Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: 2018
Company or Organization: all
Date Made Public:
October 22, 2018
Company: Challenger sports inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
11,123

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 22, 2018
Company: S t l international incdba teeter
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
12,561

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 19, 2018
Company: Scrapbook.com llc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
728

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 18, 2018
Company: Renaissance Philanthropic Solutions Group (?RenPSG?)
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
October 18, 2018
Company: Adelman travel systems inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
48

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 18, 2018
Company: L j cooper capital management llcdba l j cooper wealth advisors
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
1,202

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 18, 2018
Company: Quad assoc llc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
3,855

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 18, 2018
Company: Renaissance philanthropic solutions group
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
33,663

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 17, 2018
Company: Smith Dental Care
Location: , Texas
Type of breach:
HACK
Type of organization:
MED
Records Breached:
5,000

Location of breached information: Desktop Computer, Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 17, 2018
Company: Yale University
Location: , Connecticut
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,102

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 17, 2018
Company: Tallahassee memorial healthcare inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
5,988

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 15, 2018
Company: HealthFitness
Location: , Illinois
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,332

Location of breached information: Other

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
October 15, 2018
Company: Employees Retirement System of Texas
Location: , Texas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,248,260

Location of breached information: Other

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 15, 2018
Company: C r i s f
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
118

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 12, 2018
Company: FirstCare Health Plans
Location: , Texas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
8,056

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 12, 2018
Company: Catawba Valley Medical Center
Location: , North Carolina
Type of breach:
HACK
Type of organization:
MED
Records Breached:
20,000

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 12, 2018
Company: Illinois auto electric co
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
177

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 12, 2018
Company: Indianapolis neighborhood housing partnership
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
1

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 12, 2018
Company: Liquidity services
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
3,000

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 11, 2018
Company: MindBody - FitMetrix
Location: Atlanta, Georgia
Type of breach:
DISC
Type of organization:
BSR
Records Breached:
113,500,000

As reported by TechChrunch:

FitMetrix, a fitness technology and performance tracking company owned by gym booking giant Mindbody, has exposed millions of user records because it left several of its servers without a password. . .

Last week, a security researcher found three FitMetrix unprotected servers leaking customer data.

It isn’t known how long the servers had been exposed, but the servers were indexed by Shodan, a search engine for open ports and databases, in September.

Bob Diachenko, Hacken.io’s director of cyber risk research, found the databases containing 113.5 million records — though it’s not known how many users were directly affected. Each record contained a user’s name, gender, email address, phone numbers, profile photos, their primary workout location, emergency contacts and more. Many of the records were not fully complete.

Information Source:
Media
Date Made Public:
October 11, 2018
Company: BioMarin Pharmaceutical Inc.
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
October 11, 2018
Company: West Sound Treatment Center
Location: , Washington
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
2,300

Location of breached information: Laptop

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 11, 2018
Company: Indiana University School of Medicine
Location: , Indiana
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
1,431

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 11, 2018
Company: The May Eye Care Center
Location: , Pennsylvania
Type of breach:
HACK
Type of organization:
MED
Records Breached:
30,000

Location of breached information: Desktop Computer, Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 11, 2018
Company: Prudential insurance companyof america
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
1,637

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 11, 2018
Company: Blue Cross and Blue Shield of North Carolina (Blue Cross NC)
Location: , North Carolina
Type of breach:
DISC
Type of organization:
MED
Records Breached:
631

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 10, 2018
Company: Envision healthcare corporation
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
21,757

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 10, 2018
Company: Shein
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
October 10, 2018
Company: Cigna
Location: , Connecticut
Type of breach:
HACK
Type of organization:
MED
Records Breached:
3,500

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 10, 2018
Company: Hormone Logics
Location: , Florida
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
3,000

Location of breached information: Desktop Computer, Email, Laptop, Network Server, Other Portable Electronic Device, Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 10, 2018
Company: The northwestern mutual life insurance company
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
2,604

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 9, 2018
Company: Roadrunner Transportation Systems, Inc.
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
500

Information on this security breach is provided by the Office of the California Attorney General. ** Disclaimer: ** The number of breached records reported reflects our best estimate, based on all the data currently available, surrounding this breach. Because the specific number of breached records was not disclosed in the notification letter sent to the California Attorney General?s Office, the number is estimated as the minimum number of breached records necessary to trigger the obligation of notification to the Attorney General under California statute.
Under Cal. Civ. Code 1798.29, 1798.82, notification to the Attorney General is only required whenever a breach of records affects more than 500 California residents.
If you believe this number is inaccurate, please contact us at chronology@privacyrights.org

Information Source:
California Attorney General
Date Made Public:
October 9, 2018
Company: Minnesota Department of Human Services
Location: , Minnesota
Type of breach:
HACK
Type of organization:
MED
Records Breached:
20,800

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
October 9, 2018
Company: Givaudan flavors corporationand givaudan fragrances corporation
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
4,200

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 9, 2018
Company: Goody tickets
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
259

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 9, 2018
Company: Indiana university
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
22

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 8, 2018
Company: Alphabet, Inc. - Google+
Location: , California
Type of breach:
DISC
Type of organization:
BSR
Records Breached:
500,000

According to a press release, Alphabet Inc. is shutting down the social network Google+ following discovery of a bug affecting the profiles of nearly 500,000 users.

Underlining this, as part of our Project Strobe audit, we discovered a bug in one of the Google+ People APIs:

  • Users can grant access to their Profile data, and the public Profile information of their friends, to Google+ apps, via the API.

  • The bug meant that apps also had access to Profile fields that were shared with the user, but not marked as public.  

  • This data is limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age. (See the full list on our developer site.) It does not include any other data you may have posted or connected to Google+ or any other service, like Google+ posts, messages, Google account data, phone numbers or G Suite content.

  • We discovered and immediately patched this bug in March 2018. We believe it occurred after launch as a result of the API’s interaction with a subsequent Google+ code change.

  • We made Google+ with privacy in mind and therefore keep this API’s log data for only two weeks. That means we cannot confirm which users were impacted by this bug. However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API.

  • We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.

Information Source:
Media
Date Made Public:
October 8, 2018
Company: Oklahoma Department of Human Services
Location: , Oklahoma
Type of breach:
HACK
Type of organization:
MED
Records Breached:
813

Location of breached information: Paper/Films

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
October 8, 2018
Company: Land o lakes inc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
1

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
October 8, 2018
Company: Massachusetts mutual life insurance company
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
2

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
CSV