Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: 2018
Company or Organization: all
Date Made Public:
February 15, 2018
Company: The Saint Louis Trust Company
Location: St. Louis, Missouri
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
90

The Saint Louis Trust Company suffered a breach affecting 90 records, which included Account #.

Information Source:
Security Breach Letter
Date Made Public:
February 15, 2018
Company: Dollar General Corporation
Location: Goodlettsville, Tennessee
Type of breach:
DISC
Type of organization:
BSR
Records Breached:
43

On January 15, 2018, one of our service providers, Ernst & Young LLP (EY), became aware that on three separate occasions during the week of January 8, 2018, one of their tax professionals had mistyped a fax number while transmitting a total of forty-four (44) Tax Credit and Incentive Forms which contained personal information pertaining to 43 current employees and prospective hires of Dollar General. These faxes were transmitted in connection with the Work Opportunity Tax Credit (WOTC) services EY provides to Dollar General. Due to the EY tax professional transposing digits in the fax number, the Forms were sent to an unintended recipient's fax machine (instead of the fax machine located at another EY office).

Information Source:
Security Breach Letter
Date Made Public:
February 15, 2018
Company: LendKey Technologies, Inc.
Location: New York, New York
Type of breach:
DISC
Type of organization:
MED
Records Breached:
6,403

LendKey Technologies, Inc. suffered a breach affecting 6403 records, including Account Numbers, Driver's Licenses, and SSN.

Information Source:
Security Breach Letter
Date Made Public:
February 15, 2018
Company: UNC Health Care
Location: Chapel Hill, North Carolina
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1

Patient's personal information was accidentally faxed to another patient's daughter. The error was immediately identified and the recipient was quickly contacted. The recipient agreed to delete the electronic fax.

Information Source:
Security Breach Letter
Date Made Public:
February 15, 2018
Company: Massachusetts Mutual Life Insurance Company
Location: Springfield, Massachusetts
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
27

Massachusetts Mutual Life Insurance Company suffered a breach affecting 27 records, including Account # and SSN.

Information Source:
Security Breach Letter
Date Made Public:
February 14, 2018
Company: Engle Martin & Associates
Location: Atlanta, Georgia
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
2,508

Engle Martin & Associates suffered a breach affecting 2508 records, including account # and SSN.

Information Source:
Security Breach Letter
Date Made Public:
February 14, 2018
Company: Palo Alto Unified School District
Location: Palo Alto, California
Type of breach:
PHYS
Type of organization:
EDU
Records Breached:
353

On January 18, 2018, Palo Alto Unified School District learned that an employee was storing confidential parent information on his laptop. This same employee had a prior laptop stolen and based on this information, the District conducted an investigation to determine whether personal information was affected by the prior incident. The District's investigation determined that although the stolen laptop was password protected, confidential information may have been stored on the device, including the name, address, and Social Security number for seven (7) North Carolina residents. The District will begin notifying North Carolina residents by U.S. Mail in accordance with North Carolina law in substantially the same form as the document enclosed herewith. The District is also offering the affected individuals a complimentary one year membership in credit monitoring and identity theft protection services through Experian and has provided a dedicated phone number to answer any questions that individuals may have regarding the incident.

Information Source:
Security Breach Letter
Date Made Public:
February 14, 2018
Company: Hamilton Acquisition Corp. t/a Stallings Group
Location: Chesapeake, Virginia
Type of breach:
DISC
Type of organization:
BSR
Records Breached:
7

The Social Security number of each employee was visible through the window of the envelope used to mail W2s to employees.

Information Source:
Security Breach Letter
Date Made Public:
February 14, 2018
Company: Management Services, LLC
Location: Chesapeake, Virginia
Type of breach:
DISC
Type of organization:
BSR
Records Breached:
53

The Social Security number of each employee was visible through the window of the envelope used to mail W2s to employees.

Information Source:
Security Breach Letter
Date Made Public:
February 14, 2018
Company: Thomas Edison State University
Location: Trenton, New Jersey
Type of breach:
HACK
Type of organization:
EDU
Records Breached:
557

Thomas Edison State University discovered that an unauthorized user accessed a Thomas Edison employee's email account. Based upon its investigation to date, Thomas Edison reasonably believes that the Unauthorized User improperly acquired the personal information of 557 individuals, including 13 residents of the North Carolina. The personal information acquired includes names and Social Security numbers. This incident was isolated to a single email account and the Unauthorized User did not gain access to Thomas Edison's network.

Information Source:
Security Breach Letter
Date Made Public:
February 13, 2018
Company: Community Hospital of Bremen
Location: Bremen, Indiana
Type of breach:
DISC
Type of organization:
MED
Records Breached:
115

On 1/17/2018, suffered a breach affecting 115 records. Acquired information includes SS numbers and names.

Information Source:
Security Breach Letter
Date Made Public:
February 13, 2018
Company: Medical Science & Computing, LLC
Location: Rockville, Maryland
Type of breach:
DISC
Type of organization:
BSR
Records Breached:
137

Medical Science & Computing, LLC suffered a breach affecting 139 (paper) records, which included account numbers.

Information Source:
Security Breach Letter
Date Made Public:
February 13, 2018
Company: Bed Bath & Beyond, Inc.
Location: Union, New Jersey
Type of breach:
INSD
Type of organization:
BSR
Records Breached:
139

A call center employee processing orders over the phone illegally compromised three customers' credit card information. BB&B recently determined that this same employee processed an order for one North Carolina resident over the phone between November 21, 2017 and December 8, 2017, although they do not know if that customer's credit card number was compromised.

Information Source:
Security Breach Letter
Date Made Public:
February 13, 2018
Company: Central Islip Union Free School District
Location: Central Islip, New York
Type of breach:
DISC
Type of organization:
EDU
Records Breached:
1,362

On February 1, 2018, Central Islip Union Free School District  learned of a potential data incident which may have resulted in unauthorized access to certain personal information. Specifically, a window envelope was utilized to mail certain forms to current and former employees of the District. It appears if the contents were placed in a certain way within the envelope and the envelope was tapped in various ways it may have permitted some information to be viewable through the envelope's window. The data elements involved may have included name, address, and Social Security number.

Information Source:
Security Breach Letter
Date Made Public:
February 13, 2018
Company: Kingston Residence of Hickory, LLC
Location: Hickory, North Carolina
Type of breach:
DISC
Type of organization:
MED
Records Breached:
10

A clerical mistake lead to including 2 separate 1099's in one envelope resulting in the unauthorized disclosure of 1099 information to other vendors

Information Source:
Security Breach Letter
Date Made Public:
February 13, 2018
Company: Perry & Associates CPA's A.C.
Location: Marietta, Ohio
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
2,450

Perry & Associates recently learned that malware may have been deployed upon Perry & Associates' computer network. Upon learning of the incident, Perry & Associates commenced a prompt and thorough investigation and has been working closely with the IRS. Perry & Associates has devoted considerable time and effort to determine whether client data was at risk as a result of the malware. The extensive forensic investigation concluded that a limited number of computer files may have been compromised on November 18, 2017. Since completing the investigation, Perry & Associates concluded that because some computer files may have been compromised, an unknown individual may have had access, via those compromised computer documents, to personal information belonging to clients. Perry & Associates discovered on January 16, 2018 that the information available in the potentially compromised files included client full name and Social Security number, and may have also included driver's license number and bank account information, to the extent that information was provided to Perry & Associates.

Information Source:
Security Breach Letter
Date Made Public:
February 13, 2018
Company: Principal Life Insurance Company
Location: Des Moines, Iowa
Type of breach:
DISC
Type of organization:
BSF
Records Breached:
1

Principal received a Pension Death Benefit Claim form in the mail room via Federal Express from the customer. When the package arrived at the recipients desk, it was empty.

Information Source:
Security Breach Letter
Date Made Public:
February 13, 2018
Company: Eastern Shore Rural Health, Inc.
Location: Onancock, Virginia
Type of breach:
HACK
Type of organization:
MED
Records Breached:
287

On February 2, 2018, Eastern Shore began to receive reports from several employees that unauthorized individuals attempted to file fraudulent tax returns in their name. At this point, there is no indication that employee data was accessed without authorization on Eastern Shore's systems. However, due to the timing of the reports of fraudulent tax returns being filed, Eastern Shore is notifying its employees of the potential incident so they can take steps to protect themselves. Eastern Shore will continue to investigate the incident and remediate any issues discovered.

Information Source:
Security Breach Letter
Date Made Public:
February 12, 2018
Company: Goldman Sachs & Co. LLC
Location: New York, New York
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
32

On January 11, 2018, Aperio Group, LLC, a third party investment manager used by Goldman Sachs, discovered that the email accounts of two of its employees were compromised by a sophisticated phishing attack which resulted in an unauthorized auto-forward rule being applied to those two employees' accounts. This caused all emails sent to those accounts between August 21, 2017, and January 11, 2018, to be blind copied to two external email addresses. The personal information involved in the incident consisted of the account name and account number for a Goldman Sachs account owned by two residents of North Carolina.

Information Source:
Security Breach Letter
Date Made Public:
February 9, 2018
Company: OneMain Financial
Location: Baltimore, Maryland
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
1,253

"An unauthorized individual apparently compromised the personal or work email accts of OneMain customers, & used the email accts to access certain customers OneMain online accts. Based on the review, it does not appear that OneMain was the source of or responsible for the apparent compromise of accts. The personal info involved may have included 1st & last name, phone #, OneMain loan acct #, OneMain rewards acct, & type of ins. purchased."

Information Source:
Security Breach Letter
Date Made Public:
February 9, 2018
Company: Intuit Inc.
Location: Mountain View, California
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
31

Intuit, Inc. suffered a data breach that affected 31 records, which included both Driver's License and SSN data.

Information Source:
Security Breach Letter
Date Made Public:
February 9, 2018
Company: City of Thomasville
Location: Thomasville, North Carolina
Type of breach:
DISC
Type of organization:
GOV
Records Breached:
269

A public records request for employee payroll information was received. The documents were prepared by the Human Resources Department. One of the documents that was released had un-formatted SSN. They were not identified as SSN. Once the document was released to the person who requested they posted the information on a Closed Facebook page. The SSN were not identified. I was notified about the post and contacted our City Attorney. Person posting info and Facebook was notified and the information was taken down approximately 3 hours after we learned it was posted.

Information Source:
Security Breach Letter
Date Made Public:
February 9, 2018
Company: Kinetics Systems, Inc.
Location: Livermore, California
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
875

On February 1, 2018, Kinetics received notice that an inadvertent data exposure occurred on January 25, 2018. Kinetics experienced a "phishing" attack - via fraudulent email a scammer posed as an Officer of Kinetics, and obtained personal information of current and past employees who worked at Kinetics during 2017.

Information Source:
Security Breach Letter
Date Made Public:
February 8, 2018
Company: Fontainebleau Miami Beach
Location: Miami Beach, Florida
Type of breach:
INSD
Type of organization:
BSR
Records Breached:
158

Fontainebleau Miami Beach suffered a data breach affecting 158 records which included both Credit card and debit card information.

Information Source:
Security Breach Letter
Date Made Public:
February 8, 2018
Company: Corporate Employment Resources, Inc.
Location: Southfield, Michigan
Type of breach:
DISC
Type of organization:
BSR
Records Breached:
4,086

On January 26, 2018, a Company employee sent an e-mail  to other current and former Company employees who were authorized to receive the e-mail but inadvertently attached a document not intended for the recipients. The erroneous attachment contained the intended recipients' personal information as well as the personal information of other current and former employees, including first and last names and Social Security numbers. The Company employee realized her error almost immediately in sending the January 26 e-mail and promptly notified the Company on that day. The Company has asked all recipients of the January 26 e-mail to delete it (along with the erroneous attachment) and to confirm the deletion. The Company is in the process of collecting confirmations of the deletion.

Information Source:
Security Breach Letter
Date Made Public:
February 8, 2018
Company: Daintree Advisors LLC
Location: Boston, Massachusetts
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
74

Daintree Advisors LLC partners with Aperio Group to invest funds on behalf of its clients. Aperio discovered that two Aperio employee email accounts were compromised in a phishing scam. This resulted in unauthorized access to emails sent to and from those accounts between August 21, 2017, and January 11, 2018. Based on Aperio's review of the emails in question, Aperio discovered that some account names, account numbers, balances, and in some cases, personal email addresses were compromised.

Information Source:
Security Breach Letter
Date Made Public:
February 8, 2018
Company: Moore Business Solutions
Location: Greenville, North Carolina
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
600

In December had ransom ware on a computer and server. They did not suspect any thing  was compromised until tax filing season began. The IRS is investigating but does not know at this time if they were breached or not but suggests Moore Business Solutions, Inc. err on the side of caution.

Information Source:
Security Breach Letter
Date Made Public:
February 5, 2018
Company: City of Detroit
Location: , Michigan
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
544

Location of breached information: Other Portable Electronic Device

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 5, 2018
Company: Partners HealthCare System, Inc.
Location: , Massachusetts
Type of breach:
HACK
Type of organization:
MED
Records Breached:
2,450

Location of breached information: Desktop Computer, Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 5, 2018
Company: CarePlus Health Plan [case #HU1800066]
Location: , Kentucky
Type of breach:
DISC
Type of organization:
MED
Records Breached:
11,248

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 2, 2018
Company: Eastern Maine Medical Center
Location: , Maine
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
660

Location of breached information: Other Portable Electronic Device

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
February 2, 2018
Company: The Sacramento Bee
Location: Sacramento, California
Type of breach:
DISC
Type of organization:
BSR
Records Breached:
19,501,300

The Sacramento Bee said in a statement that a firewall protecting its database was not restored during routine maintenance last month, leaving the 19,501,258 voter files publicly accessible. Additionally, the names, home addresses, email addresses, and phone numbers of 52,873 Sacramento Bee subscribers were compromised.

“We take this incident seriously and have begun efforts to notify each of the individuals on the contact list and to provide them resources to help guard against potential misuse of their personal contact information,” the paper said in a statement. “We are also working with the Secretary of State’s office to share with them the details of this intrusion.”

Information Source:
Media
Date Made Public:
February 2, 2018
Company: Ron's Pharmacy Services
Location: , California
Type of breach:
HACK
Type of organization:
MED
Records Breached:
6,781

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 2, 2018
Company: Triple-S Advantage, Inc.
Location:
Type of breach:
DISC
Type of organization:
MED
Records Breached:
36,305

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 2, 2018
Company: Doral Corporation
Location: Milwaukee, Wisconsin
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
335

The Doral Corporation experienced a phishing attack that resulted in the exposure of 335 records. Exposed records included social security numbers in combination with first and last names.

Information Source:
Security Breach Letter
Date Made Public:
February 2, 2018
Company: Make-up Designory
Location: Valencia, California
Type of breach:
DISC
Type of organization:
EDU
Records Breached:
670

According to the data breach notification form sent to the Indiana Office of Attorney General, "Each January our client is required to send a tax document (1098-T Statement) to students and graduates. The information for this form i s gathered by Its accounting office and securely transferred to a certified public accounting firm. The accounting firm works with a financial communications service provider that specializes in creating and mailing these and similar type tax forms to be sent by US mall. This year was no different, except an error occurred In the preparation of the mailing that cause three individual ta~documents to be placed In one envelope, As a result, some students received their own 1098-T Statements and Statements fur two other students. We are contacting all students affected by this Incident to notify them of the unintentional disclosure and requesting the return of all 1098-T Statements that were mailed in error. We will follow-up with such students to confirm that the Statements are returned to the school and/or destroyed."

Information Source:
Security Breach Letter
Date Made Public:
February 1, 2018
Company: Steven Yang, D.D.S., Inc.
Location: Reseda, California
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
1

What Happened On the morning of January 6, 2018,  dental office was burglarized and two laptops were stolen. Once discovered, the matter was immediately reported to the Los Angeles Police Department and an internal investigation was started to determine what, if any, health information may have been stored on those devices.

What Information Was Involved An investigation has determined that files contained on those devices may have included names, addresses, social security numbers, health insurance numbers and other information regarding California citizens' dental care. To date, they have been unable to locate the stolen devices. 

Information Source:
Security Breach Letter
Date Made Public:
February 1, 2018
Company: Forrest General Hospital
Location: , Mississippi
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,670

Location of breached information: Email

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
February 1, 2018
Company: Coastal Cape Fear Eye Associates, P.A.
Location: , North Carolina
Type of breach:
HACK
Type of organization:
MED
Records Breached:
925

Location of breached information: Desktop Computer, Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 1, 2018
Company: Remote DBA Experts, LLC
Location: Warrendale, Pennsylvania
Type of breach:
DISC
Type of organization:
NGO
Records Breached:
281

Remote DBA Experts, LLC experienced a phishing attack that resulted in the exposure of 281 records.  According  to the breach notification letter they provided to the Indiana Office of Attorney General, "On January 17, 2018, an unauthorized individual impersonating an RDX executive emailed an RDXemployee  to request 2017 W-2 infonnation for our employees. Before we determined that the request wasfraudulent, the employee provided the data to the unauthorized third party. The data included your first name,last name, mailing address, Social Security number, and 2017 compensation and deduction information."

Information Source:
Security Breach Letter
CSV