Data Breaches

Breach Subtotal

Breach Type: CARD, HACK, INSD, PHYS, PORT, STAT, DISC, UNKN
Organization Type: BSF, BSO, BSR, EDU, GOV, MED, NGO
Year(s) of Breach: 2017
Company or Organization: all
Date Made Public:
May 4, 2018
Company: PAR Electrical Contractors, Inc.
Location: Kansas City, Missouri
Type of breach:
PHYS
Type of organization:
BSO
Records Breached:
25,000

According to a breach notification form and letter sent to the Indiana Office of Attorney General, PAR Electrical Contractors, Inc. experienced a data breach that resulted in the exposure of "~25,000" persons. According to the accompanying notification letter, "On or about December 22, 2017, a thief stole a container holding daily backup tapes that, as part of PAR's regular practices, had been taken off-site. . . The backup tapes included data from PAR's employment records for present and former employees.We believe the data included your name, contact information, Social Security number, date of birth, and payroll dataincluding bank account number if used for direct deposit). In addition, the tapes may have included your driver'slicense or passport number (if submitted as part of the new hire process)."

Information Source:
Security Breach Letter
Date Made Public:
April 20, 2018
Company: Orbitz
Location:
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
0

Between Oct. 1, 201 and Dec. 22, 2017, Orbitz determined that an unauthorized third party may have accessed personal information stored on a third party business partner platform. Information affected including name, payment card number and expiration date, phone number, email address and physical and/or billing address. Certain hotel reservations made through Southwest.com, whih was powere dby orbitz, may have been affected.

 

Information Source:
Security Breach Letter
Date Made Public:
April 20, 2018
Company: W. W. Grainger, Inc.
Location: , California
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
0

On April 10, 2018, Grainger as notified by [24]7.ai that [24]7.ai was involved in a cyber incident, during which time, credit card information of those conducting business with certain [24]7.ai clients, including Grainger, may have been accessed. Customers who used guest check out and manually entered credit card information on Grainger.com or its app were potentially affected. Information includes credit card numbers, security codes, card expiration dates, names and addresses.

Information Source:
Security Breach Letter
Date Made Public:
April 19, 2018
Company: Blue Shield of California
Location: , California
Type of breach:
DISC
Type of organization:
MED
Records Breached:
0

 Blue Shield of California admitted to a PHI data breach involving an insurance broker who was not authorized to receive patient information, according to a breach notification submitted to the California Attorney General’s Office. 

The Blue Shield of California Privacy Office received confirmation on March 23, 2018 that a breach had occurred in November 2017 during the 2018 Medicare Annual Enrolment Period when a Blue Shield employee emailed a document containing PHI to an insurance broker “in violation of Blue Shield policies.”

The PHI included names, home addresses, mailing addresses, Blue Shield subscriber identification numbers, telephone numbers, and subscribers’ Blue Shield Medicare Advantage plan numbers.

Blue Shield of California said that it believes the insurance broker may have contacted some of the individuals identified in the document to sell a Medicare Advantage Plan offered by another health insurance company.

The health insurer said that individuals affected by the disclosure are eligible for free identity repair and credit monitoring services.

Information Source:
Security Breach Letter
Date Made Public:
April 6, 2018
Company: Sears
Location: , Illinois
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
90,000

Department store chain Sears Holding Corp (SHLD.O) and Delta Air Lines Inc (DAL.N) said on Wednesday some of their customer payment information may have been exposed in a cyber security breach at software service provider [ 24]7.ai.

Department store chain Sears Holding Corp (SHLD.O) and Delta Air Lines Inc (DAL.N) said on Wednesday some of their customer payment information may have been exposed in a cyber security breach at software service provider [ 24]7.ai.
A Delta Air Lines flight is pushed put of its gate at the airport in Salt Lake City, Utah, U.S., January 12, 2018. REUTERS/Mike Blake

Sears said it was notified of the incident in mid-March and the incident led to unauthorized access to the credit card information of under 100,000 of its customers.

Technology firm [ 24]7.ai, which provides online support services for Delta, Sears and Kmart among other companies, found that a cyber security incident affected online customer payment information of its clients, it said.

The incident happened on or after Sept. 26, 2017 last year and was found and resolved on Oct. 12, the company said.

Information Source:
Media
Date Made Public:
April 6, 2018
Company: [24]7.ai.
Location: San Jose, California
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
150,000

A payment card breach suffered by [24]7.ai. between September 26 and October 12, 2017, is impacting major firm, including Best Buy, After Delta Air Lines and Sears Holdings.

The intrusion occurred between September 26 and October 12, 2017.

“We understand malware present in [24]7.ai’s software between Sept. 26 and Oct. 12, 2017, made unauthorized access possible for the following fields of information when manually completing a payment card purchase on any page of the delta.com desktop platform during the same timeframe: name, address, payment card number, CVV number, and expiration date.” reads the advisory published by Delta Airline.

“No other customer personal information, such as passport, government ID, security or SkyMiles information was impacted.”

Information Source:
Media
Date Made Public:
April 6, 2018
Company: Best Buy
Location:
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
1

After Delta Air Lines and Sears Holdings, Best Buy has also come forward to warn customers that their payment card information may have been compromised as a result of a breach suffered by online services provider [24]7.ai.

Similar to Delta and Sears, Best Buy contracted [24]7.ai for online chat/support services. The retailer says it will contact impacted customers and provide free credit monitoring if needed.

Best Buy has not specified exactly how many of its customers are impacted, but noted that “only a small fraction of our overall online customer population could have been caught up in this [24]7.ai incident, whether or not they used the chat function.”

Information Source:
Media
Date Made Public:
March 30, 2018
Company: Santa Cruz Biotechnology, Inc.
Location: , California
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
0

On Monday, December 18, 2017, Santa Cruz Biotechnology, Inc. discovered a burglary had occurred in the Santa Cruz office on or around December 17, 2017. As a result of an investigation, they determined that two computers were stolen, both of which were used for HR functions, one of which contained information on consumers, including their full name, postal address, date of birth, social security number, and medical and health insurance information.

Information Source:
Security Breach Letter
Date Made Public:
March 15, 2018
Company: BJC Healthcare
Location: St. Louis, Missouri
Type of breach:
DISC
Type of organization:
MED
Records Breached:
33,000

BJC HealthCare said a data storage error potentially compromised 33,420 patient records when the information was accidentally made publicly available for nine months.

BJC, based in St. Louis, said in a statement that a misconfigured server was left without a security protocol in place making it possible for someone to view scanned documents containing patient's driver's licenses, insurance cards and treatment-related documents from 2003 to 2009. Other patient data that was possibly left visible included name, address, telephone number, date of birth, Social Security number, driver's license number, insurance information and treatment-related inform. The server itself was left unsecure from May 9, 2017 through January 23, 2018.

Information Source:
Media
Date Made Public:
February 27, 2018
Company: University of Virginia Health System
Location: , Virginia
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,882

"A laptop computer and other computing devices of a physician affiliated with the University of Virginia Health System allowed an unauthorized individual to see medical information that the physician was viewing on his devices.

The unauthorized access continued for about 18 months, and now, 1,882 patients are being notified and encouraged to review healthcare statements and call their insurer if there are charges for services they did not receive. . .

On December 23, 2017, the health system determined that the unauthorized third-party may have been able to view patient information from May 3, 2015 to December 27, 2016.

Compromised protected health information included patient names, diagnoses, treatments, addresses and dates of birth. Social Security numbers and financial information were not accessed."

 

Information Source:
Media
Date Made Public:
February 26, 2018
Company: Massachusetts Department of Revenue
Location: , Massachusetts
Type of breach:
UNKN
Type of organization:
GOV
Records Breached:
39,000

Officials with Massachusetts' tax collection agency suffered a data breach affecting 39,000 business taxpayers. The breach lasted from early August through Jan. 23, 2017, and allowed companies to view other business's names, tax identification numbers, amount and date of tax payments, number of employees and banking information about their payroll processor. Only one social security number was exposed.

Information Source:
Media
Date Made Public:
February 26, 2018
Company: Southern National Bancorp of Virginia, Inc. d/b/a/ Sonabank
Location: Glen Allen, Virginia
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
24,999

Southern National Bancorp of Virginia suffered a breach affecting 24,999 records, including social security numbers, driver's license number or non-driver identification card numbers, as well as financial account numbers or credit card numbers, in combination with the security code, access code, password or PIN for the account. 

Information Source:
Security Breach Letter
Date Made Public:
February 19, 2018
Company: FedEx
Location: , Tennessee
Type of breach:
DISC
Type of organization:
BSR
Records Breached:
119,000

Personal information of thousands of FedEx customers worldwide was exposed on the web due to an Amazon Web Services (AWS) cloud storage server which was not secured with a password. Security researchers from Kromtech Security found the open AWS bucket which contained 119,000 scanned documents, including passports, drivers’ licenses and Applications for Delivery of Mail Through Agent forms, which contain names, home addresses, phone numbers and ZIP codes. 

 

Information Source:
Media
Date Made Public:
February 16, 2018
Company: Jemison Internal Medicine, PC
Location: Jemison, Alabama
Type of breach:
HACK
Type of organization:
MED
Records Breached:
6,550

Recently, Jemison's computer system was infected by a ransomware virus that encrypted its electronic medical records system containing its patient's medical records. The ransomware demanded monetary payment from JIM in order to decrypt the files and allow the practice to regain access to them. JIM did not pay the ransom to the cyber criminals, but was instead able to restore its files and the functionality of its system through backup records. Subsequent scans of JIM's system show no further sign of the ransomware, and its investigation does not show any indication that the ransomware exfiltrated any data off its system. However, through its investigation of the incident, JIM discovered that its computer system previously had been accessed without its knowledge by unauthorized individuals not affiliated with JIM between September and December 2017. JIM is not able to confirm which, if any, files or patient information were accessed by these unauthorized individuals, but it is possible that they could have accessed JIM's electronic medical records system containing patient names, addresses, telephone numbers, Social Security numbers, dates of birth, driver's license numbers, treatment or procedure information, prescription information, and/or healthcare insurance information. Although JIM is unable to confirm that any personally identifying information or patient health information was accessed by unauthorized individuals, out of an abundance of caution and because of its commitment to data security and privacy, JIM is notifying all of its patients about the incident in compliance with the Health Insurance Portability and Accountability Act (HIPAA).

Information Source:
Security Breach Letter
Date Made Public:
February 15, 2018
Company: Hobe & Lucas Certified Public Accountants, Inc.
Location: Independence, Ohio
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
91

On November 17, 2017, Hobe & Lucas discovered that an unknown individual gained access to an employee's email account. Hobe & Lucas quickly responded by taking action to prevent any further access, and immediately conducted an investigation to determine what information was potentially accessible during the intrusion. It is possible that potentially accessible email correspondence contained clients' personal information, including their name, address and Social Security number.

Information Source:
Security Breach Letter
Date Made Public:
February 14, 2018
Company: Flexible Benefit Service Corporation
Location: Chicago, Illinois
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
19,438

Flexible Benefit Service Corporation suffered a breach which affected 19438 records, including Medical Information and SSN.

Information Source:
Security Breach Letter
Date Made Public:
February 14, 2018
Company: Advanced Technology International, Inc.
Location: Summerville, South Carolina
Type of breach:
DISC
Type of organization:
BSR
Records Breached:
67

On January 25, 2018, ATI began the process of mailing out Form 1099s to individuals and companies for the 2017 tax year. However, during the mailing process, an error occurred whereby approximately sixty-seven (67) recipients received their Form 1099 and the Form 1099 belonging to an unrelated individual or entity. On or around January 30, 2018, ATI discovered the error. ATI immediately commenced an investigation and confirmed the incident was the result of human error. ATI took steps to address the error to reduce the likelihood of a similar incident occurring in the future.

Information Source:
Security Breach Letter
Date Made Public:
February 14, 2018
Company: AHM, Inc. on behalf of the Staybridge Suites Lexington & Holiday Inn Express New Buffalo
Location: Cheboygan, Michigan
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
244

AHM, Inc. on behalf of the Staybridge Suites Lexington & Holiday Inn Express New Buffalo suffered a breach that affected 344 records, which included Account # and CC/DC account information.

Information Source:
Security Breach Letter
Date Made Public:
February 13, 2018
Company: Pension Fund of the Christian Church
Location: Indianapolis, Indiana
Type of breach:
PHYS
Type of organization:
NGO
Records Breached:
10,981

On Dec. 16, 2017, Pension Fund learned that a password protected employee laptop had been stolen that contained personal information for 10981 records, including SS numbers, as well as credit card or financial account information. 

Information Source:
Security Breach Letter
Date Made Public:
February 13, 2018
Company: Mindlance, Inc.
Location: Union, New Jersey
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
3,085

On 12/28/2017, Mindlance, Inc. suffered a system breach (hack) that affected 3085 records, including SS numbers and names. 

Information Source:
Security Breach Letter
Date Made Public:
February 9, 2018
Company: Inspire Homes Loans, Inc.
Location: Irvine, California
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
2,414

On December 14, 2017, our client, Inspire Home Loans Inc. (“Inspire”), learned that a small number of customers had received fraudulent emails that appeared to come from email addresses associated with Inspire and their affiliated entities. Inspire immediately commenced an investigation, reset all email account passwords, and engaged a professional forensic security firm to determine whether employee email accounts had been accessed without authorization. Inspire has determined that messages in the employee's email account may have contained personal information for North Carolina residents, including their name, address, and Social Security number. Even though its investigation is still on-going, Inspire will begin notifying seventeen (17) North Carolina residents by U.S. Mail in accordance with North Carolina law in substantially the same form as the document enclosed herewith. Inspire is also offering the affected individuals a complimentary one year membership in credit monitoring and identity theft protection services through Experian and has provided a dedicated phone number to answer any questions that individuals may have regarding the incident.

Information Source:
Security Breach Letter
Date Made Public:
February 9, 2018
Company: Driscoll's, Inc.
Location: Watsonville, California
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
1,530

Driscoll's Inc., suffered a data breach that affected 1530 records, including SSN data. 

Information Source:
Security Breach Letter
Date Made Public:
February 9, 2018
Company: Connecticut Airport Authority
Location: Windsor Locks, Connecticut
Type of breach:
HACK
Type of organization:
GOV
Records Breached:
144

Connecticut Airport Authority suffered a data breach of 144 records which included Driver's Licenses.

Information Source:
Security Breach Letter
Date Made Public:
February 8, 2018
Company: Riverside Unified School District
Location: , California
Type of breach:
DISC
Type of organization:
EDU
Records Breached:
1

On December 5, 2017, a San Diego County office of Education employee inadvertently sent an employee retirement contribution spreadsheet to San Diego County Office of Education's retirement contribution contacts at forty-four (44) school districts throughout Southern California. The impact likely affected 1 Idaho resident.

Information Source:
Security Breach Letter
Date Made Public:
February 8, 2018
Company: TrueNet Communications
Location: Jacksonville, Florida
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
161

TrueNet Communications discovered on December 19, 2017 that an unauthorized third party gained access to a TrueNet employee's email credentials and redirected certain emails, which allowed the authorized third party to access the emails. They determined on January 15, 2018 that certain of these emails contained employee and contractor information.

Information Source:
Security Breach Letter
Date Made Public:
February 7, 2018
Company: Nevro
Location: , California
Type of breach:
HACK
Type of organization:
MED
Records Breached:
500

 Nevro was recently the victim of a criminal break-in at our corporate headquarters in which several laptop computers were stolen. Nearby businesses were also targeted by the same perpetrators, who stole laptops from those businesses as well. Nevro has been unable to recover the stolen laptops on which limited information relating to you has been stored. Nevro has no indication that these laptops were stolen in order to acquire the data on them, nor any indication that the data on the laptops has been accessed or used in any way. All the stolen Nevro laptops were password-protected, although not all were encrypted. Because limited information about individual customer treatment relationships with Nevro was stored on one or more of the stolen laptops, and applicable state law considers this type of information sufficient to warrant a notification, we are reaching out to advise customers of these equipment thefts.

What Information Was Involved? Limited categories of information about certain patients who use Nevro’s HF10 therapy were contained in files stored on one or more of the unencrypted laptops. The categories of information varied by file or patient, but the data fields were limited to patient name, street address, birth date, procedure date, medical device identifiers (such as serial number), and contact information for the patient’s physician or other medical provider. Nevro does not possess, and none of these laptops contained, sensitive identifying information such as Social Security or other government-issued identification numbers or credit card or financial institution information. None of these laptops contained treatment or medical information other than the information directly related to the fact of the use of the device.

Information Source:
Security Breach Letter
Date Made Public:
February 7, 2018
Company: XOS Technologies d/b/a XOS Digital, Inc.
Location: Wilmington, Massachusetts
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
10

In 2017 XOS Technologies d/b/a XOS Digital, Inc. suffered a data breach affecting 10 records incl. account user names and passwords

Information Source:
Security Breach Letter
Date Made Public:
February 5, 2018
Company: 1st Mariner Bank
Location: Baltimore, Maryland
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
1,500

1st Mariner Bank experienced a phishing attack that resulted in the exposure of the records of 1500 persons. Information exposed included Social Security Numbers, as well as names in combination with credit card or financial account information.

Information Source:
Security Breach Letter
Date Made Public:
February 5, 2018
Company: Charles Komar & Sons, Inc.
Location: Jersey City, New Jersey
Type of breach:
UNKN
Type of organization:
BSO
Records Breached:
99
Information Source:
Security Breach Letter
Date Made Public:
February 2, 2018
Company: Ron's Pharmacy Services
Location: San Diego, California
Type of breach:
HACK
Type of organization:
MED
Records Breached:
500

On October 3, 2017, Ron’s Pharmacy identified unusual activity in an employee email account. Ron’s Pharmacy immediately changed the employee’s credentials and commenced an investigation, with the assistance of third-party forensic investigators, to determine what happened. As part of this investigation, determined that the employee’s email account was subject to unauthorized access and certain emails were viewed as a result of the unauthorized individual(s) using software to crack the employee’s email account password. On December 21, 2017, as part of Ron’s Pharmacy’s ongoing investigation, it was determined that the following information relating was accessed:  names,  internal account numbers at Ron’s Pharmacy, prescription medication information, and payment adjustment information, which relates to credits made to accounts. Importantly, no Social Security, health insurance, or financial account information was accessed.

Information Source:
Date Made Public:
February 2, 2018
Company: Advanced-Online
Location: , California
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
500

Advanced-Online learned on January 3, 2018 that certain personal information housed on the company’s online platform may have been subject to unauthorized access. The date range for the incident appears to be April 29, 2017 until January 12, 2018. Upon becoming aware of the potential unauthorized access, Advanced-Online promptly engaged a nationally recognized cybersecurity and forensics firm to assess and address the situation.

WHAT INFORMATION WAS INVOLVED? Advanced-Online and our cybersecurity and forensics firm believe that the following categories of information may have been compromised: name, address, username/email address, password, and payment card information (account number, expiration date, CVV number).

Information Source:
Date Made Public:
February 2, 2018
Company: Advanced Graphic Products, Inc. /dba/ "Advanced-Online"
Location: Coppell, Texas
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
22,182

"Advanced-Online", or Advanced graphic Products, Inc., experienced a data breach exposing 22,182 records. According to the breach notification form sent to the Indiana Office of Attorney General, "Advanced-Online learned on January 3, 2018 that certain personal information housed on the company's online platform  may have been subject to unauthorized access. The date range for the incident appears to be April 29, 2017until January 12, 2018."

Information Source:
Security Breach Letter
Date Made Public:
February 1, 2018
Company: Department of Homeland Security
Location: , District Of Columbia
Type of breach:
HACK
Type of organization:
GOV
Records Breached:
246,167

A data breach at the Department of Homeland Security has exposed the personal information of more than 240,000 current and former DHS employees, such as their social security numbers, dates of birth, positions, grades, and duty stations, the agency saidOn January 3, 2018, select DHS employees received notification letters that they may have been impacted by a privacy incident related to the DHS Office of Inspector General (OIG) Case Management System.  The privacy incident did not stem from a cyber-attack by external actors, and the evidence indicates that affected individual’s personal information was not the primary target of the unauthorized unauthorized transfer of data.

What we know: The department said the breach was not carried out as part of a "cyber-attack by external actors." Instead, the data was discovered in the possession of a former employee of the agency's Office of Inspector General during an ongoing criminal investigation last May

Go deeper with the department's full memo.

 

Information Source:
Government Agency
Date Made Public:
February 1, 2018
Company: Ventiv Technology, Inc.
Location: Atlanta, Georgia
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
239

Ventiv Technology, Inc. experienced a phishing attack and exposed the records of 239 individuals. The breach occurred from 10/14/17 until 12/5/17, was discovered on 1/5/18 and Ventiv began notifying consumers on 2/1/2018. Information that was exposed included Social Security numbers.

Information Source:
Security Breach Letter
Date Made Public:
January 29, 2018
Company: Nevro
Location: Dublin, Ohio
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
1

What Happened? Nevro was recently the victim of a criminal break-in at our corporate headquarters in which several laptop computers were stolen. Nearby businesses were also targeted by the same perpetrators, who stole laptops from those businesses as well. Nevro has been unable to recover the stolen laptops on which limited information relating to you has been stored.

We have no indication that these laptops were stolen in order to acquire the data on them, nor any indication that the data on the laptops has been accessed or used in any way. All the stolen Nevro laptops were password-protected, although not all were encrypted. Because limited information about your treatment relationship with Nevro was stored on one or more of the stolen laptops, and applicable state law considers this type of information sufficient to warrant a notification, we are reaching out to advise you of these equipment thefts.

 

What Information Was Involved? Limited categories of information about certain patients who use Nevro’s HF10 therapy were contained in files stored on one or more of the unencrypted laptops. The categories of information varied by file or patient, but the data fields were limited to patient name, street address, birth date, procedure date, medical device identifiers (such as serial number), and contact information for the patient’s physician or other medical provider.

Nevro does not possess, and none of these laptops contained, sensitive identifying information such as Social Security or other government-issued identification numbers or credit card or financial institution information. None of these laptops contained treatment or medical information other than the information directly related to the fact of the use of the device

Information Source:
Security Breach Letter
Date Made Public:
January 26, 2018
Company: Jeffrey Born, CPA, Inc.
Location: Portland, Oregon
Type of breach:
PHYS
Type of organization:
BSF
Records Breached:
250

Office was physically broken into and that two password protected laptops were stolen. The Sacramento County Sheriff’s Department was immediately called and promptly arrived at the office, investigating the matter.

 What Information Was Involved? This may have included : full name, birthdate, telephone number, address, Social Security number, all employment (W-2) and self-employment information, 1099 information (including account number if provided to my office), entity identification and income earned/amounts received from participation in S-Corp/partnership/LLC/trust, Affordable Care Act insurance data (your medical insurance policy number if you provided us with a Form 1095-A), and direct deposit bank account information (including account number and routing information if provided to my office).

Information Source:
Security Breach Letter
Date Made Public:
January 26, 2018
Company: Goldleaf Partners Services, Inc.
Location: Bloomington, Minnesota
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
6,020

On 10/31/2017 Goldleaf Partners Services, Inc. suffered a hack that affected 6020 records, including Social Security numbers as well as names and credit card or financial account information.

Information Source:
Security Breach Letter
Date Made Public:
January 26, 2018
Company: Member First Mortgage, LLC
Location: Grand Rapids, Michigan
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
36,840

On 11/25/2017 Member First Mortgage, LLC, experienced an unauthorized access to their internal systems exposing 36840 records, including Social Security numbers as well as names and credit card or financial account information. 

Information Source:
Security Breach Letter
Date Made Public:
January 26, 2018
Company: Pentair Aquatic Eco Systems, Inc.
Location: Apopka, Florida
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
239

Pentair Aquatic Eco Systems, Inc., suffered a hack on 12/19/2017 that resulted in the exposure of 239 records, which included names, credit card or financial account information and debit card numbers.

Information Source:
Security Breach Letter
Date Made Public:
January 25, 2018
Company: The National Registry of Emergency Medical Technicians
Location: Columbus, Ohio
Type of breach:
HACK
Type of organization:
MED
Records Breached:
843

On 11/17/2017 The National Registry of Emergency Medical Technicians suffered a hack affecting 843 records, including first and last names, address information ,and Social Security numbers. 

Information Source:
Security Breach Letter
CSV