Data Breaches

Breach Subtotal

Breach Type: CARD, HACK, INSD, PHYS, PORT, STAT, DISC, UNKN
Organization Type: BSF, BSO, BSR, EDU, GOV, MED, NGO, UNKN
Year(s) of Breach: 2018
Company or Organization: all
Date Made Public:
October 10, 2018
Company: Hormone Logics
Location: , Florida
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
3,000

Location of breached information: Desktop Computer, Email, Laptop, Network Server, Other Portable Electronic Device, Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 10, 2018
Company: The northwestern mutual life insurance company
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
2,604

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 9, 2018
Company: Roadrunner Transportation Systems, Inc.
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
October 9, 2018
Company: Minnesota Department of Human Services
Location: , Minnesota
Type of breach:
HACK
Type of organization:
MED
Records Breached:
20,800

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 9, 2018
Company: Givaudan flavors corporationand givaudan fragrances corporation
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
4,200

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 9, 2018
Company: Goody tickets
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
259

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 9, 2018
Company: Indiana university
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
22

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 8, 2018
Company: Alphabet, Inc. - Google+
Location: , California
Type of breach:
DISC
Type of organization:
BSR
Records Breached:
500,000

According to a press release, Alphabet Inc. is shutting down the social network Google+ following discovery of a bug affecting the profiles of nearly 500,000 users.

Underlining this, as part of our Project Strobe audit, we discovered a bug in one of the Google+ People APIs:

  • Users can grant access to their Profile data, and the public Profile information of their friends, to Google+ apps, via the API.

  • The bug meant that apps also had access to Profile fields that were shared with the user, but not marked as public.  

  • This data is limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age. (See the full list on our developer site.) It does not include any other data you may have posted or connected to Google+ or any other service, like Google+ posts, messages, Google account data, phone numbers or G Suite content.

  • We discovered and immediately patched this bug in March 2018. We believe it occurred after launch as a result of the API’s interaction with a subsequent Google+ code change.

  • We made Google+ with privacy in mind and therefore keep this API’s log data for only two weeks. That means we cannot confirm which users were impacted by this bug. However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API.

  • We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.

Information Source:
Media
Date Made Public:
October 8, 2018
Company: Oklahoma Department of Human Services
Location: , Oklahoma
Type of breach:
HACK
Type of organization:
MED
Records Breached:
813

Location of breached information: Paper/Films

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
October 8, 2018
Company: Land o lakes inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
1

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 8, 2018
Company: Massachusetts mutual life insurance company
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
2

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 7, 2018
Company: Dr. Robert Carpenter
Location: , Texas
Type of breach:
HACK
Type of organization:
MED
Records Breached:
3,000

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 7, 2018
Company: Dr. Amy Woodruff
Location: , Texas
Type of breach:
HACK
Type of organization:
MED
Records Breached:
10,862

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 5, 2018
Company: North American Risk Services, Inc.
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
October 5, 2018
Company: Gold Coast Health Plan
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
October 5, 2018
Company: California state university east bay
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
9,941

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 5, 2018
Company: Northwest Surgical Specialists, P.C.
Location: , Washington
Type of breach:
HACK
Type of organization:
MED
Records Breached:
2,050

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 5, 2018
Company: Gold Coast Health Plan
Location: , California
Type of breach:
HACK
Type of organization:
MED
Records Breached:
37,005

Location of breached information: Email

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
October 5, 2018
Company: National Ambulatory Hernia Institute
Location: , California
Type of breach:
HACK
Type of organization:
MED
Records Breached:
15,974

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 5, 2018
Company: University Of Missouri Health
Location: , Missouri
Type of breach:
DISC
Type of organization:
MED
Records Breached:
706

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 5, 2018
Company: Health First, Inc
Location: , Florida
Type of breach:
HACK
Type of organization:
MED
Records Breached:
42,000

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 5, 2018
Company: Five below inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
3,234

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 5, 2018
Company: Florida farm bureau casualty insurance company
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
4,000

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 5, 2018
Company: Logansport memorial hospital
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
1

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 5, 2018
Company: Northwest surgical specialists p cdba rebound orthopedics neurosurgery
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
2,245

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 4, 2018
Company: Kennedy High School
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
October 4, 2018
Company: Leaf filter north llc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
2,310

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 3, 2018
Company: Tillamook Chiropractic, PC
Location: , Oregon
Type of breach:
HACK
Type of organization:
MED
Records Breached:
4,058

Location of breached information: Desktop Computer, Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 3, 2018
Company: Shoe station inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
216

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 2, 2018
Company: Another Planet Entertainment
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
October 2, 2018
Company: New Mexico Retiree Health Care Authority
Location: , New Mexico
Type of breach:
DISC
Type of organization:
MED
Records Breached:
586

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 2, 2018
Company: New penn financial llcdba shellpoint mortgage servicing
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
157

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 1, 2018
Company: Chegg
Location: Santa Clara, California
Type of breach:
HACK
Type of organization:
EDU
Records Breached:
40,000,000

According to a filing the company left with the SEC, Chegg, a technology giant specializing in textbook rental, has confirmed a data breach affecting some 40 million customers. Data exposed included usernames, email addresses, shipping addresses and hashed passwords. The company does not believe that financial data was taken.

Information Source:
Government Agency
Date Made Public:
October 1, 2018
Company: Rite Aid Corporation
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
October 1, 2018
Company: Data intensity
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
266

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 1, 2018
Company: FSSA on behalf of Phoenix Data Corporation
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
2

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 1, 2018
Company: Snider fleet solutions
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
2,566

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 1, 2018
Company: Toyota industries north america inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
19,320

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
September 28, 2018
Company: Facebook, Inc.
Location: , California
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
50,000,000

According to the New York Times, Facebook suffered an "attack" on their system that led to the exposure of information of 50,000,000 users. "The company discovered the breach earlier this week, finding that attackers had exploited a feature in Facebook’s code that allowed them to take over user accounts. Facebook fixed the vulnerability and notified law enforcement officials.

More than 90 million of Facebook’s users were forced to log out of their accounts Friday morning, a common safety measure for compromised accounts.

Facebook said it did not know the origin or identity of the attackers, nor had it fully assessed the scope of the attack. The company is in the beginning stages of its investigation."

 

 

Information Source:
Media
Date Made Public:
September 28, 2018
Company: Reichert Prosthetics & Orthotics, LLC
Location: , Wisconsin
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
3,380

Location of breached information: Other Portable Electronic Device

Business associate present: Yes

Information Source:
US Department of Health and Human Services
CSV