Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: Current

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list
  • Scroll down to view the Chronology and/or to use our sort feature


Click or unclick the boxes then select go.


Select features then click GO. To modify your search, check or uncheck the boxes and click GO.


Reset the checkboxes to the default "all selected."

Help Guide

display_id:page_1

display_id:page_1

Breach Total
857,702,257 RECORDS BREACHED
(Please see explanation about this total.)
from 4,594 DATA BREACHES made public since 2005
Date Made Publicsort ascending Name Entity Type
August 21, 2015 M&M Automotive Group, Inc. (Volkswagen of Oakland)
Oakland, California
BSO PHYS

Unknown

Volkswagen of Oakland notified customers of a data breach when the dealership was broken into and boxes of files were stolen.

The company stated that "We believe that some of the stolen boxes held sold vechicles jackets. Each sold vehicle jacket typically contains copies of the forms signed by the vehicle purchaser including the name, address, phone number, driver's licens information, bank account information, car insurance information and information on the vehicle purchased. In some cases where financing is provided in connection with the purchase of a vehicle, the deal jacket will also contain a copy of the consumer's credit application, credit report, pay stubs, job information and references."

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-57502

 
Information Source:
California Attorney General
records from this breach used in our total: 0
August 20, 2015 Buyers Protection Group
Alpharetta, Georgia
BSF PORT

Unknown

Buyers Protection Group (BPG) notified customers of a data breach to their personal information.

"On July 19, 2015, a company laptop was stolen from an employee's car during a large-scale break in of at least 20 vehicles in the Greater Atlanta Area."

The personal information contained on these laptop (s) included names, addresses, dates of birth and Social Security Numbers.

For further questions about this incident individuals can send an email to privacy@bpgwi.com.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-57473

 
Information Source:
California Attorney General
records from this breach used in our total: 0
August 19, 2015 Web.com
Jacksonville, Florida
BSO HACK

93,000

Web.com notified customers of a data breach to their systems, when hackers were able to infiltrate their system gaining personal information of customers.

The information included credit card numbers, names, addresses, card validation numbers and the security codes associated with the credit cards.

The CEO of Web.com put out a statement regarding the breach http://ir.web.com/releasedetail.cfm?ReleaseID=928078

More Information: https://threatpost.com/web-com-loses-93000-credit-card-numbers-in-breach...

 
Information Source:
Media
records from this breach used in our total: 93,000
August 17, 2015 University of Virginia
Charlottesville, Virginia
EDU HACK

Unknown

The University of Virginia has notified individuals of a hacking originating from China and accessed the IT systems of the university.  The university has stated that no Social Security numbers or banking information was compromised.

The university has assked all users to change their "Eservices" login passwords. Reportedly the hackers were targeting email account belonging to "two employees whose work is connected to China".

More Information: http://www.scmagazine.com/uva-attack-came-from-china-targeted-email-acco...

 
Information Source:
Media
records from this breach used in our total: 0
August 14, 2015 Sterling M Enterprise (dba Lee's Deli)
San Francisco, California
BSO HACK

Unknown

Lee's Deli, which has a location at 75 Battery Street in San Francisco and 4200 Bohannon Drive in Menlo Park California, have notified individuals of a data breach of their information when the company found malware installed on their credit card processing system.

The information captured through this malware included payment card account numbers, card expiration dates, and the CVV code on the back of the card. Any transaction made from January 4, 2015 through May 20, 2015 at the Battery Street location and between November 3, 2014 through February 13, 2015 at the Bohannon Drive location, those cards are at risk.

For those affected contact the company at 415-986-1892 between the hours of 9:00 am and 5:00 pm, Monday through Friday or via email at info@leesdeli.com.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-57419

 
Information Source:
California Attorney General
records from this breach used in our total: 0
August 12, 2015 ICANN.org
Los Angeles, CA 90094-2536,
NGO HACK

Unknown

ICANN.org notified individuals of a data breach when they discovered unauthorized access to an external service provider. The non-profit believes that usernames/email addresses and encrypted passwords were compromised.

User profiles contain a users preference for the website, public bio, individual interests, subscription to newsletters and other information.

They are requiring that all members change their password to the site. The password change can be accessed via this link https://www.icann.org/users/password/new

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-57383

 
Information Source:
California Attorney General
records from this breach used in our total: 0
August 12, 2015 Nationstar Mortgage LLC
Dallas, Texas
BSF DISC

Unknown

Nationwide Mortgage notified customers of a data breach when copies of their W2's were inadvertently emailed to an employee at Greenlight Mortgage. The information compromised included names, addresses, Social Security numbers and other information that is common with a W2 form.

The company is providing one year free of Experian's ProtectMyID Elite. Those who are affected can call 877-441-6943 or www.protectmyid.com/enroll.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-57381

 
Information Source:
California Attorney General
records from this breach used in our total: 0
August 7, 2015 Sterling BackCheck
New York, New York
BSO PORT

Unknown

SterlingBackcheck notified customers of a data breach when a laptop was stolen from an employees vehicle. The laptop contained customer information including names, Social Security numbers, and dates of birth.

The company is providing AllClear ID for 24 months for free. For those who are affected call 1-855-227-9823 Monday through Sunday  8:00 am - 8:00 pm Central Time.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-57330

 
Information Source:
California Attorney General
records from this breach used in our total: 0
August 7, 2015 Ubiquiti Networks Inc.
San Jose, California
BSO HACK

Unknown

Ubiquiti Networks Inc. announced that cyber thieves stole $46.7 million using a scam " in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers."

Ubiquiti disclosed the attack when they filed a report with the U.S. Securities and Exchange Commission. "The company said it discovered the fraud on June 5, 2015, and that the incident involved employee impersonation and fraudulent requests from an outside entity targeting the company’s finance department."

More Information: http://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberh...

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
August 7, 2015 Sabre Corporation
Southlake, Texas
BSO HACK

Unknown

Sabre Corporation is investigating a possible recent data breach that was brought to light by the announcement of the American Airlines breach. American Airlines uses the reservation software developed by the Sabre Corporation.

"Sabre said in a statement Friday, "We recently learned of a cybersecurity incident, and we are conducting an investigation into it now. At this time, we are not aware that this incident has compromised sensitive protected information, such as credit card data or personally identifiable information, but our investigation is ongoing.""

More Information: http://www.usnews.com/news/business/articles/2015/08/07/airline-technolo...

 
Information Source:
Media
records from this breach used in our total: 0
August 6, 2015 WP Technology Inc. dba Wattpad
Toronto,
BSO HACK

Unknown

W.P Technology (dba Wattpad) informed customers of a cyber attack to their system that may have compromised customer information.

The information compromised included email addresses, Wattpad passwords, Tumblr usernames and passwords, last login IP, and other user profile information provided.

The company is recommending that their customers change their Wattpad password and your Tumblr password. For questions contact security@wattpad.com

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-57318

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0
August 4, 2015 Mama Mio US
Costa Mesa, California
BSO HACK

Unknown

Mama Mio informed customers of a cyber-attack to their system where their personal information may have been compromised. According to the company, the attack happened on July 28, 2015.

The information compromised included first names and surnames, emails, billing addresses and telephone numbers, card numbers, expiration dates, and the 3-digit security code on the back of the card.

For those affected call 1-888-962-6264 or send an email at privacy@mioskincare.com.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-57280

 
Information Source:
California Attorney General
records from this breach used in our total: 0
August 3, 2015 Orlantino Dyoco, M.D.
Fresno, California
MED PORT

Unknown

The office of Olartino Dyoco, M.D. notified patients of a data breach when his offices were burglarized and several computers were stolen that contained patient information used for billing. The information compromised included names, addresses, birth dates, telephone numbers, insurance numbers, treatment codes, and billing information.

The incident has been reported to the authorities. For those who were affected call 1-888-233-2305.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-57245

 
Information Source:
California Attorney General
records from this breach used in our total: 0
August 3, 2015 Veterans Affairs Hospital, South Dakota
Hot Springs, South Dakota
MED PHYS

1,100

The VA Hot Springs hospital notified patients of a data breach when files containing their Social Security numbers along with additional personal information were thrown in a trash bin without being shredded.

The incident took place in May and the 1,100 patients that were affected were not notified until July 29, 2015. Reportedly, an employee discarded a box of patient files in a dumpster. The box of files was found two days later by another employee who removed them from the trash.

More Information: http://www.foxnews.com/us/2015/08/03/sd-va-waits-more-than-two-months-to...

 
Information Source:
Media
records from this breach used in our total: 1,100
July 29, 2015 East Bay Perinatal Medical Associates
Oakland, California
MED INSD

Unknown

East Bay Perinatal Medical Associates (EBPMA) has notified patients of a data breach when they were contacted by the Berkeley Police regarding an employee who had a patient list on their personal laptop. The list according to the company was created as a part of the employee's duties to catalogue their 2012 records. The information was deleted from the employee's hard drive by EBPMA.

The information contained in the document included first and last names, and dates of birth.  The company is providing those who were affected Kroll ID monitoring services for free for one year. They can be reached at 1-855-205-6940. 

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-57193

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 29, 2015 United Airlines
Chicago, Illinois
BSO HACK

Unknown

United Airlines may be the latest victim of Chinese hackers. It is being reported that the hackers are potentially the same group that infiltrated OPM and Anthem.

"United, the world’s second-largest airline, detected an incursion into its computer systems in May or early June, said several people familiar with the probe. According to three of these people, investigators working with the carrier have linked the attack to a group of China-backed hackers they say are behind several other large heists -- including the theft of security-clearance records from the U.S. Office of Personnel Management and medical data from health insurer Anthem Inc."

The information compromised included flight information, passenger itinerary, passenger information, origins and destinations. The airline has not announced whether or not any financial data was compromised in this hack.

More Information:http://www.bloomberg.com/news/articles/2015-07-29/china-tied-hackers-tha...

 
Information Source:
Media
records from this breach used in our total: 0
July 27, 2015 Orange County Employees Association
Santa Ana, California
BSO HACK

Unknown

The Orange County Employees Association (OCEA) notified members of a data breach  when they were a recent victim of a cyber attack.  The attack affected OCEA members, certain non-members, OCEA Health & Welfare Trust participants, OCEA staff, customers of Velece Corporation and dependents.

The information included names, addreses, dates of birth, Social Security numbers, driver's license numbers, payroll information, dental, vision, life and disability enrollment information, retirement status, information concerning dependents and usernames and passwords.

OCEA is providing one year free credit monitoring and identity theft recover and restoration services.

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 27, 2015 Golden 1 Credit Union
Los Angeles, California
BSF INSD

Unknown

Golden State Credit Union notified members of a data breach when a credit union employee viewed member accounts without authorization. The information viewed included names, Social Security numbers, driver's license numbers and additional financial information.

The credit union is providing Credit Watch through Equifax to those affected for 12 months at no cost. Those affected must apply by April 15, 2016.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-57170

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 21, 2015 Atkinson, Andelson, Loya, Ruud & Romo
Cerritos, California
BSO PORT

Unknown

The lawfirm of Atkinson, Andelson, Loya, Ruud & Romo notified clients of a data breach, when one of their attorney's laptops was stolen that contained personal information of their clients.

The personal information on the laptop included names, addresses, telephone numbers,  Social Security numbers, possible financial information, and medical records information.

The firm is providing MyIDCare, ID Experts for free for 12 months for those who were affected. They can be reached by calling 1-877-341-4604. Monday through Friday from 6:00 a.m to 6 p.m Pacific Time.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-57094

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 20, 2015 PNI Digital Media
Vancouver, British Columbia
BSO HACK

Unknown

PNI Digital Media is investigating their online photo printing service that they either manage or host for a number of large retailers such as Costco, Walmart, Walgreens, CVS, Rite to name a few. The photo printing service has been taken off line while the company and their customers investigate the breach. The concern is that the hackers gained credit card information from customers of the retailers they service.

More Information: http://www.reuters.com/article/2015/07/21/us-cyberattack-retail-idUSKCN0...

 
Information Source:
Media
records from this breach used in our total: 0
July 19, 2015 Ashley Madison (owned by Canadian Avid Life Media)
Toronto,
BSO HACK

37 million records

Ashley Madison, the online cheating website, confirmed a hack of their system, exposing 40 million records.

The data that was stolen included the company's user databases, financial records along with other confidential information. The company has not stated the exact personal information compromised.

"Reached by KrebsOnSecurity late Sunday evening, ALM Chief Executive Noel Biderman confirmed the hack, and said the company was “working diligently and feverishly” to take down ALM’s intellectual property. Indeed, in the short span of 30 minutes between that brief interview and the publication of this story, several of the Impact Team’s Web links were no longer responding."

"Besides snippets of account data apparently sampled at random from among some 40 million users across ALM’s trio of properties, the hackers leaked maps of internal company servers, employee network account information, company bank account data and salary information."

More information: http://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-ha...

UPDATE (8/18/2015): Hackers who stole sensitive customer information originally reported back in July, have now stated that because the company has not taken down their site as requested by the hackers, sensitive customer information has been posted online.

"A data dump, 9.7 gigabytes in size, was posted on Tuesday to the dark web using an Onion address accessible only through the Tor browser. The files appear to include account details and log-ins for some 32 million users of the social networking site, touted as the premier site for married individuals seeking partners for affairs. Seven years worth of credit card and other payment transaction details are also part of the dump, going back to 2007. The data, which amounts to millions of payment transactions, includes names, street address, email address and amount paid, but not credit card numbers; instead it includes four digits for each transaction that may be the last four digits of the credit card or simply a transaction ID unique to each charge."

Raja Bhatia, AshleyMadison's founding Chief Technology Officer stated that these recent data dumps are not legitimate. His team has been reviewing 30 to 80 reported data dumps daily and that "most of these dumps are entirely fake and being used by other organizations to capture the attention that's been built up through this release"

More Information: http://www.wired.com/2015/08/happened-hackers-posted-stolen-ashley-madis...

http://krebsonsecurity.com/2015/08/was-the-ashley-madison-database-leaked/

 

 

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
July 18, 2015 CVS Pharmacy, Imperial Beach
Imperial Beach, California
BSR INSD

100

A pharmacy technician at the CVS Pharmacy on Saturn Boulevard in Imperial Beach California has admitted to stealing customer records and providing the information to her property manager who then used the information to gain credit and credit cards.

An further investigation is currently being conducted. The California State Board of Pharmacy has suspended the license of the pharmacy tech, Nicole Yvonne Flores and CVS no longere employs Ms. Flores.

More Information: http://www.sandiegouniontribune.com/news/2015/jul/17/pharmacy-patient-data/

 
Information Source:
Media
records from this breach used in our total: 100
July 17, 2015 North East Medical Services
San Francisco, California
MED PORT

Unknown

North East Medical Services notified patients of a security breach when an employees laptop was stolen from the trunk of the employees car.

The information compromised included names, dates of birth, gender, contact information, payer/insurer and limited personal health information. According to the medical office no Social Security number or credit card information or actual medical record was involved.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-57240

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 17, 2015 Richard Berger CPA
Oakland, California
BSF PORT

Unknown

Richard Berger CPA notified customers of a data breach when external hard drives were stolen from his residence. The drives contained personal customer information. The information included names, tax information, Social Security numbers, bank and investment account information, dependents, beneficiaries, employees or contractors (including their names and Social Security numbers).

Authorities were notified and according to Mr. Berger's office, no drives have been recovered.  His office is providing Kroll identity theft protection services to those affected for 12 months for free.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-57066

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 17, 2015 UCLA Health System
Los Angeles, California
MED HACK

4.5 million

UCLA Health System's has informed as many as 4.5 million patients of a data breach of their network, exposing sensitive personal and medical information.

The information compromised included names, dates of birth, Social Security numbers, Medicare and health plan identification numbers, patient diagnosis and procedures.

It has been reported that UCLA did not take basic steps to encrypt the patient data.

Patients who are affected can call UCLA at (877) 534-5972 or check the website www.myidcare .com/uclaprotection.

More Information: http://www.latimes.com/business/la-fi-ucla-medical-data-20150717-story.html

 

 
Information Source:
Media
records from this breach used in our total: 4,500,000
July 13, 2015 Mule Creek State Prison
Ione, California
GOV DISC

Unknown

Mule Creek State Prison notified individuals of a breach when documents submitted to the prison were scanned into a computer folder where employees outside of the prison may have access to it.

The information contained names, Driver License numbers and Social Security numbers.

For those with questions, call Ed Ayo, Senior Information System Analyst (Supervisor) at 209-274-5978.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-57023

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 13, 2015 Insurance Services Office (ISO)
Jersey City, New Jersey
BSF HACK

Unknown

Insurance Services Office, which provides information and analytics to the property and casualty insurance industry has notified customers of a data breach of policyholder information.

The company has been working with the County Prosecutor's office and the National Insurance Crime Bureau investigating the breach. Authorities informed ISO that an unauthorized individual (s) viewed personal information of policyholders.

The information included contact information, dates of birth, Social Security numbers, insurance policy numbers, and driver's license numbers.

For those with questions, contact a representative at 1-800-888-4476 7:00 a.m to 9:00 p.m Eastern Time or email njsupport@iso.com

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-57032

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 10, 2015 Mandarin Oriental
New York, New York
BSO HACK

Unknown

The Mandarin Oriental Hotel Group has informed customers of a breach when malware was found on their credit card transaction systems, at the following locations:

Boston                                   Geneva

Hong Kong                              Hyde Park, London

Las Vegas                                Miami

New York                                  San Francisco

Washington DC                         The Landmark Mandarin Oriental, Hong Kong

The information compromised included names and credit card numbers.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56994

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 10, 2015 New Horizons Computer Learning Centers, Inc.
Austin, Texas
BSO HACK

Unknown

New Horizons Computer Learning Centers, Inc. notified business owners of a data breach when unauthorized access to employee and vendor information stored on the company network may have been compromised.

The information included names and bank account information.

For those with questions can call their confidential inquiry line at 1-866-979-2512 Monday through Saturday, 8:00 a.m - 8:00 p.m. Central Time.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-57002

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 9, 2015 Service Systems Associates
Denver, Colorado
BSO HACK

Unknown

Service Systems Associates, who specifically services zoos, restaurants and various cultural centers across the US,  has notified customers of a breach of its credit and debit card processing systems.

"“The violation occurred in the point of sale systems located in the gift shops of several of our clients,” the company said in a written statement. “This means that if a guest used a credit or debit card in the gift shop at one of our partner facilities between March 23 and June 25, 2015, the information on that card may have been compromised.”"

SSA has not communicated the specific locations affected, however Krebs on Security sources communicate the following locations are most likely affected.

Birmingham, Ala.                                          Tucson, Ariz.
San Francisco, Calif.                                      Fresno, Calif.
Sacramento, Calif.                                        Colorado Springs, Colo.
Palm Desert, Calif.                                        Miami, Fla.
Honolulu, HI                                                 Boise, Id.
Fort Wayne, Ind.                                           Louisville, Ky.
Baltimore, Md.                                              Battle Creek, Mich.
Apple Valley, Minn.                                        Cincinnati, Ohio
Tulsa, Okla.,                                                 Pittsburgh, Penn.
Columbia, SC                                                Dallas, Texas
El Paso, Texas                                               Houston, Texas
Nashville, Tenn.                                             Salt Lake City, Utah

More Information: https://krebsonsecurity.com/2015/07/credit-card-breach-at-a-zoo-near-you/

 

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
July 8, 2015 Evans Hotels
San Diego, California
BSO HACK

Unknown

Evans Hotels has notified customers of a breach of backup card readers used to encrypt payment card data. The hotel chain kept the card readers as backup for IT disaster recovery. These back-up readers were being used in conjunction with their current system for check-in with large groups.

For those with questions they can call 888-738-3786 Monday through Friday between 9:00 a.m and 9:00 p.m

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56969

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 6, 2015 Automotive Recovery Services Inc.
Westchester, Illinois
BSO HACK

Unknown

Automotive Recovery Services (ARS) notified customers of a breach when an unauthorized party gained access to one of their legacy systems compromising customer information.

The information compromised included names, Social Security numbers, street addresses, email addresses, phone numbers, driver's license numbrs, the type of vehicles donated, name of the charity that the vehicle was donated to.

The company is providing identity theft protecton for 12 months for free with AllClear ID. For those with a questions call 1-855-861-4023.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56920

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 2, 2015 Harvard University
Cambridge, Massachusetts
EDU HACK

Unknown

Harvard University is notifying individuals of a data breach to their system that included 8 colleges and administrations.

Those colleges and administrations include the Faculty of Arts and Sciences, Harvard Divinity School, Radcliffe Institute for Advanced Study, Central Administration, the Graduate School of Design, Harvard Graduate School of Education, Harvard John A. Paulson School of Engineering and Applied Sciences, or Harvard T.H. Chan School of Public Health.

The university has not commented on how many individuals were affected or what information was compromised. The university is requesting that anyone who is associated with any of the entities to change their username and password.

More Information: http://fortune.com/2015/07/02/harvard-data-breach/

 
Information Source:
Media
records from this breach used in our total: 0
July 2, 2015 Bonita Unified School District
San Dimas, California
EDU HACK

Unknown

The Bonita Unified School District notified parents and students of a breach when unauthorized access was discovered at San Dimas High School server.

On June 2, 2015 the district discovered the unauthorized access to the high school's student database and noticed that several students grades had been changed. The district believes that the individual (s) that changed the grades also downloaded personal information of students.

The information compromised included names, Social Security numbers, birthdates, medical information, the school's systems usernames and passwords, addresses, email addresses, and phone numbers.

The district is providing 12 months free of ProtectMyID Alert from Experian for those affected. Those with questions can call 1-909-971-8320 and ask for Donna Martin at ext. 5201 Monday through Friday 8:00 am to 4:30 pm Pacific Time.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56705

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 2, 2015 The Trump Hotel Collection
New York, New York
BSO HACK

Unknown

The Trump Hotel Collection appears to be the latest victim of a credit card breach. Banks noticed a string of fraudulent debit and credit card charges all coming from several Trump Hotels.

"The Trump Organization just acknowledged the issue with a brief statement from Eric Trump, executive vice president of development and acquisitions: “Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties,”"

The Trump Hotels have locations in Chicago, Honolulu, Las Vegas, Los Angeles, Miami, and New York.  How many individuals affected is not yet known.

More Information: http://krebsonsecurity.com/2015/07/banks-card-breach-at-trump-hotel-prop...

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
June 29, 2015 State Department
Washington, District Of Columbia
GOV INSD

Unknown

Two brothers, Muneeb and Sohaib Akhter, have pleaded guilty to various charges including conspiracy to access a protected computer without authorization, wire fraud, and accessing government computers without authorization.  Muneeb Akhter, pleaded separately to additional charges including accessing a protected computer without authorization, obstructing justice and making false statements.

Muneeb Akhter "stole thousands of customers' credit card details, along with other personal information of consumers, by hacking into a cosmetic company's website in March 2014. Then, the brothers and co-conspirators used to the stolen data to purchase "goods and services, including flights, hotel reservations, and attendance at professional conferences,” The DOJ release said. “Muneeb Akhter also provided stolen information to an individual he met on the ‘dark net,' who sold the information to other dark-net users and gave Akhter a share of the profits.” "

Sohaib Akhter was employed in a contract position with the State Department and begain obtaining passport and visa information, as well as additional sensitive data from the agency's servers.

Sohaib "devised a scheme to ensure that he could maintain perpetual access to desired State Department systems. Sohaib Akhter, with the help of Muneeb Akhter and co-conspirators, attempted to secretly install an electronic collection device inside a State Department building. Once installed, the device could have enabled Sohaib Akhter and co-conspirators to remotely access and collect data from State Department computer systems.  Sohaib Akhter was forced to abandon the plan during its execution when he broke the device while attempting to install it behind a wall at a State Department facility in Washington, D.C.,” as communicated by a DOJ spokesperson.

More Information: http://www.scmagazine.com/brothers-accused-of-state-dept-hack-plead-guil...

 
Information Source:
Media
records from this breach used in our total: 0
June 26, 2015 Medical Informatics Engineering
Fort Wayne, Indiana
MED HACK

Unknown

Medical Informatics Engineering has notified individuals of a data breach when they noticed suspicious activity on one of their servers.

The company has determined that some protected health information was exposed including names, home addresses, email addresses, dates of birth, Social Security numbers, lab results, dictated reports and medical conditions.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56609

UPDATE (7/23/2015): Medical Informatics Engineering put out a notification on their website regarding the data breach to their system in June. The company is claiming that only certain clients were affected by their breach and notifications went out.

More Information: https://www.mieweb.com/notice/

UPDATE (8/6/2015): Two class action status lawsuits have been filed against Medical Informatics Engineering regarding the data breach that affected 3.9 million people (this article shares the total numbers and PRC has updated the total number affected according to this article).

More Information: http://www.ibj.com/articles/54329-patients-suing-indiana-medical-company...

 
Information Source:
California Attorney General
records from this breach used in our total: 3,900,000
June 25, 2015 Bank of Manhatten Mortgage Lending
Manhattan, New York
BSF DISC

Unknown

The Bank of Manhattan Mortgage Lending notified customers of a data breach when an employee handled mortgage information of customers that did not meet the company policies, which may have resulted in disclosure of customers loan file information.

The information compromised included names, addresses, loan numbers, phone numbers, Social Security numbers, birth dates, credit information, tax information, and other financial information.

The company is offering free identity theft protection services through Kroll. For those who were affected call 1-866-775-4209.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56587

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 22, 2015 Trustmark Mutual Holding Company
Lake Forest, Illinois
BSF DISC

Unknown

Trustmark Insurance Company contacted customers regarding a data breach. The company discovered that "our automated billing e-mail system generated and sent encrypted e-mails to certain insurance carrier clients.  While each encrypted email should have contained a single file with information related to each carrier's insureds, on May 14, 2015, we discovered that a software error resulted in each carrier receiving file attachments for all of the carriers instead of just the one file related to their own insureds."

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56493

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 22, 2015 Summit Financial Group
La Mesa, California
BSF DISC

662

Summit Financial Group contacted customers regarding a data breach of their information. An employee of Summit Financial Group inadvertently copied data of other clients onto CD's that should have contained only the individuals information. Those CD's were mailed to clients and soon thereafter Summit clients contacted the company alerting them to the fact that other individuals personal information was on their CD.

The information contained names, addresses, dates of birth, Social Security numbers, and income.  The company has claimed that they have contacted all the individuals who received a CD and they have either been gathered by the company or destroyed.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56repo501

 
Information Source:
California Attorney General
records from this breach used in our total: 662
June 19, 2015 Dungarees
Portland, Oregon
BSR HACK

Unknown

Dungarees notified customers of a breach to their system when they discovered an illegal hack that may have compromised customer credit card or debit card information. Based on the investigation the company believes that information provided with orders placed on their website between March 26, 2015 and June 5, 2015 was compromised.

The information compromised included names, billing information, address, email addresses, credit or debit card number, the card expiration number and the CVV codes on the back of the card.

The company is providing those affected with identity theft protection through ID Experts. Those affected can call -866-833-7917 to speak to a representative.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56488

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 17, 2015 UC Irvine Medical Center
Orange, California
MED INSD

Unknown

UC Irvine Medical Center has notified patients of a data breach when an employee reviewed patient records without authorization.

The information this individual may have gained access to included names, dates of birth, gender, medical record numbers, height, weight, Medical Center account number, allergy informaton, home addresses, medical documentation, diagnoses, test orders/results, medications, employment status, and names of your health plan and employer.

The medical center is providing those who were affected FraudStop free for one year. For questions call 1-888-653-6036.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56428

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 16, 2015 Houston Astros
Houston, Texas
BSO HACK

Unknown

The FBI is investigating allegations that the St. Louis Cardinals baseball club hacked into the network of the Houston Astros baseball club to gain information regarding the Astros statistics, scouting reports and internal documents regarding players and trades.

The St. Louis Cardinals will not comment on the ongoing investigation.

More Information: http://www.nytimes.com/2015/06/17/sports/baseball/st-louis-cardinals-hac...

 
Information Source:
Media
records from this breach used in our total: 0
June 15, 2015 LastPass
Fairfax, Virginia
BSO HACK

Unknown

LastPass notified customers of a data breach when they discovered suspicious activity on their network. The company has communicated that "In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised."

The company is requiring that "all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password."

More Information: http://gizmodo.com/lastpass-defender-of-our-passwords-just-got-hacked-17...

 
Information Source:
Media
records from this breach used in our total: 0
June 12, 2015 Fred's Inc.
Memphis , Tennessee
BSR HACK

Unknown

Fred's Inc. announced that it is investigating a potential breach when malware was discovered on their point-of-sale system.  The discount merchandiser operates 650 stores in multiple states and the company is not clear on how many stores were affected.

"Sources said it was unclear how many Fred’s locations were affected, but that the pattern of fraudulent charges traced back to Fred’s stores across the company’s footprint in the midwest and south, including Alabama, Arkansas, Georgia, Indiana, Kentucky, Louisiana, Mississippi, Tennessee and Texas."

More Information: http://krebsonsecurity.com/2015/06/discount-chain-freds-inc-probes-card-...

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
June 10, 2015 Missing Link Networks Inc.
Calistoga, California
BSO HACK

Unknown

Missing Link Networks Inc notified customers of a breach of their networks exposing customer credit cards. Missing Link Networks provides credit card processing and point of sale services.

The company began reaching out to its customers notifying them that "Beginning on May 27, 2015, we began notifying our winery customers that eCellar Systems, our consumer-direct sales platform, had been breached during the month of April, 2015 by an unknown intruder". This particular platform services numerous wineries in California and elsewhere.

The information compromised included customer names, credit/debit card numbers, billing address, and dates of birth. The company is confirming that Social Security numbers, the CVV and pin numbers were not compromised.

More Information: http://krebsonsecurity.com/2015/06/breach-at-winery-card-processor-missing-link/ 

UPDATE (7/3/2015): The vineyards reportdely affected by this breach include the following: All notificatons can be found on the California Attorney General's data breach site at http://oag.ca.gov/ecrime/databreach/list

Cain Vineyard                                                    Corison Winery

Charles Krug Winery (C. Modavi & Family)             Flora Springs Winery and Vineyard

Gemstone                                                         Heitz Wine Cellars

Jessup Cellars                                                   Larkmead Vineyards Vinter and Grower

Martinelli Winery                                                 Outpost Vineyards

Palmaz Vineyards                                               Pride Mountain Vineyards

Repris Vineyards                                                 Rhys Vineyards

Silverado Vineyards                                             Signorello Estate

Round Pond Estates                                            Summers Estate Wines

Spring Mountain Vineyards                                   Peter Michael Winery

Rombauer Vineyards, Inc.                                    Turley Wine Cellars

Clif Bar Family Winery & Farm, LLC

 

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
June 4, 2015 Office of Personnel Management (OPM)
Washington , District Of Columbia
GOV HACK

21.5 million, this number has been updated as of July 9, 2015 as communicated directly by OPM.

The Office of Personnel Management will be notifying over 4 million current and former federal employees of a data breach thought to be perpetrated by Chinese hackers. Federal officials stated that the hacking exposed employee's job assignments, performance and training. Officials stated that no "background or clearance investigations" were exposed. They are not stating whether or not the information that was exposed included any Social Security information or financial information.

More Information: http://www.washingtonpost.com/world/national-security/chinese-hackers-breach-federal-goernments-personnel-office/2015/06/04/889c0e52-Oaf7-11e5-95fd-d580f1c5d44e_story.html

Breach FAQ: http://www.opm.gov/faqs/topic/cybersecurityinformation/

UPDATE (06/15/2015): Very interesting timeline laid out by Brian Krebs which includes the OPM breach, along with connections to various other breaches that are very similar attacks to OPM. http://krebsonsecurity.com/2015/06/catching-up-on-the-opm-breach/

UPDATE (06/24/2015): The 4.2 million individuals reported to have been affected by the OPM breach, has now increased to approximately 18 million individuals, including individuals that applied for jobs but never ended up being hired.

More Information: www.cnn.com/2015/06/22/politics/opm-hack-18-million/index.html

UPDATE (06/25/2015): The head of OPM has publicly stated that they are investigating the breach of 18 million Social Security numbers as part of the recent hacking at the OPM Currently we are now including the 18 million in our breach total number as prior the office would not state specifically what information in the records was obtained.

Authorities are also stating that the hack can be defined as two distinct breaches.

More Information: http://www.wsj.com/articles/hack-defined-as-two-distinct-breaches-1435158334

UPDATE (7/2/2015): The Office of Personnel Management has had a class-action lawsuit filed against them over the recent data breach by a federal employee's union. The suit claims that OPM's negligence led to the breach. Since 2007 when OPM had been notified by the Office of Inspector General that there were deficiencies in the agency's cybersecurity processes, the agency failed to correct the issues. Here is OPM's website explaining the breach and what to do. https://www.opm.gov/cybersecurity

More Information: http://www.computerworld.com/article/2942038/security/opm-hit-by-classac...

UPDATE (7/9/2015): OPM admits that hackers breached 21.5 million Social Security numbers in the recent data breach.

More Information: http://www.foxnews.com/politics/2015/07/09/hackers-stole-social-security...

 
Information Source:
Media
records from this breach used in our total: 21,500,000
June 3, 2015 AeroGrow International
Boulder, Colorado
BSO HACK

Unknown

AeroGrow International Inc. informed customers of a data breach to their online servers when malware was detected on their system from October 15, 2014 through April 27, 2015.

The information compromised included names, addresses, payment card account numbers, expiration dates, and CCV/CVV numbers.

The company is providing free access to ProtectMyID Elite through Experian. For questions call 1-866-348-1808 from 8 am through 5 pm Mountain Time, Monday through Friday.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56231

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 3, 2015 Gallant Risk and Insurances Services
Corona, California
BSF PORT

Unknown

Gallant Risk and Insurances Services notified customers of a potential data breach when their offices were broken into and several company laptops were stolen. The laptops were password protected according to the company.

The company did not disclose what type of information may have been stored on the laptops.

The company is providing ID theft protection through Kroll free for one year. For those affected call 1-855-330-6366 from 8:00 a.m to 5:00 p.m Central Time.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56236

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0
May 26, 2015 Internal Revenue Service
Washington, District Of Columbia
GOV UNKN

Based on new information the total number affected has been increased to 330,000 as of August 17, 2015

A previous story that was broken by Brian Krebs, Krebs On Security, regarding fradulent tax returns being filed by identity thieves who gained the information using data directly from the IRS website, was confirmed today by the IRS Commissioner Josh Koskinen.

Mr. Koskinen confirmed that the identity thieves pulled data off of the IRS website to file fraudulent tax returns on unsuspecting individuals. The IRS became suspicious due to a large increase of individuals requesting their tax transcripts. The investigation revealed that approximately 200,000 suspicious attempts occurred and 100,000 of those were successful in being authenticated through the IRS website. According to the IRS these atte27/politics/irs-cyber-breachmpts started in February and continued through mid-May 2015 and totaled over $50 million dollars in fraudulent refunds.

More Information: http://krebsonsecurity.com/2015/05/irs-crooks-stole-data-on-100k-taxpayers-via-get-transcript-feature/    

UPDATE (5/28/2015): The IRS has communicated that the recent breach of 100,000 individuals they believe originated from Russia. The IRS is claiming that this was not a hack, instead that they "went in the front door of the IRS and unlocked it with the key".

More Information: http://www.cnn.com/2015/05/27/politics/irs-cyber-breach-russia/index.html

UPDATE (8/17/2015): The IRS is now announcing that the data breach that was first reported in May, is three-times larger than originally reported. After a review of the 2015 filing season, the IRS is sending additional letters to individuals warning them that their information may have been compromised and the possibly threat of potential identity theft.

More Information: http://money.cnn.com/2015/08/17/technology/irs-data-theft/index.html

Privacy Rights Clearinghouse has changed our original number of 100,000 individuals to 330,000 individuals affected in this breach on Aug.19, 2015 as is being reported in the media.

 
Information Source:
Krebs On Security
records from this breach used in our total: 330,000

Pages

Showing 1-50 of 4594 results