Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: Current

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

  • Scroll down to view the Chronology and/or to use our sort feature

  • Download a CSV file showing ALL breaches (A CSV file is a type of Excel spreadsheet that enables you to sort and analyze the breach listings in numerous ways)

Click or unclick the boxes then select go.


Select features then click GO. To modify your search, check or uncheck the boxes and click GO.


Reset the checkboxes to the default "all selected."

Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.

display_id:page_1

display_id:page_1

Breach Total
845,478,057 RECORDS BREACHED
(Please see explanation about this total.)
from 4,557 DATA BREACHES made public since 2005
Date Made Publicsort ascending Name Entity Type
July 2, 2015 Harvard University
Cambridge, Massachusetts
EDU HACK

Unknown

Harvard University is notifying individuals of a data breach to their system that included 8 colleges and administrations.

Those colleges and administrations include the Faculty of Arts and Sciences, Harvard Divinity School, Radcliffe Institute for Advanced Study, Central Administration, the Graduate School of Design, Harvard Graduate School of Education, Harvard John A. Paulson School of Engineering and Applied Sciences, or Harvard T.H. Chan School of Public Health.

The university has not commented on how many individuals were affected or what information was compromised. The university is requesting that anyone who is associated with any of the entities to change their username and password.

More Information: http://fortune.com/2015/07/02/harvard-data-breach/

 
Information Source:
Media
records from this breach used in our total: 0
July 2, 2015 Bonita Unified School District
San Dimas, California
EDU HACK

Unknown

The Bonita Unified School District notified parents and students of a breach when unauthorized access was discovered at San Dimas High School server.

On June 2, 2015 the district discovered the unauthorized access to the high school's student database and noticed that several students grades had been changed. The district believes that the individual (s) that changed the grades also downloaded personal information of students.

The information compromised included names, Social Security numbers, birthdates, medical information, the school's systems usernames and passwords, addresses, email addresses, and phone numbers.

The district is providing 12 months free of ProtectMyID Alert from Experian for those affected. Those with questions can call 1-909-971-8320 and ask for Donna Martin at ext. 5201 Monday through Friday 8:00 am to 4:30 pm Pacific Time.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56705

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 2, 2015 The Trump Hotel Collection
New York, New York
BSO HACK

Unknown

The Trump Hotel Collection appears to be the latest victim of a credit card breach. Banks noticed a string of fraudulent debit and credit card charges all coming from several Trump Hotels.

"The Trump Organization just acknowledged the issue with a brief statement from Eric Trump, executive vice president of development and acquisitions: “Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties,”"

The Trump Hotels have locations in Chicago, Honolulu, Las Vegas, Los Angeles, Miami, and New York.  How many individuals affected is not yet known.

More Information: http://krebsonsecurity.com/2015/07/banks-card-breach-at-trump-hotel-prop...

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
June 29, 2015 State Department
Washington, District Of Columbia
GOV INSD

Unknown

Two brothers, Muneeb and Sohaib Akhter, have pleaded guilty to various charges including conspiracy to access a protected computer without authorization, wire fraud, and accessing government computers without authorization.  Muneeb Akhter, pleaded separately to additional charges including accessing a protected computer without authorization, obstructing justice and making false statements.

Muneeb Akhter "stole thousands of customers' credit card details, along with other personal information of consumers, by hacking into a cosmetic company's website in March 2014. Then, the brothers and co-conspirators used to the stolen data to purchase "goods and services, including flights, hotel reservations, and attendance at professional conferences,” The DOJ release said. “Muneeb Akhter also provided stolen information to an individual he met on the ‘dark net,' who sold the information to other dark-net users and gave Akhter a share of the profits.” "

Sohaib Akhter was employed in a contract position with the State Department and begain obtaining passport and visa information, as well as additional sensitive data from the agency's servers.

Sohaib "devised a scheme to ensure that he could maintain perpetual access to desired State Department systems. Sohaib Akhter, with the help of Muneeb Akhter and co-conspirators, attempted to secretly install an electronic collection device inside a State Department building. Once installed, the device could have enabled Sohaib Akhter and co-conspirators to remotely access and collect data from State Department computer systems.  Sohaib Akhter was forced to abandon the plan during its execution when he broke the device while attempting to install it behind a wall at a State Department facility in Washington, D.C.,” as communicated by a DOJ spokesperson.

More Information: http://www.scmagazine.com/brothers-accused-of-state-dept-hack-plead-guil...

 
Information Source:
Media
records from this breach used in our total: 0
June 26, 2015 Medical Informatics Engineering
Fort Wayne, Indiana
MED HACK

Unknown

Medical Informatics Engineering has notified individuals of a data breach when they noticed suspicious activity on one of their servers.

The company has determined that some protected health information was exposed including names, home addresses, email addresses, dates of birth, Social Security numbers, lab results, dictated reports and medical conditions.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56609

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 25, 2015 Bank of Manhatten Mortgage Lending
Manhattan, New York
BSF DISC

Unknown

The Bank of Manhattan Mortgage Lending notified customers of a data breach when an employee handled mortgage information of customers that did not meet the company policies, which may have resulted in disclosure of customers loan file information.

The information compromised included names, addresses, loan numbers, phone numbers, Social Security numbers, birth dates, credit information, tax information, and other financial information.

The company is offering free identity theft protection services through Kroll. For those who were affected call 1-866-775-4209.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56587

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 22, 2015 Trustmark Mutual Holding Company
Lake Forest, Illinois
BSF DISC

Unknown

Trustmark Insurance Company contacted customers regarding a data breach. The company discovered that "our automated billing e-mail system generated and sent encrypted e-mails to certain insurance carrier clients.  While each encrypted email should have contained a single file with information related to each carrier's insureds, on May 14, 2015, we discovered that a software error resulted in each carrier receiving file attachments for all of the carriers instead of just the one file related to their own insureds."

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56493

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 22, 2015 Summit Financial Group
La Mesa, California
BSF DISC

662

Summit Financial Group contacted customers regarding a data breach of their information. An employee of Summit Financial Group inadvertently copied data of other clients onto CD's that should have contained only the individuals information. Those CD's were mailed to clients and soon thereafter Summit clients contacted the company alerting them to the fact that other individuals personal information was on their CD.

The information contained names, addresses, dates of birth, Social Security numbers, and income.  The company has claimed that they have contacted all the individuals who received a CD and they have either been gathered by the company or destroyed.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56repo501

 
Information Source:
California Attorney General
records from this breach used in our total: 662
June 19, 2015 Dungarees
Portland, Oregon
BSR HACK

Unknown

Dungarees notified customers of a breach to their system when they discovered an illegal hack that may have compromised customer credit card or debit card information. Based on the investigation the company believes that information provided with orders placed on their website between March 26, 2015 and June 5, 2015 was compromised.

The information compromised included names, billing information, address, email addresses, credit or debit card number, the card expiration number and the CVV codes on the back of the card.

The company is providing those affected with identity theft protection through ID Experts. Those affected can call -866-833-7917 to speak to a representative.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56488

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 16, 2015 Houston Astros
Houston, Texas
BSO HACK

Unknown

The FBI is investigating allegations that the St. Louis Cardinals baseball club hacked into the network of the Houston Astros baseball club to gain information regarding the Astros statistics, scouting reports and internal documents regarding players and trades.

The St. Louis Cardinals will not comment on the ongoing investigation.

More Information: http://www.nytimes.com/2015/06/17/sports/baseball/st-louis-cardinals-hac...

 
Information Source:
Media
records from this breach used in our total: 0
June 15, 2015 LastPass
Fairfax, Virginia
BSO HACK

Unknown

LastPass notified customers of a data breach when they discovered suspicious activity on their network. The company has communicated that "In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised."

The company is requiring that "all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password."

More Information: http://gizmodo.com/lastpass-defender-of-our-passwords-just-got-hacked-17...

 
Information Source:
Media
records from this breach used in our total: 0
June 12, 2015 Fred's Inc.
Memphis , Tennessee
BSR HACK

Unknown

Fred's Inc. announced that it is investigating a potential breach when malware was discovered on their point-of-sale system.  The discount merchandiser operates 650 stores in multiple states and the company is not clear on how many stores were affected.

"Sources said it was unclear how many Fred’s locations were affected, but that the pattern of fraudulent charges traced back to Fred’s stores across the company’s footprint in the midwest and south, including Alabama, Arkansas, Georgia, Indiana, Kentucky, Louisiana, Mississippi, Tennessee and Texas."

More Information: http://krebsonsecurity.com/2015/06/discount-chain-freds-inc-probes-card-...

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
June 10, 2015 Missing Link Networks Inc.
Calistoga, California
BSO HACK

Unknown

Missing Link Networks Inc notified customers of a breach of their networks exposing customer credit cards. Missing Link Networks provides credit card processing and point of sale services.

The company began reaching out to its customers notifying them that "Beginning on May 27, 2015, we began notifying our winery customers that eCellar Systems, our consumer-direct sales platform, had been breached during the month of April, 2015 by an unknown intruder". This particular platform services numerous wineries in California and elsewhere.

The information compromised included customer names, credit/debit card numbers, billing address, and dates of birth. The company is confirming that Social Security numbers, the CVV and pin numbers were not compromised.

More Information: http://krebsonsecurity.com/2015/06/breach-at-winery-card-processor-missing-link/ 

 

UPDATE (7/3/2015): The vineyards reportdely affected by this breach include the following: All notificatons can be found on the California Attorney General's data breach site at http://oag.ca.gov/ecrime/databreach/list

Cain Vineyard

Corison Winery

Charles Krug Winery (C. Modavi & Family)

Flora Springs Winery and Vineyard

Gemstone

Heitz Wine Cellars

Jessup Cellars dba. The Good Life Wine Collective

Larkmead Vineyards Vinter and Grower

Martinelli Winery

Outpost Vineyards

Palmaz Vineyards

Pride Mountain Vineyards

Repris Vineyards

Rhys Vineyards

Silverado Vineyards

Signorello Estate

Round Pond Estates

Summers Estate Wines

Spring Mountain Vineyards

Peter Michael Winery

Rombauer Vineyards, Inc.

Turley Wine Cellars

Clif Bar Family Winery & Farm, LLC

 

 

 

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
June 4, 2015 Office of Personnel Management (OPM)
Washington , District Of Columbia
GOV HACK

18,000,000, this number increased after hearings.

The Office of Personnel Management will be notifying over 4 million current and former federal employees of a data breach thought to be perpetrated by Chinese hackers. Federal officials stated that the hacking exposed employee's job assignments, performance and training. Officials stated that no "background or clearance investigations" were exposed. They are not stating whether or not the information that was exposed included any Social Security information or financial information.

More Information: http://www.washingtonpost.com/world/national-security/chinese-hackers-breach-federal-goernments-personnel-office/2015/06/04/889c0e52-Oaf7-11e5-95fd-d580f1c5d44e_story.html

Breach FAQ: http://www.opm.gov/faqs/topic/cybersecurityinformation/

UPDATE (06/15/2015): Very interesting timeline laid out by Brian Krebs which includes the OPM breach, along with connections to various other breaches that are very similar attacks to OPM. http://krebsonsecurity.com/2015/06/catching-up-on-the-opm-breach/

UPDATE (06/24/2015): The 4.2 million individuals reported to have been affected by the OPM breach, has now increased to approximately 18 million individuals, including individuals that applied for jobs but never ended up being hired.

More Information: www.cnn.com/2015/06/22/politics/opm-hack-18-million/index.html

UPDATE (06/25/2015): The head of OPM has publicly stated that they are investigating the breach of 18 million Social Security numbers as part of the recent hacking at the OPM Currently we are now including the 18 million in our breach total number as prior the office would not state specifically what information in the records was obtained.

Authorities are also stating that the hack can be defined as two distinct breaches.

More Information: http://www.wsj.com/articles/hack-defined-as-two-distinct-breaches-1435158334

UPDATE (7/2/2015): The Office of Personnel Management has had a class-action lawsuit filed against them over the recent data breach by a federal employee's union. The suit claims that OPM's negligence led to the breach. Since 2007 when OPM had been notified by the Office of Inspector General that there were deficiencies in the agency's cybersecurity processes, the agency failed to correct the issues.

More Information: http://www.computerworld.com/article/2942038/security/opm-hit-by-classac...

 
Information Source:
Media
records from this breach used in our total: 18,000,000
June 3, 2015 Gallant Risk and Insurances Services
Corona, California
BSF PORT

Unknown

Gallant Risk and Insurances Services notified customers of a potential data breach when their offices were broken into and several company laptops were stolen. The laptops were password protected according to the company.

The company did not disclose what type of information may have been stored on the laptops.

The company is providing ID theft protection through Kroll free for one year. For those affected call 1-855-330-6366 from 8:00 a.m to 5:00 p.m Central Time.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-56236

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0
May 26, 2015 Internal Revenue Service
Washington, District Of Columbia
GOV UNKN

100,000

A previous story that was broken by Brian Krebs, Krebs On Security, regarding fradulent tax returns being filed by identity thieves who gained the information using data directly from the IRS website, was confirmed today by the IRS Commissioner Josh Koskinen.

Mr. Koskinen confirmed that the identity thieves pulled data off of the IRS website to file fraudulent tax returns on unsuspecting individuals. The IRS became suspicious due to a large increase of individuals requesting their tax transcripts. The investigation revealed that approximately 200,000 suspicious attempts occurred and 100,000 of those were successful in being authenticated through the IRS website. According to the IRS these atte27/politics/irs-cyber-breachmpts started in February and continued through mid-May 2015 and totaled over $50 million dollars in fraudulent refunds.

More Information: http://krebsonsecurity.com/2015/05/irs-crooks-stole-data-on-100k-taxpayers-via-get-transcript-feature/    

UPDATE (5/28/2015): The IRS has communicated that the recent breach of 100,000 individuals they believe originated from Russia. The IRS is claiming that this was not a hack, instead that they "went in the front door of the IRS and unlocked it with the key".

More Information: http://www.cnn.com/2015/05/27/politics/irs-cyber-breach-russia/index.html

 
Information Source:
Krebs On Security
records from this breach used in our total: 100,000
May 20, 2015 CareFirst BlueCross BlueShield
Baltimore, Maryland
BSF HACK

1.1 million

The largest insurer in the Baltimore regions, CareFirst BlueCross BlueShield notified customer of a cyberattack to a single database, comprising the information of approximately 1.1 million individuals.

The hackers were able to access names, birth dates, email addresses and insurance identification numbers. CareFirst has stated that they did not gain Social Security numbers, credit card numbers, passwords or medical information in the breach.

The insurer is offering free credit monitoring for two years even though individual no financial or Social Security data was compromised.

The company has posted more answers to the attack at www.carefirstanswers.com.

More Information: http://www.baltimoresun.com/health/bs-bz-carefirst-data-breach-20150520-...

 

 
Information Source:
records from this breach used in our total: 0
May 15, 2015 Penn State College of Engineering
University Park, Pennsylvania
EDU HACK

18,000

Penn State's College of Engineering announced that their servers were hacked in two different intrustions. The hackers are believed to be based in China and may have exposed "at least 18,000 people and possibly other sensitive data".

Penn State's President sent a letter out to students and faculty informing them that the college's network had been disconnected to the Internet while they investigate the intrusio. Read more here: http://news.psu.edu/story/357654/2015/05/15/administration/message-presi...

The information compromised has not yet been made public, all College of Engineering faculty, staff and students were affected. Those who also had taken at least one engineering class would be affected as well. The university is requiring those who meet this criteria change their username and password. They have set up a VPN and will be required to use two-factor authentication.

More Information: http://arstechnica.com/security/2015/05/penn-state-severs-engineering-ne...

 
Information Source:
Media
records from this breach used in our total: 0
May 12, 2015 Starbucks
Seattle, Washington
BSR HACK

Unknown

Starbucks is responding to unauthorized access by hackers into the Starbucks mobile application,  draining dollars out of customers bank accounts, credit cards and paypal accounts.

According to one report, "The Starbucks app lets you pay at checkout with your phone. It can also reload Starbucks gift cards by automatically drawing funds from your bank account, credit card or PayPal.

That's how criminals are siphoning money away from victims. They break into a victim's Starbucks account online, add a new gift card, transfer funds over -- and repeat the process every time the original card reloads."

Starbucks had denied the unathorized activity was a result of a hack or intrusion into its servers. Starbucks has received complaints from customers regarding unauthroized activity and they claim it is"primarily caused when criminals obtain reused names and passwords from other sites and attempt to apply that information to Starbucks." The company will be reimbursing those who had fraudulent charges to their account.

The company suggest customers use stronger, unique usernames and passwords and turn off the "reload" feature in the application.

More Information: http://money.cnn.com/2015/05/13/technology/hackers-starbucks-app/

More Information: http://krebsonsecurity.com/2015/05/starbucks-hacked-no-but-you-might-be/

 
Information Source:
Media
records from this breach used in our total: 0
May 4, 2015 Sally Beauty Supply
Denton, Texas
BSR HACK

Unknown

Salley Beauty has announced the possiblity of another data breach to their payment systems. The company said they were investigating "unusual activity of payment cards at some stores" but do not know yet how many customer cards were affected.

Last March the company announced a similar attack to their payment systems, compromising over 25,000 customer payment cards. The company thought they had shut down the malicious attempts.

More Information: www.wsj.com/articles/sally-beauty-investigating-possible-data-breach-1430747729

 
Information Source:
Media
records from this breach used in our total: 0
May 1, 2015 Harbortouch
Allentown, Pennsylvania
BSO HACK

4,200

Harbortouch, a POS vendor, announced a breach of several of the companies restaurant and bar customers. Patrons to the restaurants and/or bars were notified that their payment cards may have been compromised when malicious software was found on the POS systems.

 

More Information: http://krebsonsecurity.com/2015/05/harbortouch-is-latest-pos-vendor-breach/

 
Information Source:
Krebs On Security
records from this breach used in our total: 4,200
April 24, 2015 Stater Brothers Market
West Covina, California
BSO HACK

Unknown

Stater Brothers Markets in West Covina has sent out a notice to the public to help aprehend three suspects who placed a skimmer device on a pin pad in the deli department of the grocery chain located  at 375 North Azuza Avenue, West Covina California.

They have also send the notification out for those who may have used their debit or credit card at the West Covina location from March 5, 2015 and March 29, 2015 to review their bank or credit card statements for any unauthorized activity. They are cautioning to change the pin if a debit card was utilized and contact the financial institutions that hold the card so new cards can be issued.

For those with any information on the suspects, they are asking individuals to call 1-855-782-8377 between 8:99 a.m and 5:00 p.m Monday through Friday.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-55627

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 16, 2015 American Sleep Medicine
San Diego, California
MED PORT

Unknown

American Sleep Medicine has notified patients of a data breach that has occurred when an external hard drive was stolen from a locked server room at their facility. The hard drive contained patient data from previous sleep studies. The specific information included names, dates of birth, name of referring doctor, name of interrpreting doctor, medical history and sleep study results. According to the facility no Social Security numbers or financial information was on the external hard drive.

For questions, call 858-277-7353 or toll free at 844-238-9431.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-49386

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 14, 2015 Damariscotta County Sherrifs Department
Damariscotta, Maine
GOV HACK

Unknown

A Sheriffs Department in Damariscotta Maine was forced to pay hackers $300 in bitcoins to retrieve confidential records being held hostage by hackers who broke into their system. The FBI traced back the bitcoins to a Swiss account but have no other details as to who perpetrated this hacking.

The malware installed on the system happened when someone at the Sheriffs department clicked a link allowing the malware to be installed on their system, which in turn the hackers then held the information hostage until they were paid a ransom to release the malware.

More Information: www.technewstoday.com/-us-police-department-forced-to-pay-bitcoins-after-hackers-enter-system/

 
Information Source:
Media
records from this breach used in our total: 0
April 13, 2015 Homebridge (formerly In-Home Supportive Services)
San Francisco, California
MED HACK

Unknown

Homebridge, formerly the In-Home Supportive Services, notified current and former employees of a data breach on several computers when malware was installed potentially compromising individual information.

The information accessed between January and March 2015 included first and last names, addresses, and Social Security numbers. The company has been informed that the information obtained may have been used to file fradulent tax returns.

The company is offering one year free of ID Guard. For questions call Human Resources at 415-659-5331.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-49328

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 13, 2015 Stanislaus Surgical Hospital
Modesto, California
MED UNKN

Unknown

Stanislaus Surgical Hospital notified individuals of a data security breach that occurred on April 5, 2015. They do not state exactly how the breach occurred in their notification letter. The information compromised included names, addresses, account numbers, Social Security numbers and other personally identifiable information.

The hospital is providing one year free of Experian's ProtectMyID Elite to those affected. For questions call 1-87-441-6943.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-49325

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 13, 2015 Grapevine Police Departments
Grapevine, Texas
GOV HACK

Unknown

A group demanding the dashcam video of a shooting be released to the public, hacked the database of the Grapevine Police Department posting a video demanding this release.

The police department is currently investigating the hacking of their system.

More Information: www.thescoopblog,dallasnews.com/2015/04/anonymous-hacker-group-demands-police-video-of-shooting-of-mexican-immigrant-by-grapevine-cop,html/

 

 
Information Source:
Media
records from this breach used in our total: 0
April 10, 2015 Kellog & Andelson Global Management
Woodland Hills, California
BSF HACK

Unknown

Kellogg & Andelson Global Management notified individuals of a data breach when a server containing client account information was hacked. The information exposed included names, addresses, dates of birth, Social Security numbers, financial account numbers of both the individual account holder and potential family members.

The company is provided identity protection services for 2 years for free through Experian's ProtectMyID Elite. Victims can go to www.protectmyide.com/protect and provide the activation code provided by Kellog & Anderson's notification letter.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-49323

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 10, 2015 HSBC Finance Corporation
Brandon, Florida
BSF DISC

Uknown

HSBC notified customers of a data breach when customer mortgage information was inadvertently exposed via the Internet, which included personal information.

The personal information included names, Social Security numbers, account numbers and old account information.

The company is providing Identity Guard for 12 months free for those affected.  They can be reached at the Identity Guard Victim Recovery Services phone line at 1-800-901-7107 Monday-Friday 8 a.m-11 p.m, and Saturday 9 a.m-6 p.m Eastern Time.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-49318

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 10, 2015 University of California, Riverside Graduate Division offices
Riverside, California
EDU PORT

Unknown

The University of California, Riverside's Graduate Divison offices notified individuals of a theft of a laptop computer that included graduate student application information including Social Security numbers, first and last names.

For questions call UCR's Risk Management Office at 1-866-827-4844

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-49300

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 8, 2015 AT&T
Dallas, Texas
BSO INSD

280,000 US citizens affected

The FCC has fined AT&T $25 million dollars after an investigation revealed that three separate international call centers are at the center of a data breach of customer information.

Call centers in Mexico, the Phillipines and Columbia all had similar incidences "when employees accessed sensitive customer data without adequate authorization. Those employees took payment from third parties who were apparently interested in customer names and Social Security numbers so they could unlock stolen cell phones for sale on secondary markets."

As part of the settlement, AT&T has agreed to notify those customers that were affected and offer one year free of credit monitoring services.

More Information: http://www.cnbc.com/id/

 
Information Source:
Media
records from this breach used in our total: 280,000
April 6, 2015 Tulare County Health and Human Services
Visalia, California
GOV DISC

845

The Tulare County Health and Human Services Agency notified individuals of a breach of their personal information when an HHSA employee emailed approximately 845 patients from the Visalia and Farmersville clinics exposing information to access their medical portal. The agency disabled all patient portal accounts and are asking individuals to change their email addresses, re-register through the portal and change the PIN to login to the patient portal. The agency did not disclose specifically what personal information may have been viewable.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-49239

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 3, 2015 Microsoft/Xbox One
Redmond, Washington
BSO HACK

11,266 login-credentials stolen from unamed company

A 19 year hacker has pleaded guilty to hacking and stealing "11,266 log-in credentials from an unnamed which he then shared amongst the other members." Austin Alcala was part of a larger hacking network that stole software and data from gaming companies such as Microsoft, Valve, Epic. The group stole internal documents from companies, source code and games that had not yet been released to the public.

The items stolen were stated to be worth approximately $100 million dollars. The hacking took place from 2012 to 2014.

More Information: http://www.welivesecurity.com/2015/04/03/us-teen-pleads-guilty-100-milli...

 

 

 
Information Source:
Media
records from this breach used in our total: 0
April 2, 2015 Intuit
San Diego, California
BSF UNKN

Unknown

Intuit informed customers of a potential breach to their information after reviewing customer accounts. In this review, Intuit identified certain TurboTax accounts may have been accessed by someone other than the account holder. The company believes that usernames and passwords were stolen by using username/password combinations from other sources, not directly from the Intuit site.

The company automatically changed usernames and passwords to protect from further potential unauthorized access. The company is offering credit monitoring through ProtectMyID through experian for free. For information, email TTaxInvestigations@intuit.com or call 1-866-602-4279.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-49249

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 2, 2015 SRI, Inc.
Mclean , Virginia
BSO HACK

Unknown

SRI, Inc. notified customers of a data breach when they discovered an unauthorized access of their website software. The unauthorized access may have been going on since December of 2014 and files containing individual personal information may have been accessed.

The information accessed included names, addresses, Social Security numbers, tax identification numbers, and financial information which included bank account and routing numbers.

For questions call 1-800-800-9588

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-49214

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 2, 2015 California Department of Business Oversight
Sacramento, California
GOV DISC

Unknown

The California Department of Business Oversight notified both registered investment advisers and broker-dealers that some of their personally identifying informatino was accidentally disclosed when typical procedure to redact the information either failed or was neglected. The information exposed included Social Security numbers of these individuals. The DBO did not mention the other information exposed on the forms.

For those with questions call 1-866-275-2677.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-49208

 
Information Source:
California Attorney General
records from this breach used in our total: 0
March 17, 2015 Premera Blue Cross
Mountlake Terrace, Washington
BSF HACK

11 million

Premera Blue Cross notified customers of a data breach of their system by a cyberattack that compromised medical, personal and financial data of 11 million customers.

The information compromised included medical information, bank account numbers, Social Security numbers, birth dates, names, addresses and other personal information.

"About six million of the people whose accounts were affected are residents of Washington state, where customers include employees of Amazon.com, Microsoft and Starbucks, according to Premera. The rest are scattered across the United States."

The breach was uncovered on January 29, 2015.

More Information: http://www.nytimes.com/2015/03/18/business/premera-blue-cross-says-data-...

 
Information Source:
Media
records from this breach used in our total: 11,000,000
March 16, 2015 Advantage Dental
Redmond, Washington
MED HACK

151,626

Advantage Dental notified 151,626 patients of data breach when their database of patient information was hacked between February 23rd and February 26th. The hackers had access to patient names, dates of birth, phone numbers, Social Security numbers and home addresses.

Advantage is offering credit monitoring and call center support through Experian. For further information go to Advantage homepage https://secure.advantagedental.com/

More Information: http://portlandtribune.com/pt/9-news/253880-123802-advantage-dental-says...

 

 
Information Source:
Media
records from this breach used in our total: 151,626
March 16, 2015 Apple America Group LLC
Independence, Ohio
BSF PORT

Unknown

Apple America Group, LLC informed employees of a data breach when a portable USB flash drive owned by a third party vendor containing payroll information was lost.

The information on the portable usb drive included names, addresses, Social Security numbers, and wage and tax information.

More Information: http://oag.ca.gov/system/files/Non-Massachusetts%20consumer%20notificati...?

 
Information Source:
Massachusetts Attorney General
records from this breach used in our total: 0
March 16, 2015 Bistro Burger
San Francisco, California
BSO HACK

Unknown

Bistro Burger confirmed that malware was installed on the point-of-sale system at their San Francisco location between October 2, 2014 and December 4, 2014. The information compromised included names, payment card account numbers, card expiration dates and security codes.

 
Information Source:
Media
records from this breach used in our total: 0
March 9, 2015 Inland Empire Health Plan/Children's Eyewear Sight
Rancho Cucamonga, California
MED PORT

Unknown

Inland Empire Health Plan notified customers of a data breach when a desktop computer and other items were stolen from Children's Eyewear Sight. The police were able to aprehend the individual who perpetrated the theft.

The files on the computer included names, dates of birth, genders, addresses, contact phone numbers, email addresses, IEHP Member ID number, dates of appointments, dates of purchases, and the names of doctors who provided services.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-47991

 
Information Source:
California Attorney General
records from this breach used in our total: 0
March 4, 2015 Mandarin Oriental Hotel Group
New York, New York
BSO HACK

Unknown

The hotel chain Mandarin Oriental has announced that their point-of-sale systems were hacked and infected with malware that stole customer credit card data. The hacking, according to the hotel chain, is limited to hotels in the U.S and Europe.

The company has not communicated exactly how many of the hotels locations were compromised only stating that "Mandarin Oriental can confirm that the credit card systems in an isolated number of our hotels in the US and Europe have been accessed without authorization and in violation of both civil and criminal law. The Group has identified and removed the malware and is coordinating with credit card agencies, law enforcement authorities and forensic specialists to ensure that all necessary steps are taken to fully protect our guests and our systems across our portfolio.Unfortunately incidents of this nature are increasingly becoming an industry-wide concern. The Group takes the protection of customer information very seriously and is coordinating with credit card agencies and the necessary forensic specialists to ensure our guests are protected.”

According to Krebs on Security, "banking industry sources say the breach almost certainly impacted most if not all Mandarin hotels in the United States, including locations in Boston, Florida, Las Vegas, Miami, New York, and Washington D.C. Sources also say the compromise likely dates back to just before Christmas 2014."

More Information: http://krebsonsecurity.com/2015/03/credit-card-breach-at-mandarian-orien...

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
March 3, 2015 Toys "R" Us
Wayne, New Jersey
BSR HACK

Unknown

Toys "R" Us contacted customers that their passwords to their reward program account would be reset in order to avoid an unauthorized attempts to their rewards program account.

The company communicated that those notified did not necessarily have their accounts accessed, however, the risk was higher due to the discovery by the company of "recycled login details used by some of its customers." 

Between January 28th and January 30th, 2015, the company discovered a number of "illegal login attempts made to its Rewards "R" Us accounts." The current announcement is an additional security measure so that other customer accounts cannot be accessed in a similar way.  "Out of an abundance of caution, we are therefore treating your account password as compromised and taking appropriate steps to address the situation," in a letter sent by the company to its customers.

More Information: http://www.welivesecurity.com/2015/03/03/toys-r-us-resets-account-passwo...

 
Information Source:
Media
records from this breach used in our total: 0
March 3, 2015 Pioneer Bank
New York, New York
BSF PORT

Unknown

New York based Pioneer Bank notified customers of a data breach when an employee laptop was stolen on January 26th, compromising their personal information.

The information compromised the names, addresses, Social Security numbers, and account and debit card numbers.

More Information: http://www.scmagazine.com/laptop-stolen-from-employee-contained-data-on-...

 
Information Source:
Media
records from this breach used in our total: 0
March 2, 2015 Natural Grocers
Lakewood, Colorado
BSR HACK

Unknown

Natural Grocers announced a possible datal breach of its customers payment cards.

The grocery retailer claims they have not received any reports or complaints of fraudulent activity of customers payment cards, however, according to Krebs on Security "Sources in the financial industry tell KrebsOnSecurity they have traced a pattern of fraud on customer credit and debit cards suggesting that hackers have tapped into cash registers at Natural Grocers locations across the country.  The grocery chain says it is investigating "a potential data security incident invloving an unauthroized intrusion targeting limited customer payment card data.""

The grocery retailer has 93 stores in 15 states and has hired a third party vendor that specializes in data forensics to investigate the possible breach. The company claims that "no personally identifiable information, such as names, addresses or Social Security numbers, was involved, as the company does not collect that data as part of its payment processing system."

Again, as stated by KrebsOnSecurity, "According to a source with inside knowledge of the breach, the attackers broke injust before Christmas 2014, by attacking weaknesses in the company's database servers. From there, the attackers moved laterally with Natural Grocers internal network, eventually planting card-snooping malware on point-of-sale systems."

More Information: https://krebsonsecurity.com/2015/03/natural-grocers-investigating-card-b...

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
March 2, 2015 Piedmont Advantage Credit Union
Greensboro, North Carolina
BSF PORT

Unknown

Piedmont Advantage Credit Union notified customers of a data breach when one of their laptops containing personal information of its members could not be located. The information contained names, addresses, dates of birth, member account numbers, and Social Security numbers. According to the credit union the laptop included password protected authentication.

More Information: http://www.scmagazine.com/north-carolina-credit-union-notification-says-...

 

 
Information Source:
Media
records from this breach used in our total: 0
February 27, 2015 Bulk Reef Supply
Golden Valley, Minnesota
BSO HACK

Unknown

Bulk Reef Supply notified customers of a data breach when their online website was compromised. The customer information compromised included names, addresses, phone numbers, email addresses, usernames, passwords, and credit card information.

The company is asking customers to change their passwords. The company is offering one year free of credit monitoring and identity theft services.

More Information: http://www.scmagazine.com/bulk-reef-supply-website-compromised-credit-ca...

 
Information Source:
Media
records from this breach used in our total: 0
February 27, 2015 Uber Technologies Inc.
San Francisco, California
BSO HACK

50,000

Uber notified 50,000 drivers of an unauthorized access to their database which resulted in compromising driver data. The hacking took place in May of 2014. According to the company only names and driver's license numbers were compromised.

The company is offering identity protection services for affected drivers.

More Information: http://www.bloomberg.com/news/articles/2015-02-27/uber-discloses-databas...

 
Information Source:
Media
records from this breach used in our total: 50,000
February 25, 2015 Lime Crime
New York, New York
BSO HACK

Unknown

Lime Crime, an online cosmetics company notified customers of an unauthorized access to their website server which resulted in malware being installed. This malware allowed customer data to be captured, including credit card payment information.

The information compromised included names, addresses, card account numbers, expiration dates, security codes and Lime Crime website usernames and passwords. The malware affected customers who purchased items on the website from October 4, 2014 through February 15, 2015. For those customers that used PayPal to purchase items, their Lime Crime website usernames and passwords may have also been compromised.

More Information: http://www.scmagazine.com/malware-on-lime-crime-website-payment-cards-co...

 
Information Source:
Media
records from this breach used in our total: 0
February 24, 2015 Cathrine Steinborn, Dentist
Santa Clara, California
MED PORT

Unknown

The office of Cathrine Steinborn, DDS was broken into and a server containing patient and other personal information in it. The information compromised included names, addresses, dates of birth, telephone numbers, Social Security numbers, dental and/or medical insurance information, health information, treatment information, and billing information.

More Information: http://www.scmagazine.com/california-dentist-announces-theft-of-server-c...

 
Information Source:
Media
records from this breach used in our total: 0
Breach Total
845,478,057 RECORDS BREACHED
(Please see explanation about this total.)
from 4,557 DATA BREACHES made public since 2005

Pages

Showing 1-50 of 4557 results