical record numbers, diagnosis, medications, laboratory results, progress notes, allergies, height and weights, dates of service, physician name and clinics, insurance carrier, insurance identification numbers.

 
Information Source:
Media
records from this breach used in our total: 0

March 25, 2014 American Express
New York, New York
BSF HACK

Unknown

American Express sent out notification to cardholders regarding unauthorized activity on their cards from unnamed merchants. American Express has stated that names, card account numbers and expiration dates of cards could have been affected. At this time they have stated that no Social Security numbers have been affected.

American Express has placed a fraud alert on their cardholders credit reports. For those affected they are to call 1-800-297-7672 for identity theft assistance or email www.americanexpress.com/idtheftassistance.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 28, 2014 Palomar Health
Escondido, California
MED PORT

5,000 patients

Palomar Health in Escondido had a laptop stolen along with two flash drives from an employee's SUV. Approximately 5,000 patients were affected by the breach.

The flash drives contained patient names, dates of birth, information regarding individual diagnosis, individual treatment and insurance information. The computer was encrypted but the flash drives were not. The information dates back to 2008.

The Oceanside police have recovered the laptop and the missing flash drives, one person was arrested and a possible second suspect arrest may follow.

Those patients who may have been affected can reach the health care system for more information at 1-866-313-79931-866-313-7993. The company is offering credit monitoring services for those individuals whose medicare numbers were compromised.

Palomar could face a fine as high as $250,000 from the California Department of Health.

 
Information Source:
Media
records from this breach used in our total: 0

April 2, 2014 Kaiser Permanente Northern California Division of Research
Oakland, California
MED HACK

5,100 patients

Kaiser Permanente's Northern California Division of Research informed research patients of a data breach to their system. The company discovered that a server was infected by a malicious software that caused a breakdown in the server's security barriers allowing the hackers to obtain personal information.

The information included firs names, last names, dates of birth, ages, genders, addresses, race/ethnicities, medical record numbers, lab results all associated with research provided by individuals as part of research studies.

Currently the company has stated that no Social Security numbers or their Kaiser electronic medical record information used for ongoing medical care was not affected.

Those affected with questions are asked to call 1-877-811-00191-877-811-0019 from 8 a.m to 6 p.m PDT Monday through Friday or the Department of Health and Human Services through the Office for Civil Rights at 1-800-368-10191-800-368-1019.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 3, 2014 Cole Taylor Mortgage
Portland, Oregon
BSF DISC

Unknown

Cole Taylor Mortgage (a division of Cole Taylor Bank) informed customers of a data breach that occured due to an error by one of their third party vendors. Information was inadvertently made accessible to employees of another federally regulated bank.

The information included names, addresses, Social Security numbers, loan numbers and certain loan information. According to the mortage company, the breach was caused by a technical error by the vendor that provides them information technology services and solutions to both banks.

The company has established a dedicated toll-free hotline for those who were affected at 1-800-572-9809.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 7, 2014 American Express Company
New York, New York
BSF CARD

Unknown

Amercian Express Company informed customers that their credit card information was recovered as part of an investigation by law enforcement agencies and/or American Express. The information reportedly only included the American Express Card account numbers, no Social Security numbers were impacted.

Those individuals who notice suspicious activity on their account are asked to call 1-855-693-22131-855-693-2213 to notify the company.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 6, 2014 BigMoneyJobs.com
Uknown,
BSO HACK

36,802

The recruiting site BigMoneyJobs.com has apparently been breached by a hacker that goes by the name of ProbablyOnion by exploiting an SQL Injection vulnerability. The details of over 36,000 users have been leaked online due to the breach.

The information included names, home addresses, phone numbers, emails and passwords of 36,802 users have been published in a Excel file. The information covers both individuals looking for a job and companies looking for talent.

 
Information Source:
Media
records from this breach used in our total: 0

April 2, 2014 Boxee
Ridgefield Park, New Jersey
BSO HACK

158,128

The personal data of over 158,000 Boxee.tv forum accounts were hacked and leaked online to a Tor Internet site and at least one researcher. The information included email addresses, birth dates, IP addresses, message histories, and password changes. It also included message archives and past password changes.

The company was purchased by Samsung last July.

 
Information Source:
Media
records from this breach used in our total: 0

April 2, 2014 California Correctional Institution
Tehachapi, California
GOV PHYS

Unknown

On March 9, 2014 an employee roster was discovered within an unsecure desk drawer at one of the correctional facilities.

The roster included full names and the last 6 digits of Social Security numbers.

For those affected they are being directed to call Tim Fites, Information Security Coordinator at 1-661-823-5011.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 27, 2014 Sorenson Communications and CaptionCall
Salt Lake City, Utah
GOV HACK

Unknown

On March 7 it was discovered that there was an unauthorized access to Sorenson Communications employee data via the payroll vendor utilized for both Sorenson Communications and CaptionCall employees. The personal information breached includes both the employee, beneficiaries, dependents, and emergency contacts, or anyone listed in the employees HR account with the company.

The information includes names, dates of birth, addresses, Sorenson income histories, Social Security Numbers, W-2 information, and emergency contact data and appeared to have happened between February 20, 2014 through March 3, 2014.

The FBI has been contacted and is investigating the breach. An email was sent to all those affected on March 11th with instructions on how to enroll in the company-provided credit monitoring services. If an email was not received they are requesting those individuals contact the Human Resources Department at hrsupport@sorenson.com to obtain the information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 8, 2014 StumbleUpon
San Francisco, California
BSO HACK

Unknown

The San Francisco based Internet company has informed customers of a potential breach that may have occured in their system. The company sent notification out to customers noticing suspicious activity on their account and in turn locked their accounts and reset their passwords.

The company reported that the breach included only passwords.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 9, 2014 Clinical Reference Laboratory
Lenexa, Kansas
MED PHYS

Unknown

Clinical Reference Laboratory, Inc. notified individuals of a breach regarding their personal information. On or around February 6, 2014 Clinical Reference Laboratory (CRL) sent a packet of invoices via the United States Postal Service to Nationwide Insurance for services performed. The package was damaged when it arrived at the USPS facility and some of the invoice pages were missing.

The information in these missing pages included names, dates of birth, the last 4 digits of individuals Social Security number and the type of lab tests conducted.

The company has arranged a free one year subscription through Equifax Personal Solutions.

For those affected with questions they can call CRL at 1-855-758-75431-855-758-7543 or disclosurehelp@crlcorp.com.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

April 11, 2014 LaCie USA
Tigard, Oregon
BSR HACK

Unknown

LaCie USA was informed by the FBI that they had found indications that an unauthorized person used malware to gain access to information from customer transactions that were made through LaCie's website.  Reportedly, the transactions that may have been affected happened from March 27, 2013 through March 10, 2014.

The information breached included names, addresses, payment card numbers and card expiration dates. Also included could be an individuals LaCie username and password to access the website.

For those affected they are asked to call Monday through Friday from 9:00 a.m through 7:00 p.m EDT (eastern time).

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 11, 2014 University Urology, P.C.
Knoxville, Tennessee
MED PHYS

1,144

University Urology P.C of Knoxville Tennessee informed patients of a data breach regarding their personal information. According to the practice, the information was limited to names and addresses and that no Social Security numbers, financial account information or clinical information was exposed.

According to a statment by the facility, an administrative assistant had compiled the data in an effort to sell it to a competing provider, helping them gain patient business. Patients contacted University Urology to let them know that the competing provider had been soliciting their business.

 
Information Source:
Media
records from this breach used in our total: 0

April 22, 2014 NCO Financial Systems Inc.
Horsham, Pennsylvania
BSF DISC

Unknown

NCO Financial Systems Inc. informed customers of a data breach when their third party communication vendor, RevSpring, Inc. sent an email to a number of loan customers that mistakenly included an attachment that contained loan statements. The information on these statements included names, addresses, Social Security numbers, and account numbers.

The company is offering 12 months free of ProtectMyID through Experian. A letter with a code went out to those individuals affected. Those with questions are asked to call 1-866-274-43711-866-274-4371.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 22, 2014 Snelling Staffing LLC
Dallas, Texas
BSO DISC

Unknown

Snelling Staffing LLC informed current and previous employees of a data breach that exposed personal information to others via the Internet due to an installation error of a cloud based server at the home of a former Snelling employee, on January 24, 2014.

The information exposed included Social Security numbers, driver's license numbers, dates of birth, home addresses, medical information, alleged criminal activity and/or drug test results.

The company did discover that breach and shut down access to the information within the same day.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 14, 2014 Wilshire Mutual Funds
Kansas City, Missouri
BSF DISC

Unknown

Wilshire Mutual Funds informed customers of a data breach that took place on March 13, 2014. It was brought to the company's attention that a copy of individuals 1099-Div tax form was sent by fax to an incorrect shareholders in error.

The information contained on the 1099-Div form included registered owner's names, the registration of the mutual fund account, the addresses of record, the last 4 digits of the Social Security numbers, the fund and account numbers assigned in their recordkeeping system, the taxable amounts, and the Payer's (Wilshire Equity Fund) Federal ID number.

Those affected with questions are asked to call 1-866-591-15681-866-591-1568 or to send written correspondence to P.O. Box 219512, Kansas City, MO 64121-9512 or by overnight mail to 430 W. 7th Street, Kansas City, MO 64105.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

April 28, 2014 AOL
New York, New York
BSO HACK

Unknown

AOL has sent a message to millions of its account holders of a data breach to their system urging them to change their usernames and passwords. AOL won't confirm an exact number but it appears to be approximately 2 percent of its accounts.

AOL noticed the attack when a significant amount of spam began appearing from spoofed emails from AOL account holders email addresses.

 
Information Source:
Media
records from this breach used in our total: 0

April 30, 2014 Boomerang Tags.com
Pismo Beach, California
BSR HACK

Unknown

Boomerand Tags.com notified customers of a data breach to their online website. The company released a letter to customers stating that hackers installed some form of malware onto the server that manages their website. The motivation of the hackers appears to be to gain the credit card information of the individual. Individuals financial information may have been exposed from July 4, 2013 through February 18, 2014.

Any further questions for those who may have been affected they can email the company at http://www.boomerangtags.com/page.php?c=contact#email_form

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 1, 2014 JCM Partners LLC
Suwanee, Georgia
BSO HACK

Uknown

JCM Partners informed customers of a data breach that occured when a file containing personal information of housing applicants was taken from a JCM database and posted on an unauthorized website. An internal investigation was launched.

The information in the file included Social Security numbers, driver's license numbers, email addresses and mailing addresses.

The company is providing 12 months of AllClear Secure and those affected are automatically eligible and can call 1-877-979-2595.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 5, 2014 ground (ctrl)
Sacramento, California
BSO HACK

Unknown

ground(ctrl) operates social networking community websites focused on musicians, informed customers of a data breach to their website. The information breached included e-mail addresses and passwords. The company did inform customers that their credit card information was never stored with them and was not at risk.

For those affected, the company is recommending that usernames and passwords be changed. For questions individuals can call 1-877-463-2875 or via email at security@groundctrl.com.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 6, 2014 California Department of Child Support Services
Rancho Cordova, California
GOV PHYS

Unknown

The California Department of Child Support Services has notified individuals of a data breach that resulted in unauthorized disclosure of personal information. On April 7, 2014 letters from the Solano County Department of Child Support Services were misplaced while in the custody of a contracted courier who was transporting mail to the US Post Office.

Those affected are asked to call the Department of Child Support Services at 1-866-901-3212.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 25, 2014 Willis North America Inc.
Nashville, Tennessee
BSO DISC

Unknown

Willis North America Inc, informed customers that on "March 19, 2014 an email was sent internally to a group of current Willis Associates who were enrolled in the medical Plan's Healthy Rewards Program". The original email sent out to customers was as a reminder for a special program through their company, however the individual who sent the email "accidentally attached a spreadsheet to the email that was not meant to be included".

The information on the spreadsheet included names, email addresses, dates of birth, social security numbers, employee ID numbers, and office locations by city/state/zip, Wellness credits, an individuals credit status codes, insurance coverage codes, internal codes for plan geographic region and type of reward applicable, last effective date of medical plan elections, election selections, original and last start dates, and when medical plan coverages began.

The spreadsheet did not include any information that revealed health conditions, health treatments or health claims, or personal health information regarding spouses or dependents.

The company has arranged for two years of identity theft protection at no charge. Those affected can find the information at www.trustedid.com/enhanced-identity-theft-protection. To register to to www.trustedid.com/willis and enter the activation code WNAIDE0314 OR CALL 1-888-880-0761.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

May 7, 2014 Green's Accounting
Greenfield, California
BSF STAT

Unknown

The office of Brent Green, CPA was burglarized on April 6, 2014 where the burglars took a network server computer and hard drives containing personal information of their clients. Their server was unencrypted and contained Social Security numbers, names, and addresses of both individuals and their independents.

For additional information or questions, those affected are asked to call Brent Green at 831-64-5562.

 
Information Source:
records from this breach used in our total: 0

May 14, 2014 University California Irvine
Irvine, California
EDU HACK

Unknown

On March 26, 2014, the California Information Security Office notified the University California Irvine that three of the computers in the Student Health Center had been infected by a keylogging virus, which captured the keystrokes as information was being entered into the computers, then transmitted the data to unauthorized servers. They believe that hackers gained information from February 14th through March 27th 2014.  As a result of the virus personal information of individuals was compromised.

The information included names, unencrypted medical information, potentially including health or dental insurance number, CPT codes, ICD9 codes and/or diagnosis, student ID numbers, non-student patient ID numbers, mailing addresses, telephone numbers, amounts paid to the Student Health Center for services, bank names and check numbers.

UC Irvine has contracted with ID Experts to provide one year of FraudStop credit monitoring and one year of CyberScan Internet monitoring for those affected. To enroll visit www.idexpertscorp.com/protect and use the code provided in the letter sent to those affected or call 1-877-810-8083.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 7, 2014 Gingerbread Shed Corporation
Tempe, Arizona
BSR HACK

Unknown

Gingerbread Shed Corporation notified customers of unauthorized access to their system that compromised the personal data of its customers. The information included names, addresses, phone numbers, email addresses, credit card information, user names and passwords for website accounts.

The company has established a confidential phone line for those affected that have questions 1-866-597-8199 and use reference # 5474042814.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 8, 2014 Boulder Community Health
Boulder, Colorado
MED PHYS

16

Boulder Community Health is investigating another data breach of their facility. It has been reported this is the third such incident for this facility since 2008.

Nine people have claimed that they had their records stolen and hard copies mailed to them. Two of these individuals said that there was a letter in theirs that stated their records were mailed “to demonstrate the easy access the hospital and their partners provide to some with bad motives.”

There is an ongoing investigation to understand the extent of the breach. "The hospital — previously known as Boulder Community Hospital until a name change last month — is asking anyone else who thinks their records might have been stolen to call its legal office at 303-440-2342 ".

UPDATE (5/12/2014): Seven more patients have claimed that an anonymous source has sent them copies of their medical records in the mail. It is still unclear as to whether the souce is taking the medical records from inside of the hospital or from somewhere outside of the hospital. The breach is still under investigation.

 

 
Information Source:
Media
records from this breach used in our total: 0

May 19, 2014 Lowe's
Mooresville, North Carolina
BSR DISC

Unknown

Lowe's, the home improvement store informed current and former drives of Lowe's vehicles that one of their third party vendors who provide a computer system "E-DriverFile" that stores compliance documentation and information related to these current and former employees, was unintentionally backed up to an unsecure computer server that was accessible from the Internet.

The information that was compromised included names, addresses, dates of birth, Social Security numbers, driver's license numbers, Sales IDs and other driving record information.

An investigation was launche and it and it was discovered that the information may have been exposed between July 2013 and April 2014. The company is providing one year free of AllClear ID services to those affected. For questions from those affected asr asked to call 1-877-263-7997 within the USA, for those outside the United States or Canada, call 1-512-579-2449.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 21, 2014 Ebay
San Jose, California
BSO HACK

145,000,000

Ebay, the online auction site, was hacked between late February and early March with login credentials obtained from employees. The hackers then accessed a database containing user records of approximately 145 million users which they appeared to have copied.

The information included email addresses, encrypted passwords, birth dates, mailing addresses. The company reports that no financial data or PayPal databases were compromised.

The company is encouraging all who were affected to login into their account and change their passwords.

Ebay has provided the following links for additional information:

http://www.ebayinc.com/

 
Information Source:
Media
records from this breach used in our total: 0

Breach Total
872,602,323 RECORDS BREACHED
(Please see explanation about this total.)
from 4,377 DATA BREACHES made public since 2005
Showing 4251-4300 of 4377 results


X

Sign In!

Loading