Data Breaches

Breach Subtotal

Breach Type: CARD, HACK, INSD, PHYS, PORT, STAT, DISC, UNKN
Organization Type: BSF, BSO, BSR, EDU, GOV, MED, NGO, UNKN
Year(s) of Breach: 2018
Company or Organization: all
Date Made Public:
September 28, 2018
Company: Toyota Industries North America, Inc. as plan sponsor to the Toyota Industries North America, Inc. Welfare Benefit Plan
Location: , Indiana
Type of breach:
HACK
Type of organization:
MED
Records Breached:
19,320

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 28, 2018
Company: University of Michigan/Michigan Medicine
Location: , Michigan
Type of breach:
DISC
Type of organization:
MED
Records Breached:
3,624

Location of breached information: Paper/Films

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
September 26, 2018
Company: Chegg, Inc.
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
September 25, 2018
Company: Travis Credit Union
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
September 25, 2018
Company: J&J MEDICAL SERVICE NETWORK INC
Location: , Texas
Type of breach:
HACK
Type of organization:
MED
Records Breached:
2,500

Location of breached information: Network Server

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
September 25, 2018
Company: Ransom Memorial Hospital
Location: , Kansas
Type of breach:
HACK
Type of organization:
MED
Records Breached:
14,329

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 22, 2018
Company: Mark’s International Wines
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General’s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
September 22, 2018
Company: Mark?s International Wines
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
September 21, 2018
Company: YRC Worldwide Inc.
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
September 20, 2018
Company: Personal Assistance Services of Colorado, LLC
Location: , Colorado
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,839

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 20, 2018
Company: Blood Systems, Inc.
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
September 19, 2018
Company: SaverSpy
Location: , California
Type of breach:
DISC
Type of organization:
BSR
Records Breached:
11,000,000

According to reporting by Catalin Cimbanu for ZDNet, "On Monday, a security researcher specialized in finding exposed databases has identified an unsecured MongoDB server that was leaking the personal details of nearly 11 million users. The server appears to belong to an email marketing firm based in California.

The data, contained in a 43.5GB dataset, included full names, email addresses, gender information, and physical addresses such as state, city, and ZIP code for 10,999,535 users.

All email addresses contained in this database were Yahoo-based, suggesting this was only a small part of a larger dataset, most likely stored on multiple servers.

. . .

While initially it was not clear who was the owner of this database, one small suffix in several records --such as "Content-SaverSpy-09092018"-- suggested this data may belong to a company named SaverSpy.

Combining a simple Google search along with the nature of the user records found in the exposed database led both this reporter and Diachenko to believe the data belonged to SaverSpy.com, a daily deals website. The SaverSpy.com website claims to operate under the Coupons.com brand, but a Quotient spokesperson told ZDNet today that SaverSpy is only part of an affiliate program."

Information Source:
Media
Date Made Public:
September 19, 2018
Company: Pulse Systems, Inc.
Location: , Kansas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
722

Location of breached information: Paper/Films

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
September 18, 2018
Company: Southwest Oregon IPA
Location: , Oregon
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,449

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 18, 2018
Company: ELS Language Services, Inc.
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
September 18, 2018
Company: The University of Texas Health Science Center at Houston
Location: , Texas
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
500

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 17, 2018
Company: Independence Blue Cross, LLC
Location: , Pennsylvania
Type of breach:
DISC
Type of organization:
MED
Records Breached:
16,762

Location of breached information: Other

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
September 14, 2018
Company: Guardant Health, Inc.
Location: , California
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,112

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 13, 2018
Company: Blue Cross & Blue Shield of Rhode Island
Location: , Rhode Island
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,567

Location of breached information: Paper/Films

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
September 13, 2018
Company: Leominster Dermatology LLP
Location: , Massachusetts
Type of breach:
DISC
Type of organization:
MED
Records Breached:
500

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 12, 2018
Company: Total Diagnostix II, LLC
Location: , Texas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
855

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 11, 2018
Company: Peaceful Valley Farm & Garden Supply
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
September 10, 2018
Company: Simonian Sports Medicine Clinic, A Medical Corporation
Location: , California
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,541

Location of breached information: Network Server

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
September 10, 2018
Company: Surgerical Specialties of Arroyo Grande, LLC, dba Oak Park Surgery Center
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
September 7, 2018
Company: Ohio Living
Location: , Ohio
Type of breach:
HACK
Type of organization:
MED
Records Breached:
6,510

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 7, 2018
Company: TMC HealthCare
Location: , Arizona
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,776

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 7, 2018
Company: Rockdale Blackhawk, LLC d/b/a Little River Healthcare
Location: , Texas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,494

Location of breached information: Electronic Medical Record, Other

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 7, 2018
Company: Boston Health Care for the Homeless Program
Location: , Massachusetts
Type of breach:
DISC
Type of organization:
MED
Records Breached:
861

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 7, 2018
Company: Catholic Charities Neighborhood Services, Inc.
Location: , New York
Type of breach:
HACK
Type of organization:
MED
Records Breached:
565

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 7, 2018
Company: Mt. Diablo Unified School District
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
September 5, 2018
Company: Elkhart county prosecutor attorney office i v d child support
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
2

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
September 5, 2018
Company: J.A. Stokes Ltd.
Location: , Nevada
Type of breach:
HACK
Type of organization:
MED
Records Breached:
3,200

Location of breached information: Desktop Computer, Electronic Medical Record, Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 4, 2018
Company: Franciscan health indianapolis
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
19

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
September 4, 2018
Company: Indiana bureauof motor vehicles
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
1

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
September 4, 2018
Company: Reddit, Inc.
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
September 4, 2018
Company: Nebraska Department of Health and Human Services
Location: , Nebraska
Type of breach:
DISC
Type of organization:
MED
Records Breached:
516

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 1, 2018
Company: Reliable Respiratory
Location: , Massachusetts
Type of breach:
HACK
Type of organization:
MED
Records Breached:
21,311

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
August 31, 2018
Company: Carpenters Benefit Funds of Philadelphia
Location: , Pennsylvania
Type of breach:
HACK
Type of organization:
MED
Records Breached:
20,015

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
August 31, 2018
Company: Hopebridge
Location: , Indiana
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,411

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
August 31, 2018
Company: United Methodist Homes
Location: , New York
Type of breach:
DISC
Type of organization:
MED
Records Breached:
843

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
CSV