Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: Current

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources
  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features
  • Get our RSS Feed to see when we add new breaches to the list
  • Scroll down to view the Chronology and/or to use our sort feature
  • Download a CSV file showing ALL breaches (A CSV file is a type of Excel spreadsheet that enables you to sort and analyze the breach listings in numerous ways)

If you have questions or need help with our Chronology of Data Breaches, please email admin@privacyrights.org


Click or unclick the boxes then select go.


Select features then click GO. To modify your search, check or uncheck the boxes and click GO.


Reset the checkboxes to the default "all selected."

Help Guide

display_id:page_1

display_id:page_1

Breach Total
900,077,018 RECORDS BREACHED
(Please see explanation about this total.)
from 5,025 DATA BREACHES made public since 2005
Date Made Publicsort ascending Name Entity Type
July 27, 2016 Cardon Outreach
The Woodlands, Texas
MED INSD

22

"A health care revenue company says one of its employees looked at nearly two dozen patient records without authorization.

Cardon Outreach does contract work for AnMed Health, and has employees on site at the hospital. AnMed said in a release that a Cardon Outreach employee opened 22 patient files without authorization, including her own file.

Cardon Outreach fired the employee immediately after learning of the breach, according to the release."

More Information: http://www.wyff4.com/news/unauthorized-employee-accessed-hospital-patien...

 
Information Source:
Media
records from this breach used in our total: 0
July 27, 2016 Mineral Area Pain Center, P.C.
Farmington, Missouri
MED HACK

Unknown

“We write to inform you that our practice discovered a data breach on May 27, 2016 that may have contained personal health information and have been investigating the exact nature and scope of the information obtained by the hackers since,” the letter reads. “To date, our investigation has determined that on May 4, 2016, a hacker, or hackers, likely gained access into our secured database system through a third party contractor and may have obtained some personal information of our patients including: names, addresses, social security numbers, date of births, diagnoses, lab results, other medical records, and potentially some financial information."

"On June 25, a hacker going by the name “thedarkoverlord” provided information to Deep Dot Web of a purported hacking of three different healthcare organizations – one originating from Farmington and containing 48,000 alleged patient records, according to the Deep Dot Web report."

This breach is one entity of the medical group that was hacked.

More Information: http://dailyjournalonline.com/news/local/local-medical-group-involved-in...

 
Information Source:
Media
records from this breach used in our total: 0
July 27, 2016 Select Pain & Spine Dr. Christopher T. Sloan, D.P.M.
Farmington, Missouri
MED HACK

Unknown

“We write to inform you that our practice discovered a data breach on May 27, 2016 that may have contained personal health information and have been investigating the exact nature and scope of the information obtained by the hackers since,” the letter reads. “To date, our investigation has determined that on May 4, 2016, a hacker, or hackers, likely gained access into our secured database system through a third party contractor and may have obtained some personal information of our patients including: names, addresses, social security numbers, date of births, diagnoses, lab results, other medical records, and potentially some financial information."

"On June 25, a hacker going by the name “thedarkoverlord” provided information to Deep Dot Web of a purported hacking of three different healthcare organizations – one originating from Farmington and containing 48,000 alleged patient records, according to the Deep Dot Web report."

This breach is one entity of the medical group that was hacked.

More Information: http://dailyjournalonline.com/news/local/local-medical-group-involved-in...

 
Information Source:
Media
records from this breach used in our total: 0
July 27, 2016 Midwest Imaging Center, LLC
Oak Lawn, Illinois
MED HACK

Unknown

“We write to inform you that our practice discovered a data breach on May 27, 2016 that may have contained personal health information and have been investigating the exact nature and scope of the information obtained by the hackers since,” the letter reads. “To date, our investigation has determined that on May 4, 2016, a hacker, or hackers, likely gained access into our secured database system through a third party contractor and may have obtained some personal information of our patients including: names, addresses, social security numbers, date of births, diagnoses, lab results, other medical records, and potentially some financial information."

"On June 25, a hacker going by the name “thedarkoverlord” provided information to Deep Dot Web of a purported hacking of three different healthcare organizations – one originating from Farmington and containing 48,000 alleged patient records, according to the Deep Dot Web report."

This breach is one entity of the medical group that was hacked.

More Information: http://dailyjournalonline.com/news/local/local-medical-group-involved-in...

 
Information Source:
Media
records from this breach used in our total: 0
July 27, 2016 Van Ness Orthopedic and Sports Medicine, Inc.
Farmington, Missouri
MED HACK

Unknown

“We write to inform you that our practice discovered a data breach on May 27, 2016 that may have contained personal health information and have been investigating the exact nature and scope of the information obtained by the hackers since,” the letter reads. “To date, our investigation has determined that on May 4, 2016, a hacker, or hackers, likely gained access into our secured database system through a third party contractor and may have obtained some personal information of our patients including: names, addresses, social security numbers, date of births, diagnoses, lab results, other medical records, and potentially some financial information."

"On June 25, a hacker going by the name “thedarkoverlord” provided information to Deep Dot Web of a purported hacking of three different healthcare organizations – one originating from Farmington and containing 48,000 alleged patient records, according to the Deep Dot Web report."

This breach is one entity of the medical group that was hacked.

More Information: http://dailyjournalonline.com/news/local/local-medical-group-involved-in...

 
Information Source:
Media
records from this breach used in our total: 0
July 26, 2016 Kimpton Hotels
San Francisco, California
BSO HACK

Unknown

"Kimpton Hotels, a boutique hotel brand that includes 62 properties across the United States, said today it is investigating reports of a credit card breach at multiple locations.

On July 22, KrebsOnSecurity reached out to San Francisco-based Kimpton after hearing from three different sources in the financial industry about a pattern of card fraud that suggested a card breach at close to two-dozen Kimpton hotels across the country.

Today, Kimpton responded by issuing and posting the following statement:

“Kimpton Hotels & Restaurants takes the protection of payment card data very seriously. Kimpton was recently made aware of a report of unauthorized charges occurring on cards that were previously used legitimately at Kimpton properties. As soon as we learned of this, we immediately launched an investigation and engaged a leading security firm to provide us with support.”

More Information: http://krebsonsecurity.com/2016/07/kimpton-hotels-probes-card-breach-cla...

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
July 22, 2016 Elex (mobile game Clash of Kings)
Bejing,
BSO HACK

1.6 million records

"A hacker has targeted the official forum for popular mobile game "Clash of Kings," making off with close to 1.6 million accounts.

The hack was carried out on July 14 by a hacker, who wants to remain nameless, and a copy of the leaked database was provided to breach notification site LeakedSource.com, which allows users to search their usernames and email addresses in a wealth of stolen and hacked data.

Three major social networks have quietly fallen victim to data breaches. Despite some success, patience and trust is now fading.

In a sample given to ZDNet, the database contains (among other things) usernames, email addresses, IP addresses (which can often determine the user's location), device identifiers, as well as Facebook data and access tokens (if the user signed in with their social account). Passwords stored in the database are hashed and salted."

More Information: http://www.zdnet.com/article/hacker-steals-forums-of-clash-of-kings-mobi...

 
Information Source:
Media
records from this breach used in our total: 0
July 21, 2016 inVentiv Health, Inc.
Burlington, Massachusetts
BSO HACK

Unknown

"On July 7, 2016, we learned that a targeted "phishing" email message had been sent to inVentiv Health in June.  Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual.  The email was designed to appear as though it had been sent by an inVentiv executive, from the inVentiv executive's email account, requesting the uploading of our U.S. employees' 2015 W-2 Forms to a file sharing site.  Believing the email request to be legitimate, the W-2 data was uploaded.  It is unknown how much of the data uploaded may have been accessed by unauthorized individuals."

The information compromised included W-2 data included your name, address, Social Security number and salary information.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62962

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 19, 2016 San Antonio Shoemakers
San Antonio,
BSO HACK

Unknown

"We recently became aware of a computer intrusion that affected checkout systems at a number of San Antonio Shoemakers stores located in the United States. Promptly after discovering the issue, we engaged outside cybersecurity experts to conduct an extensive investigation. We have been working closely with law enforcement authorities and
coordinating our efforts with the payment card organizations to determine the facts. Upon the written request of the United States Attorney’s Office for the Southern District of New York and the New York Electronic Crimes Task Force of the United States Secret Service we delayed notifying individuals potentially affected by this incident for 30 days while law
enforcement began their investigation."

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62930

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 16, 2016 Providence Health & Services
Portland, Oregon
MED INSD

5,400

"Providence Health & Services in Oregon is notifying about 5,400 current and former patients that a former employee may have improperly accessed their patient records.

Providence said in a statement Friday that it learned of the breach in May during an internal audit and had since fired the Portland-based employee.

The audit found the worker had accessed health records between July 2012 and April 2016. It says the worker viewed demographic and medical treatment information, and may also have seen insurance information and Social Security numbers."

More Information: http://www.kgw.com/news/health/providence-notifies-5400-oregon-patients-...

 
Information Source:
Media
records from this breach used in our total: 5,400
July 15, 2016 Matador Recordings, LLC
New York, New York
BSO HACK

Unknown

"On May 4, 2016, we were advised by our third-party website developer that it had identified and removed suspicious files from the e-commerce websites of the record labels for which Matador Direct is the distributor.  We quickly began an investigation and hired a third-party cybersecurity firm to assist us.  Findings from the investigation show that if a customer attempted to or did place an order on one of the affected websites from April 28, 2015 to May 4, 2016, information associated with the order being placed may have been obtained by an unauthorized third-party."

The information compromised included customer names, addresses, phone numbers, email addresses, payment card numbers, expiration dates, security codes, and account passwords.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62853

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 14, 2016 Blaine Chiropractic
Blaine, Minnesota
MED HACK

1,945

As reported by Health and Human Services hacking/IT incident/network server. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
July 14, 2016 Project Management Institute
Newton Square, Pennsylvania
BSO HACK

Unknown

"PMI was informed on June 14, 2016, that one of its vendors, Comnet Marketing Group, Inc. ("Comnet"), had been the victim of an intrusion of its computer systems.  An unauthorized user gained administrative access to Comnet's systems on April 23-24, 2016, and issued commands to delete all the data housed on Comnet's servers.  That data may have included certain PMI customer credit card information that Comnet had collected on behalf of PMI.  Comnet did not discover any evidence indicating that the credit card data was accessed or acquirred by an unauthorized user or that the unauthorized user intended to steal data.  But the Comnet has been unable to definitively rule out any unauthorized access to or acquisition of data.  Thus, PMI provides this notice out of an abundance of caution."

The information compromised included names, addresses, email addresses, phone numbers, credit card numbers, CVV codes, and expiration dates.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62846

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 14, 2016 Opes Advisors
Cupertino, California
BSO HACK

Unknown

"On or about May 26, 2016, email login credentials were compromised allowing an outside party to gain access to one specific account.  Although we are still investigating the incident, the email may have contained your private information so we wanted to let you know about this incident right away."

The information compromised included email accounts that contained names, Social Security numbers, and any documents emailed.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62850

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 12, 2016 Kaiser Permanente Northern California
Oakland, California
MED INSD

Unknown

"The preliminary investigation has determined that two Kaiser Permanente employees stole equipment and machines from several Kaiser Permanente sites and stored them in an offsite storage unit.  When the stolen items were returned, each was examined and some of the ultrasound machines were found to contain PHI.  The theft of this equipment appears to have been for the purpose of selling the machine for profit, and not for the disclosing or misuse of PHI.  There is no indication that any protected health information has been used for fraud or other criminal activity."

The information compromised included MRN only or with first names, last names, images.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62796

 

 
Information Source:
records from this breach used in our total: 0
July 12, 2016 Pennsylvania Revenue Department
Harrisburg,
GOV PORT

865

"The Pennsylvania Revenue Department announced Tuesday that it is mailing letters to 865 taxpayers whose "personally identifiable" data were on one of four laptops stolen from a rental car in San Francisco, where auditors were working last month.

Thieves smashed the windows of several parked vehicles, including the auditors' car, the Revenue Department said in a news release.

The department said it determined that "some procedures to secure data may not have been followed with one laptop" but the department's computer network hasn't been accessed or hacked.

The taxpayers whose information was on the potentially unsecure laptop will receive free credit monitoring services and other protections. Details will be provided in the letter."

More Information: http://www.mcall.com/news/local/watchdog/blog/mc-stolen-government-lapto...

 
Information Source:
Media
records from this breach used in our total: 0
July 8, 2016 Omni Hotels & Resorts
Dallas, Texas
BSO HACK

Unknown

"On May 30, 2016, we discovered we were the victim of malware attacks on our network affecting specific point of sale systems on-site at some Omni properties.  The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date."

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62753

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 6, 2016 California Department of Corrections and Rehabilitation
Stockton, California
GOV DISC

Unknown

"We are writing to you because of a security incident that occurred on May 2, 2016 at the California Health Care Facility.  An employee inadvertently e-mailed a docuemtn containing your personal information to the wrong person."

Information compromised included first and last names and Social Security numbers.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62703

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 30, 2016 KontrolFreek, LLC
Atlanta, Georgia
BSO HACK

Unknown

"We recently became aware that an unauthorized third party accessed the KontrolFreek servers and acquired certain payment card information of some of our customers.  Promptly after learning of the issue, we took steps to secure our website and determine the nature and scope of the issue.  In addition, we retained a data security expert to conduct a forensic investigation."

The information compromised included names, addresses, payment card number and security code.

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 30, 2016 Kool Kids Model & Talent Management
Marina del Rey, California
BSO PORT

Unknown

"APPLE Store- Topanga, CA referred us to ACS Computer Services-Tarzana, CA to remove the hard drive from our MacBook pro prior to a repair service.  While removing the hard drive and transferring it to an external hard drive case ACS COMPUTER SERVICES allegedly misplaced the MacBook Pro hard drive."

The information compromised included names, Social Security numbers, addresses, bank account numbers and payroll records.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62623

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 29, 2016 Vertical Scope Inc.
Toronto,
BSO HACK

Unknown

"On June 13, 2016, we became aware that February 2016 data stolen from VerticalScope was being made available online."

The information compromised included member usernames, email addresses, hashed passwords, community userIDS, community website, and IP addresses usernames originally registered with.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62619

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 29, 2016 Massachusetts General Hospital
Boston, Massachusetts
MED HACK

4,293

As reported by Health and Human Services hacking/IT incident/network server. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
June 27, 2016 Ceaton C. Falgiano
Buffalo, New York
MED DISC

650

As reported by Health and Human Services unauthorized access/disclosure. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
June 27, 2016 Linda J White, DDS, PC
Manassas, Virginia
MED PORT

2,000

As reported by Health and Human Services theft/other portable electronic device. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
June 27, 2016 Hard Rock Hotel & Casino Las Vegas
Las Vegas, Nevada
BSO HACK

Unknown

"The Hard Rock Hotel & Casino in Las Vegas said Monday that customer payment-card data was accessed after malware was placed on the resort’s payment-card system, becoming the latest hotel to report such a breach.

The company said the card-scraping malware identified data including cardholder name, card number, expiration date and internal verification code, in some cases. Hard Rock said that cards used at some restaurant and retail outlets between Oct. 27 and March 21 could have been impacted. The number of potential cards impacted wasn’t immediately disclosed."

More Information: http://www.wsj.com/articles/hard-rock-las-vegas-reports-card-data-breach...

Hard Rock statement: http://oag.ca.gov/system/files/Hard%20Rock%20-%20Regulatory%20Packet%20%...?

 
Information Source:
Media
records from this breach used in our total: 0
June 24, 2016 Mercy Medical Center Redding
Redding, California
MED INSD

Unknown

"On June 6, 2016, Dignity Health learned your information was accessed inappropriately.  Our business partner, naviHealth employed a person as a case manager who was working under a false name and nursing license.  This case manager was employed by naviHealth from June 2015 to May 2016.  When naviHealth discovered the problem, it immediately severed ties with the case manager and prevented further computer access.  Law enforcement was contacted, and naviHealth is cooperating in the on-going investigation.

Unfortunately, the case manager accessed your patient informattion as part of his work.  The information accessed includes the following:

  • your standard clinical information, such as diagnosis, lab results, medications, dates of treatment, and provider notes;
  • your individual information, such as name, address, phone number, social security number, date of birth, email, medical record number, account number, dates of service; and
  • your health insurance account information, such as group health plan number and member ID"

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62536

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 23, 2016 Texas Health and Human Services
Dallas, Texas
MED PHYS

600

"A storage contractor has informed the Texas Health and Human Services Commission (HHSC) that 15 storage boxes have been discovered to be missing. The boxes were stored at three Iron Mountain facilities in Dallas, Fort Worth, and Irving.

The boxes contained files relating to individuals who had applied to HHSC for medical assistance between January 1, 2008 and August 31, 2009. The files contained names, addresses, dates of birth, Social Security numbers, Social Security claim numbers, bank account numbers, Medicaid/individual numbers, and medical record numbers. The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights indicates 600 individuals were affected."

More Information: http://www.hipaajournal.com/texas-health-human-services-commission-notif...

 
Information Source:
Media
records from this breach used in our total: 600
June 21, 2016 Uncommon Care, P.A.
Angier, North Carolina
MED HACK

13,674

As reported by Health and Human Services hacking/IT incident/network server. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
June 20, 2016 GoToMyPC
Santa Clara, California
BSO HACK

Unknown

"GoToMyPC, a service that helps people access and control their computers remotely over the Internet, is forcing all users to change their passwords, citing a spike in attacks that target people who re-use passwords across multiple sites."

"John Bennett, product line director at Citrix, said once the company learned about the attack it took immediate action. But contrary to previous published reports, there is no indication Citrix or its platforms have been compromised, he said.

“Citrix can confirm the recent incident was a password re-use attack, where attackers used usernames and passwords leaked from other websites to access the accounts of GoToMyPC users,” Bennett wrote in an emailed statement. “At this time, the response includes a mandatory password reset for all GoToMyPC users. Citrix encourages customers to visit the  GoToMyPC status page to learn about enabling two-step verification, and to use strong passwords in order to keep accounts as safe as possible. ”

More Information: http://krebsonsecurity.com/category/data-breaches/

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
June 17, 2016 Midland Women's Clinic
Midland, Texas
MED DISC

717

As reported by Health and Human Services unauthorized access/disclosure. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
June 17, 2016 Allergy, Asthma & Immunology of the Rockies, PC
Glenwood Springs, Colorado
MED HACK

6,851

As reported by Health and Human Services hacking/IT incident/network server. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
June 17, 2016 Bizmatics, Inc.
San Jose, California
MED HACK

Up to 177,000 (this number was increased as a result of a new report by HIPAA Journal (6/24/2016)

"A healthcare provider in Colorado, Vincent Vein Center, is the latest organization to notify the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) about a breach of protected health information stemming from a malicious hacker attacking Bizmatics’ data servers.

Bizmatics provides ambulatory software and electronic health records serving 15,000 healthcare providers."

Each customer/provider is reporting the specific numbers to Health and Human Services. We will be reporting the specific provider records breached as they are reported by HHS.

The information provided to date knowledge of these following entities have been reported as affected by the Bizmatic breach.

- Integrated Health Solutions- Pennsylvania

- ENT & Allergy Center- Arkansas

- Vincent Vein Center- Colorado

- Southeast Eye Institute/Eye Associates of Pinellas- Florida

- California Health  & Longevity Institute- California

- Pain Treatment Centers of America and Intervential Surgery Institute- Arkansas

As further information is provided, we will add to this list and make an effort to call out the third party breach in each individual breach post of the entity if and when it is provided.

UPDATE (6/28/2016): Two additional health providers have reported being a part of the Bizmatic breach. The Vein Doctor out of Liberty MO notified that 3,000 patients data had been affected by this data breach. Grace Primary Care. P.C. has also notified patients that they too were affected by the Bizmatic breach and 6,853 patients were potentially affected.

Each of these entities have been reported separately within our Chron stating the number of patients affected by this breach.

More Information: http://www.hipaajournal.com/bizmatics-data-breach-victim-count-rises-alm...

 
Information Source:
Media
records from this breach used in our total: 0
June 16, 2016 Multi-Color Corporation
Batavia, Ohio
BSO PORT

Unknown

"An East Coast law firm representing Multi-Color in litigation.  As part of that representation, the law firm collected data from Multi-Color's systems,  which included HR recrods and information on all current US employees as of April 13, 2016; certain former employees and some employees of a predecessor company; and applicants.  The data was saved to an external hard drive and password protected.  The hard drive was delivered to the law firm and the password was separately emailed to the law firm."

"On May 16, 2016, the law firm informed Multi-Color that someone broke into the law firm's law officees on eithr May 14 or May 15 and stole several items, including the hard drive containing Multi-Color's data and the password."

The information compromised included all current US employees as of April 13, 2016, former employees and employees of a predecessor company all of which may have included names, Social Security numbers, addresses as well as dependent information.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62424

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 14, 2016 Laser & Dermatologic Surgery Center
St. Louis, Missouri
MED HACK

31,000

As reported by Health and Human Services hacking/IT incident/network server. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
June 14, 2016 Kern County Mental Health
Bakersfield, California
MED DISC

1,212

As reported by Health and Human Services improper disposal/paper films. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
June 14, 2016 Sutter County Superior Court
Yuba City, California
GOV DISC

Unknown

"Private personal information of potentially thousands of people was unintentionally available on public access computers in the Sutter County Superior Courthouse on Monday.

The data breach occurred when a new case management system went live Monday morning. The system was taken down the same afternoon after an Appeal-Democrat reporter alerted Court Executive Officer Stephanie Hansel that sensitive and private information was viewable to the public.

For about six hours, anyone who searched for a criminal or traffic case on public access computers could view the defendant's Social Security number, birthday, driver's license number and home address. State court rules clearly say such data should be redacted by court clerks for the protection of privacy."

More Information: http://www.govtech.com/dc/articles/California-County-Courthouse-Suffers-...

 
Information Source:
Media
records from this breach used in our total: 0
June 14, 2016 Democratic National Committee
Washington, District Of Columbia
BSO HACK

Unknown

"Russian government hackers broke into the computer systems of the Democratic National Committee and accessed information about Democratic candidates as well as a database on opposition research against Donald Trump, POLITICO has confirmed."

"In late April, the DNC's IT department noticed some suspicious behavior and contacted DNC chief executive officer Amy Dacey, according to a DNC official. Dacey reached out to DNC lawyer Michael Sussmann, a partner at the Perkins Coie law firm and a former federal prosecutor specializing in cybercrimes. Sussmann called Shawn Henry, the president of cybersecurity firm CrowdStrike, to get his company's help. Within 24 hours of the first signals that something was amiss, CrowdStrike was brought in to install monitoring software to analyze the details of who was responsible. The DNC has also been in contact with the FBI since the hack was discovered."

"CrowdStrike designated two groups that gained access to the DNC's info. One, codenamed Cozy Bear, broke into the DNC last summer and had been monitoring the committee's emails and chats. The other group CrowdStrike dubbed Fancy Bear. It hacked into the DNC in April aiming to get opposition research files. The Fancy Bear breach is what tipped off DNC officials. Fancy Bear was able to gain access to all of the DNC's research staff computers."


More Information: http://www.politico.com/story/2016/06/russian-government-hackers-broke-into-dnc-servers-stole-trump-oppo-224315#ixzz4Bev49jq9

 
Information Source:
Media
records from this breach used in our total: 0
June 14, 2016 University of Connecticut
Storrs, Connecticut
EDU HACK

Unknown

"We are writing to inform you of a data security-related incident that may have involved your personal information.  On March 9, 2015, Information Technology (IT) staff in the School of Engineering detected that malicious software, or "malware", had been placed on a number of servers that are part of the School's technical infrastructure over a period of months, with penetration of the servers beginning as early as September 2013."

The information compromised included names, contact information, Social Security numbers, employment information, student academic information, research data and School of Engineering graduate level admissions data, credit card information, usernames and passwords.

The exact number of individuals affected has not yet been released.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62350

More Informationhttp://today.uconn.edu/2015/07/uconn-responds-to-data-breach-at-school-o...

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 14, 2016 Acer Service Corporation
San Jose, California
BSO HACK

Unknown


"We recently identified a security issue involving the information of certain customers who used our ecommerce site between May 12, 2015 and April 28, 2016, which resulted in unauthorized access by a third party."

The information compromised included names, addresses, card numbers, expiration dates, and three digit security code on the back of cards.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62344

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 13, 2016 Grand Sierra Resort and Casino
Reno, Nevada
BSO HACK

Unknown

"On or around September 29, 2015, the Grand Sierra Resort was contacted by law enforcement regarding an investigation into a potential compromise of payment card inforamtion used at food and retail locations at the Grand Sierra Resort.  We immediately began to cooperate with law enforcement and to investigate this matter.  Third party forensics investigators were retained to assist the Grand Sierra Resort.  On or around January 11, 2016, these investigators confirmed that certain guest payment card information for cards used at food and retail locations at the Grand Sierra Resort may have been compromised."

The information compromised included payment card information including card holder names, credit card numbers, credit card expiration dates, "Track 1 data and Track 2 data"

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62337

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 13, 2016 Momentum for Mental Health
San Jose, California
MED HACK

Unknown

"On June 3, 2016, Momentum was targeted by an e-mail scam called "spoofing". We discovered this incident within hours of it taking place. Nonetheless, it resulted in Momentum inadvertently making person information from your Form W-2 available to an unknown third party."

The information compromised included Social Security numbers, information, wage information, tax deductions.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62338

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 13, 2016 Twitter
San Francisco, California
BSO HACK

32 million is being reported

"Late last week, a password leak hit Twitter, and the company locked millions of user accounts as a result.

It was reported that the login credentials of more than 32 million Twitter users were compromised. According to LeakedSource, which indexes hacked credentials from data breaches, the credentials are being traded on the Dark Web for about 10 bitcoin a pop or a little under $6,000.

LeakedSource goes on to note that passwords are stored as plain text files, and many seem to be attached to Russian users. That detail indicates that the passwords were stolen from users, as opposed to through a hack into Twitter’s central systems.

In response to the leak, Twitter quickly initiated forced resets for many of its users."

More Information: http://www.pymnts.com/news/security-and-risk/2016/twitter-account-lockou...

 
Information Source:
Media
records from this breach used in our total: 0
June 10, 2016 Saint Mary and Elizabeth Hospital
Louisville, Kentucky
MED HACK

1,682

As reported by Health and Human Services unauthorized access/disclosure email. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
June 10, 2016 Riverside Health System
Riverside, California
MED DISC

578

As reported by Health and Human Services unauthorized access/disclosure paper films. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
June 9, 2016 Pruitt Health Hospice Beaufort
Anderson, South Carolina
MED DISC

1,437

As reported by Health and Human Services unauthorized access/disclosure paper films. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
June 8, 2016 WalMart Stores, Inc.
Bentonville, Arkansas
MED DISC

27,393

As reported by Health and Human Services unauthorized access/disclosure paper films. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
June 7, 2016 Midland County Hospital District dba. Midland Memorial Hospital
Midland, Texas
MED DISC

1,468

As reported by Health and Human Services unauthorized access/disclosure/paper films. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
June 7, 2016 Vincent Vein Center
Grand Junction, Colorado
MED HACK

2,250

This breach appears to be part of the third party vendor, Bizmatic breach. Bizmatic provides EMR/EHR software to 15,000 customers in the medical industry. The media report specifically states that Vincent Vein Centers breach included Social Security numbers as part of the breach.

More Information: http://www.healthcare-informatics.com/news-item/cybersecurity/close-1500...

As reported by Health and Human Services hacking/IT incident/electronic medical record. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 2,250
June 7, 2016 Grace Primary Care, PC
Huntsville, Tennessee
MED HACK

6,853

As reported by Health and Human Services hacking/IT incident/network. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
June 7, 2016 State Farm Mutual Automobile Insurance Company
Bloomington, Illinois
BSF INSD

Unknown

" On January 21, 2016, State Farm opened an investigation related to employees of a State Farm independent contractor agent in Chino Hills, CA.  The investigation determined there was misappropriation of customer payments that were either diverted or not correctly applied to customers' accounts."

The information compromised included "customer funds, misuse of some customer financial cards, and accessing and changing some customers' contact information". Some information was used to add additional insurance coverage without the policyholders' knowlede and consent.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62237

 
Information Source:
California Attorney General
records from this breach used in our total: 0
Breach Total
900,077,018 RECORDS BREACHED
(Please see explanation about this total.)
from 5,025 DATA BREACHES made public since 2005

Pages

Showing 1-50 of 5024 results