Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: 2017
Company or Organization: all
Date Made Public:
November 19, 2018
Company: Francescas services corporation
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
84,275

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
November 16, 2018
Company: Pentegra services inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
301

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
November 13, 2018
Company: Stein mart inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
108,322

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
November 7, 2018
Company: Unified trust company n a
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
43,000

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 25, 2018
Company: GS1 US, Inc.
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
October 25, 2018
Company: G s1 u s inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
78,907

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 23, 2018
Company: Trans union llc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
7,492

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 16, 2018
Company: Chicago property managementand investments
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
79

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 12, 2018
Company: California State University East Bay
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
October 12, 2018
Company: City of Indio/Indio Water Authority
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
October 8, 2018
Company: Trans union llc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
242

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 4, 2018
Company: Professional publications inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
1,162

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
September 19, 2018
Company: Tech Rabbit LLC
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
September 19, 2018
Company: The Affiliated Group
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
August 29, 2018
Company: Richard Owen Nursery, Inc. d/b/a Dutch Gardens USA
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General’s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
August 28, 2018
Company: Orrstown bank
Location:
Type of breach:
UNKN
Type of organization:
BSF
Records Breached:
54,000

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
August 20, 2018
Company: Whitmerand company c p as llp
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
653

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
August 16, 2018
Company: Gordon Schanzlin New Vision Institute
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General’s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
August 9, 2018
Company: Capital One
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General’s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
August 7, 2018
Company: Hasbro inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
2,039

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
August 6, 2018
Company: TCM Bank, N.A. (“TCM Bank”)
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General’s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
August 3, 2018
Company: Austin foam plastics inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
66

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
August 3, 2018
Company: TCM Bank
Location:
Type of breach:
UNKN
Type of organization:
BSF
Records Breached:
9,549

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
July 25, 2018
Company: Welk resort group inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
1,464

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
July 24, 2018
Company: Trade motion
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
81,782

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
July 23, 2018
Company: Cityof midwest city oklahoma
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
4,559

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
July 19, 2018
Company: L a fashion enterprise l t d
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
34,097

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
July 17, 2018
Company: Automated pet care products inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
2,693

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
July 16, 2018
Company: The cityof bozeman montana
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
2,962

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
July 16, 2018
Company: EBSCO sign group inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
871

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
July 11, 2018
Company: Tommie copper inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
28,437

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
June 27, 2018
Company: NameTests
Location: , California
Type of breach:
DISC
Type of organization:
BSR
Records Breached:
120,000,000

According to a post on Medium by the security researcher that discovered the flaw, Inti De Ceukelaire, "Nametests.com, the website behind the quizzes, recently fixed a flaw that publicly exposed information of their more than 120 million monthly users — even after they deleted the app

. . . .

  • Who was affected?

According to Facebook, NameTests has more than 120 million active monthly users. I have no insights in how many users have given their data to the app since their launch early 2015. It is important to note that if this flaw was ever abused, only the users that actually visited the attacker’s website would have their data leaked to the attacker.

  • What Data could have been leaked?

Depending on what quizzes you took, the javascript could leak your facebook ID, first name, last name, language, gender, date of birth, profile picture, cover photo, currency, devices you use, when your information was last updated, your posts and statuses, your photos and your friends.

  • What data could have been leaked after the app was deleted?

If you ever took a quiz and removed the app afterwards, external websites would still be able to read your facebook id, first name, last name, language, gender, date of birth. You could have only prevented this from happening if you manually deleted your cookies, as the website does not offer a logout functionality."

 

Information Source:
Media
Date Made Public:
June 15, 2018
Company: Central christian college of kansas
Location: McPherson, Kansas
Type of breach:
UNKN
Type of organization:
EDU
Records Breached:
631

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
May 22, 2018
Company: Muir Medical Group, IPA. Inc.
Location: , California
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
500
What happened? On March 7, 2018, Muir discovered that a former employee of Muir IPA took with her certain information in the possession of Muir IPA before her employment ended with Muir IPA in December 2017. .
 
What information was involved? The information taken by Muir IPA’s former employee may have included your personal information, including demographic information (such as your name, address, email address, telephone number, date of birth, and Social Security number to the extent your Medicare number is derived from your Social Security number), insurance information (such as your health insurance plan name and health insurance identification number), and clinical information (such as your diagnoses, test results, medication information, and other treatment information in Muir IPA’s possession)
 
** Disclaimer ** The number of breached records reported reflects our best estimate, based on all the data currently available. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General’s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation to notify the Attorney General.
 
Under Cal. Civ. Code §§ 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you are a business representative and believe this number is inaccurate, please contact us at chronology@privacyrights.org and we will review and update this record.
 
Information Source:
Security Breach Letter
Date Made Public:
May 16, 2018
Company: Providence Saint John's Health Center
Location: , California
Type of breach:
HACK
Type of organization:
MED
Records Breached:
500
For more information, see the security breach letter sent to the California Attorney General's Office.
 
** Disclaimer ** The number of breached records reported reflects our best estimate, based on all the data currently available. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General’s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation to notify the Attorney General.
 
Under Cal. Civ. Code §§ 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you are a business representative and believe this number is inaccurate, please contact us at chronology@privacyrights.org and we will review and update this record.
 
Information Source:
Security Breach Letter
Date Made Public:
May 4, 2018
Company: PAR Electrical Contractors, Inc.
Location: Kansas City, Missouri
Type of breach:
PHYS
Type of organization:
BSO
Records Breached:
25,000

According to a breach notification form and letter sent to the Indiana Office of Attorney General, PAR Electrical Contractors, Inc. experienced a data breach that resulted in the exposure of "~25,000" persons. According to the accompanying notification letter, "On or about December 22, 2017, a thief stole a container holding daily backup tapes that, as part of PAR's regular practices, had been taken off-site. . . The backup tapes included data from PAR's employment records for present and former employees.We believe the data included your name, contact information, Social Security number, date of birth, and payroll dataincluding bank account number if used for direct deposit). In addition, the tapes may have included your driver'slicense or passport number (if submitted as part of the new hire process)."

Information Source:
Security Breach Letter
Date Made Public:
April 20, 2018
Company: Orbitz
Location:
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
0

Between Oct. 1, 201 and Dec. 22, 2017, Orbitz determined that an unauthorized third party may have accessed personal information stored on a third party business partner platform. Information affected including name, payment card number and expiration date, phone number, email address and physical and/or billing address. Certain hotel reservations made through Southwest.com, whih was powere dby orbitz, may have been affected.

 

Information Source:
Security Breach Letter
Date Made Public:
April 20, 2018
Company: W. W. Grainger, Inc.
Location: , California
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
0

On April 10, 2018, Grainger as notified by [24]7.ai that [24]7.ai was involved in a cyber incident, during which time, credit card information of those conducting business with certain [24]7.ai clients, including Grainger, may have been accessed. Customers who used guest check out and manually entered credit card information on Grainger.com or its app were potentially affected. Information includes credit card numbers, security codes, card expiration dates, names and addresses.

Information Source:
Security Breach Letter
Date Made Public:
April 19, 2018
Company: Blue Shield of California
Location: , California
Type of breach:
DISC
Type of organization:
MED
Records Breached:
0

 Blue Shield of California admitted to a PHI data breach involving an insurance broker who was not authorized to receive patient information, according to a breach notification submitted to the California Attorney General’s Office. 

The Blue Shield of California Privacy Office received confirmation on March 23, 2018 that a breach had occurred in November 2017 during the 2018 Medicare Annual Enrolment Period when a Blue Shield employee emailed a document containing PHI to an insurance broker “in violation of Blue Shield policies.”

The PHI included names, home addresses, mailing addresses, Blue Shield subscriber identification numbers, telephone numbers, and subscribers’ Blue Shield Medicare Advantage plan numbers.

Blue Shield of California said that it believes the insurance broker may have contacted some of the individuals identified in the document to sell a Medicare Advantage Plan offered by another health insurance company.

The health insurer said that individuals affected by the disclosure are eligible for free identity repair and credit monitoring services.

Information Source:
Security Breach Letter
Date Made Public:
April 6, 2018
Company: Sears
Location: , Illinois
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
90,000

Department store chain Sears Holding Corp (SHLD.O) and Delta Air Lines Inc (DAL.N) said on Wednesday some of their customer payment information may have been exposed in a cyber security breach at software service provider [ 24]7.ai.

Department store chain Sears Holding Corp (SHLD.O) and Delta Air Lines Inc (DAL.N) said on Wednesday some of their customer payment information may have been exposed in a cyber security breach at software service provider [ 24]7.ai.
A Delta Air Lines flight is pushed put of its gate at the airport in Salt Lake City, Utah, U.S., January 12, 2018. REUTERS/Mike Blake

Sears said it was notified of the incident in mid-March and the incident led to unauthorized access to the credit card information of under 100,000 of its customers.

Technology firm [ 24]7.ai, which provides online support services for Delta, Sears and Kmart among other companies, found that a cyber security incident affected online customer payment information of its clients, it said.

The incident happened on or after Sept. 26, 2017 last year and was found and resolved on Oct. 12, the company said.

Information Source:
Media
CSV