Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: NGO
Year(s) of Breach: all
Company or Organization: all
Date Made Public:
February 13, 2018
Company: Pension Fund of the Christian Church
Location: Indianapolis, Indiana
Type of breach:
PHYS
Type of organization:
NGO
Records Breached:
10,981

On Dec. 16, 2017, Pension Fund learned that a password protected employee laptop had been stolen that contained personal information for 10981 records, including SS numbers, as well as credit card or financial account information. 

Information Source:
Security Breach Letter
Date Made Public:
January 19, 2018
Company: Westminster Ingleside King Farm Presbyterian Retirement Communities, Inc.
Location: Rockville, Maryland
Type of breach:
HACK
Type of organization:
NGO
Records Breached:
9,769

On 16/21/2017 Westminster Ingleside suffered a hack that affected 9769 records, including SS numbers, names, and credit card or financial account information. 

Information Source:
Security Breach Letter
Date Made Public:
January 17, 2018
Company: Valley of the Sun YMCA
Location: Phoenix, Arizona
Type of breach:
HACK
Type of organization:
NGO
Records Breached:
2,649

On 9/21/2017 Valley of the Sun YMCA suffered a system breach (hack) that affected 2649 records, which included names as well as credit card or financial account information.

Information Source:
Security Breach Letter
Date Made Public:
December 28, 2017
Company: SAY San Diego
Location: San Diego, California
Type of breach:
DISC
Type of organization:
NGO
Records Breached:

 On October 27, 2017, SAY San Diego was notified by the County of San Diego Health & Human Services Agency (“HHSA”) that a citizen had returned some paper files to their office that were found in a filing cabinet purchased from a salvage store. The files were reviewed and assessed by our team on October 30, 2017 at which time we confirmed the documents in the files related to participants in SAY San Diego’s Dual Diagnosis youth program from January through June 2013. However, the files from March and April of 2013 were not returned, and have not been recovered to date. While we currently have no evidence that the information was subject to misuse, we have confirmed that the files contained the name, case number, dates and length of service, location of service, and provider name. The files did not contain any Social Security numbers, dates of birth, or Driver’s License numbers or financial account information.

Information Source:
California Attorney General
Date Made Public:
July 13, 2017
Company: Walk in the Word Ministries
Location: Elgin, Illinois
Type of breach:
HACK
Type of organization:
NGO
Records Breached:
0
"What happened and what information was involved:
 
On May 30, 2017, we were notified by our third-party e-commerce provider that an unknown individual may have accessed your credit card, debit card, or checking account information used to donate to WITW on our website. Because we take the security of your personal information very seriously, we are bringing this information to your attention as quickly as prudently possible, so you can take action along with us to hopefully eliminate any potential harm. When WITW became aware of the incident, we immediately took action to ensure the third-party vendor’s system was fixed and secure. At the same time we commenced an investigation to determine what information may have been accessed. We also have notified law enforcement and are cooperating with their investigation. We determined that the unknown individual may have accessed payment information, including name, address, telephone number, credit/debit card, or checking account information depending on the form of payment you used on our website.
 
What we are doing and what can you do:
 
Out of an abundance of caution, please consider reviewing your past and current card statements for unusual or suspicious activity and, if any is found, report it to your bank or credit card Company. Additional tips for protecting your information can be found on the reverse side of this letter.
 
We want to assure you that we have taken steps to prevent a similar event from occurring in the future and to protect the privacy and security of your information. We have worked with the third-party vendor to address the vulnerabilities in its payment processing system, moved our website to a separate server with increased security, and now have an additional layer of continuous security monitoring. All of the steps we have taken are to further enhance security in order to prevent a similar event from occurring in the future, thereby protecting the privacy and security of your information going forward."
Information Source:
Maryland Attorney General
Date Made Public:
July 12, 2017
Company: YMCA of San Diego
Location: San Diego, California
Type of breach:
DISC
Type of organization:
NGO
Records Breached:
0

"What Happened? 

On or about June 14, 2017, the YMCA became aware that an Excel spreadsheet containing personal information of certain YMCA employees was inadvertently sent over email to certain YMCA employees.  Upon learning of the event, the YMCA immediately launched an investigation to determine its nature and scope, including remediating the incident with the assistance of the YMCA IT department.   

What Information Was Involved? 

While our investigation is ongoing, we determined the  employee information contained in the Excel spreadsheet included: first and last name; Social Security number; address; date of birth; phone number; salary; former/maiden name; and disability code. This employee information was located in the second tab of a larger spreadsheet."

Information Source:
Maryland Attorney General
Date Made Public:
May 17, 2017
Company: UNM Foundation
Location: Albuquerque, New Mexico
Type of breach:
HACK
Type of organization:
NGO
Records Breached:
0

"What Happened?

In mid-April, 2017, we discovered that an unauthorized individual had gained access to our network through an account with our security services provider.  This unauthorized individual may have had access to certain systems that contained personal information of our donors.  While our investigation is ongoing, we are providing this notice out of an abundance of caution to alert you to the incident because information about you was available through the affected system.

What Information Was Involved?

Information that may have been available includes names, contact information, donation amount and the checking and routing information displayed on your donation checks. While this information should not typically be sufficient to grant access to your accounts with your financial institutions, we place a high priority on the confidentiality of our donor information, and wanted to alert you to this incident so that you may be vigilant against phishing attempts or other fraudulent requests, and monitor your accounts for any suspicious activity."

Information Source:
Maryland Attorney General
Date Made Public:
January 27, 2017
Company: International Code Council
Location: Brea, California
Type of breach:
HACK
Type of organization:
NGO
Records Breached:
0

"We are writing to inform you of an incident at International Code Council (“ICC”) that may have resulted in the disclosure of your name and payment card information. We take the security of your personal information very seriously, and sincerely apologize for any inconvenience this incident may cause. This letter contains information about steps you can take to protect yourself.

What happened and what information was involved: On December 16, 2016, we discovered an issue potentially impacting the processing of credit and debit card purchases made through our online store. We immediately took action to secure our system and conducted an investigation to determine what information may have been accessed. The independent forensics investigation, which took time, determined that customer payment card information, including name, address, and credit/debit card information may have been compromised between the dates April 25, 2016 – May 24, 2016, and July 11, 2016 - September 14, 2016. The security incident has been contained, and you may continue use your credit and debit cards securely."

Information Source:
California Attorney General
Date Made Public:
January 10, 2017
Company: Legal Aid Society of Orange County (LASOC)
Location: Santa Ana, California
Type of breach:
DISC
Type of organization:
NGO
Records Breached:
0

"LASOC developed the I-CAN! web application, which was previously used by individuals, as part of the IRS's Free File Program, to prepare and file tax forms at no cost to the filer.  On October 31, 2016, LASOC became aware that certain completed tax forms from the 2007 and 2008 tax years had become temporarily accessible to the general public through a directed search on certain internet search engines.  However, LASOC is unaware of any attempted or actual misuse of personal data contained within the tax forms that were temporarily accessible on the internet as a result of this incident.

What Information Was Involved? As part of the investigation into this incident, LASOC determined a tax form containing the following information about you, as provided by the filer, was temporarily accessible to the general public through a directed search search on certain internet search engines: name and Social Security number."

More information: https://oag.ca.gov/system/files/Legal%20Aid%20Orange%20County%20NOTICE_0...?

 

Information Source:
California Attorney General
Date Made Public:
October 5, 2016
Company: Public Health Institute
Location: Oakland, California
Type of breach:
DISC
Type of organization:
NGO
Records Breached:
0

"The California Environmental Health Tracking Program (CEHTP) of the Public Health Institute (PHI) became aware on August 4, 2016 that an electronic database containing email addresses and corresponding passwords for individual user accounts at one or more of the sites listed below was accessible on the internet without encryption or other security features for approximately 30 days."

The information compromised included email addresses and passwords.

More Information: https://oag.ca.gov/ecrime/databreach/reports/sb24-64216

 

Information Source:
California Attorney General
Date Made Public:
March 25, 2016
Company: AspiraNet
Location: Bakersfield, California
Type of breach:
HACK
Type of organization:
NGO
Records Breached:
0

AspiraNet notified individuals of a databreach when a spoofing email went out on March 21, 2016. The spoofing email that resulted in W-2 information being disclosed.

The information compromised included names, residential addresses, and Social Security numbers.

The company is providing ProtectMyID Elite for free for two years.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60715

Information Source:
California Attorney General
Date Made Public:
October 16, 2015
Company: Community Catalysts of California
Location: San Diego, California
Type of breach:
PORT
Type of organization:
NGO
Records Breached:
1,182

Community Catalysts of California notified customers of a data breach that may have compromised their information when a thumb drive was stolen from an employee's car. 

The information included names, addresses, diagnosis, dates of birth, ages, genders and telephone numbers.  They are claiming that no Social Security number, financial account numbers, medications or client identification numbers were compromised.

For those with questions call Alesia Forte at (888) 344-1237 Monday through Friday from 8:30 a.m. through 5:00 p.m, Pacific Time.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-58324

 

Information Source:
California Attorney General
Date Made Public:
August 12, 2015
Company: ICANN.org
Location:
Type of breach:
HACK
Type of organization:
NGO
Records Breached:
0

ICANN.org notified individuals of a data breach when they discovered unauthorized access to an external service provider. The non-profit believes that usernames/email addresses and encrypted passwords were compromised.

User profiles contain a users preference for the website, public bio, individual interests, subscription to newsletters and other information.

They are requiring that all members change their password to the site. The password change can be accessed via this link https://www.icann.org/users/password/new

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-57383

Information Source:
California Attorney General
Date Made Public:
October 2, 2014
Company: Community Technology Alliance
Location: San Jose, California
Type of breach:
PORT
Type of organization:
NGO
Records Breached:
0

Community Technology Alliance (CTA) is notifying individuals of a potential compromise of their personal information, when an employee's laptop was stolen on July 28, 2014.

CTA is a non-profit organization that administers the Bay Area Homeless Management Information Systems (HMIS) and helps hundreds of partner agencies. The information in HMIS can include names and Social Security Numbers, and various other pieces of personal information.

If services were being received from an HMIS Partner Agency in Santa Cruz California, those individuals are the ones at risk. The partner agencies include the following:

Community Action Board, Families in Transition, Homeless Services Center, Salvation Army of Watsonville, Pajaro Valley Shelter Services, Housing Authority of the County of Santa Cruz, Encompass, Front Street Housing, Inc., Mountain Community Resource Center, Catholic Charities, Veterans Resource Center, Santa Cruz County Office of Education, Santa Cruz County Health and Human Services Agency, Housing Services Center, Pajaro Rescue Mission, and New Life Community Services.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46834

Information Source:
California Attorney General
Date Made Public:
September 26, 2014
Company: BayBio
Location: San Francisco, California
Type of breach:
HACK
Type of organization:
NGO
Records Breached:
0

BayBio.org has notified individuals of a data breach to their online payment system. The non-profit organization has notified that the hacking to their payment system compromised credit card numbers in process.

The hacker inserted files that captured keystrokes of visitors to their site which included credit card numbers when individuals were either paying for a membership or an event being held by the non-profit. Payments are being taken by phone until the breach has been repaired.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-46727

 

Information Source:
California Attorney General
Date Made Public:
August 26, 2014
Company: Geekface LLC
Location: Pawcatuck, Connecticut
Type of breach:
HACK
Type of organization:
NGO
Records Breached:
0

Geekface LLC, which runs the online sites Hatchwise.com and eLogoContest.com notified customers of a data breach to their server that compromised personal information.

The information breached included names, addresses, birth dates, usernames, passwords, and Social Security numbers.

For those with questions or needing further assistance they can call 1-800-303-09111-800-303-0911 between 10:00 a.m and 5:00 p.m. EST Monday through Friday or visit hatchwise.com.

Information Source:
California Attorney General
Date Made Public:
July 16, 2014
Company: Central City Concern
Location: Portland, Oregon
Type of breach:
DISC
Type of organization:
NGO
Records Breached:
15

Central City Concern in Oregon suffered a data breach when an unauthorized access resulted in the breach of clients data.

"On April 2, 2014, a federal law enforcement official notified Central City Concern that a former Central City Concern employee has been accused of improperly copying information from approximately 15 Central City Concern clients from its Employment Access Center (EAC) program with the intent of processing fraudulent tax returns in their names".

The information breached included names, dates of birth, Social Security numbers, addresses, and health information of EAC clients.

Client inquiries regarding this incident may be directed to 866-778-1144866-778-1144, Monday through Friday from 6:00 AM to 6:00 PM Pacific Time. 

Information Source:
PHIPrivacy.net
Date Made Public:
April 11, 2014
Company: Veterans Of Foreign Wars Of The United States
Location: Kansas City, Missouri
Type of breach:
HACK
Type of organization:
NGO
Records Breached:
55,000

The office of The Veterans Of Foreign Wars Of The United States notified members that an unauthorized party accessed VFW's webserver through the use of a trojan and malicious code. The hacker, thought to be in China, was able to download tables containing the names, addresses, Social Security numbers of approximately 55,000 VFW members.

The motivation of the hacker, according to IT experts, was to gain access to information regarding military plans or contracts and not for purposes of identity theft, although they have not ruled that out.

VFW is providing 12 months free of AllClearID. Members can call 1-855-398-6437 with any questions. A security code must be provided and was provided in the letter sent to those affected.

Information Source:
California Attorney General
Date Made Public:
April 3, 2014
Company: Central City Concern
Location: Portland , Oregon
Type of breach:
INSD
Type of organization:
NGO
Records Breached:
15

Central City Concern, a non-profit in Portland Oregon, notified individuals of a data breach that was perpetrated by an ex-employee of the agency.  Federal law enforcement officers notified the non-profit that this former employee copied files from approximately 15 clients from its Access Center with the intention of filing fraudulent tax returns.

CCC began an investigation and has noted that this former employee may have accessed files from March 23, 2010 through May 24, 2013. The former employee stated to authorities that they had only copied 15 files. The non-profit has set up 12 months free monitoring through Experians ProtectMyID alert. Any questions for the agency, those affected are asked to call 1-866-778-1144 Monday through Friday 6:00 a.m to 6:00 p.m.

Information Source:
Vermont Attorney General
Date Made Public:
December 11, 2013
Company: Los Angeles Gay & Lesbian Center
Location: Los Angeles, California
Type of breach:
HACK
Type of organization:
NGO
Records Breached:
59,000

A cyber attack caused the information of clients associated with the L.A. Gay and Lesbian Center to be affected between September 17, 2013 and November 8, 2013.  Names, Social Security numbers, credit card information, dates of birth, contact information, medical information, and health insurance account numbers may have been exposed.

Information Source:
Media
Date Made Public:
November 15, 2013
Company: Group Health Cooperative
Location: Seattle, Washington
Type of breach:
DISC
Type of organization:
NGO
Records Breached:
1,015

Group Health member identification numbers and chronic conditions were accidentally printed on the outside of letters that were mailed on September 16.  The issue was discovered on September 23.

Information Source:
HHS via PHIPrivacy.net
Date Made Public:
October 10, 2013
Company: Legal Aid Society of San Mateo County
Location: Redwood City, California
Type of breach:
PORT
Type of organization:
NGO
Records Breached:
0

The August 12 office burglary of 10 laptops resulted in the exposure of client information.  The laptops were used by Legal Aid Society attorneys to assist individuals in getting services.  Names, Social Security numbers, dates of birth, medical information, and health information may have been exposed.

Information Source:
California Attorney General
Date Made Public:
September 30, 2013
Company: The New Teacher Project
Location: Brooklyn, New York
Type of breach:
PORT
Type of organization:
NGO
Records Breached:
0

The July 27 or 28 office theft of an unencrypted laptop resulted in the exposure of current and former employee information.  Names, Social Security numbers, dates of birth, and employee ID numbers were exposed.

Information Source:
Databreaches.net
Date Made Public:
March 21, 2013
Company: National Institute of Aerospace, National Aeronautics and Space Administration (NASA)
Location: Hampton, Virginia
Type of breach:
INSD
Type of organization:
NGO
Records Breached:
0

A Chinese national who worked as a contractor for the National Institute of Aerospace had access to NASA's Langley Research Center.  He was caught boarding a plane with two external hard drives, two laptops, a memory stick, and an SIM card on March 16.  He originally did not reveal the second laptop, hard drive, and SIM card when detained.  The information he was attempting to steal was not revealed.  

Information Source:
Media
Date Made Public:
February 20, 2013
Company: Central Hudson Gas & Electric
Location: Poughkeepsie, New York
Type of breach:
HACK
Type of organization:
NGO
Records Breached:
110,000

Central Hudson learned of a cyber attack that occurred over President's Day weekend.  Customers were notified the day after the holiday and encouraged to monitor their bank accounts and credit reports.  Customer banking information and other personal information may have been accessed during the attack.

Information Source:
Databreaches.net
Date Made Public:
February 4, 2013
Company: Alabama Criminal Justice Information Center
Location: Montgomery, Alabama
Type of breach:
HACK
Type of organization:
NGO
Records Breached:
4,000

Information related to over 4,000 American bank executive accounts was exposed by hackers.  Hackers placed an Alabama Criminal Justice Information Center spreadsheet with the login information, credentials, contact information, and IP addresses of bank executives online.

Information Source:
Dataloss DB
Date Made Public:
December 10, 2012
Company: West Pittsburgh Partnership
Location: Pittsburgh, Pennsylvania
Type of breach:
PHYS
Type of organization:
NGO
Records Breached:
0

A concerned citizen investigated a pile of documents next to a dumpster.  The documents contained names and Social Security numbers.  A local news team responded to the story and contacted a representative from West Pittsburgh Partnership.  West Pittsburgh Partnership began an investigation into how the job placement program documents dating back to 1992 were exposed.

Information Source:
Databreaches.net
Date Made Public:
October 18, 2012
Company: Southern Environmental Law Center
Location: Charlottesville, Virginia
Type of breach:
HACK
Type of organization:
NGO
Records Breached:
0

Sensitive information from Southern Environmental Law Center was placed online.  Credit card, medical, and donor information such as addresses, phone numbers, and client files were exposed.  The data was accessible via Google search for an unspecified amount of time.  Southern Environmental Law Center is warning people not to open emails about the security failure or click on any links in emails that appear to be from Southern Environmental Law Center.

Information Source:
Databreaches.net
Date Made Public:
September 27, 2012
Company: Center 4 Health Enlightenment Enrichment Empowerment Renewal Services (CHEERS)
Location: Phoenix, Arizona
Type of breach:
INSD
Type of organization:
NGO
Records Breached:
180

A dishonest employee accessed and misused CHEERS client names, Social Security numbers, and birth dates.  She, her sister, and her husband filed 180 tax returns under stolen identities and claimed over $1 million in tax refunds. The three face between three years and five years in prison.

Information Source:
Databreaches.net
Date Made Public:
September 26, 2012
Company: American Heart Association, Olive Crest
Location: Las Vegas, Nevada
Type of breach:
PORT
Type of organization:
NGO
Records Breached:
0

An office burglary resulted in the exposure of personal information.  Two or more laptops with donor information and a docking station were stolen.

Information Source:
Databreaches.net
Date Made Public:
September 21, 2012
Company: Central States Southeast and Southwest Areas Health and Welfare Fund
Location: Des Plaines, Illinois
Type of breach:
PHYS
Type of organization:
NGO
Records Breached:
754

An incident occurred on July 31 that may have caused sensitive health information to be exposed. The information was in the form of paper records that were exposed in some undisclosed way.

Information Source:
HHS via PHIPrivacy.net
Date Made Public:
September 14, 2012
Company: Wounded Warrior Project
Location: Jacksonville, Florida
Type of breach:
PORT
Type of organization:
NGO
Records Breached:
0

A July 25 office burglary resulted in the theft of at least 33 laptops and iPads. The personal information of an unspecified number of former employees may have been affected.

UPDATE (11/28/2012): The laptops contained employee names, Social Security numbers, addresses, dates of birth, passport numbers, credit card information, bank account numbers, and possibly life insurance dependent information.  The IT department remotely locked access to the devices after discovering they had been stolen earlier in the same day.

Information Source:
Databreaches.net
Date Made Public:
September 14, 2012
Company: Feinstein Institute for Medical Research
Location: Manhasset, New York
Type of breach:
PORT
Type of organization:
NGO
Records Breached:
13,000

A laptop stolen on or around September 2, 2012 contained current and former patient names, Social Security numbers, and other personal information.  The laptop was taken from the car of a contractor or employee and may have also contained current and former patient mailing addresses, dates of birth, and medical information. Participants in about 50 different research studies that date back an unknown number of years were affected.

UPDATE (3/17/2016): Feinstein Institute for Medical Research was fined $3.9 million dollars to settle HIPAA violations by the organization when a laptop that was stolen containing personal information of individuals. The fine was in response to the organizations lack of, or incomplete security management processes which violates HIPAA.

More information: http://www.hhs.gov/about/news/2016/03/17/improper-disclosure-research-pa...

Information Source:
PHIPrivacy.net
Date Made Public:
September 12, 2012
Company: Education Resources Information Center (ERIC)
Location: Washington, District Of Columbia
Type of breach:
DISC
Type of organization:
NGO
Records Breached:
0

ERIC began an effort to remove personally identifiable information from their full text documents in August of 2012.  The information had been publicly available through other means, but it was appearing more frequently in internet searches and becoming easier to access because of web advances.  Access to many full text documents on ERIC's database was temporarily disabled. Every document will be checked for personally identifiable information before being restored. 

Information Source:
Databreaches.net
Date Made Public:
June 25, 2012
Company: Towards Employment
Location: Cleveland, Ohio
Type of breach:
PORT
Type of organization:
NGO
Records Breached:
26,000

The May theft of a laptop that contained Towards Employment client data may have exposed personal information.  The laptop was password protected and contained the names, Social Security numbers, and addresses of clients. Towards Employment is altering its policy so that only the last four digits of clients' Social Security numbers are tracked and used.

Information Source:
Media
Date Made Public:
June 22, 2012
Company: Minnesota Board of Psychology
Location: Minneapolis, Minnesota
Type of breach:
INSD
Type of organization:
NGO
Records Breached:
42

A dishonest employee working as a receptionist for the Minnesota Board of Psychology was part of a fraud ring that included nearly 30 co-conspirators.  The receptionist was employed from December 2006 until May 2011. She pled guilty to conspiracy to commit bank fraud and aggravated identity theft and faces six years in prison.  Those convicted in the case will be jointly responsible for $358,780 in restitution to victims.  

Fifteen people have pleaded guilty and 10 others have pleaded not guilty in the case.  The identity fraud ring was able to make at least $2 million in fraudulent purchases and bank withdrawals. The fraud ring used a variety of methods that included dishonest employees and theft of sensitive information from cars, businesses, trash cans, and mailboxes.  

Information Source:
Databreaches.net
Date Made Public:
June 1, 2012
Company: Masons of California
Location: San Francisco, California
Type of breach:
HACK
Type of organization:
NGO
Records Breached:
4,056

A hacker or hackers accessed and posted sensitive information from the Masons of California.  Names, addresses, phone numbers, and emails were exposed.

Information Source:
Dataloss DB
Date Made Public:
May 30, 2012
Company: American Advertising Federation (AAF)
Location: Washington, District Of Columbia
Type of breach:
HACK
Type of organization:
NGO
Records Breached:
555

A hacker or hackers posted member names, email addresses, and contact information online.

Information Source:
Dataloss DB
Date Made Public:
May 30, 2012
Company: American Pharmacist Association (APhA), Pharmacist.com
Location: Washington, District Of Columbia
Type of breach:
HACK
Type of organization:
NGO
Records Breached:
28,000

Hackers associated with the group Anonymous posted donations, emails, personal account information, server information, and other information from APhA's online database.  The hackers also claim to have accessed the records of 16,000 patients by hacking the website, but did not post that information. Anonymous claims that the organization was targeted due to its connection to government officials.

UPDATE (6/09/2012): Some names and addresses were also posted.  The data posted included information on over 28,000 visitors, donors, and members.

UPDATE (07/18/2012): The website was defaced on May 28.  APhA immediately noticed and shut down the website and related computer servers.  However, names, addresses, and credit card information (excluding security codes) stored on computer servers may have been accessed between April 23 and May 28.

Information Source:
Dataloss DB
Date Made Public:
May 20, 2012
Company: National Endowment for the Arts
Location: Washington, District Of Columbia
Type of breach:
HACK
Type of organization:
NGO
Records Breached:
13

A hacker or hackers accessed the database information of National Endowment for the Arts and posted the information online.  The leaked data included 13 names, email addresses, and passwords.

Information Source:
Dataloss DB
CSV