Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: all
Company or Organization:
Date Made Public:
October 17, 2018
Company: Yale University
Location: , Connecticut
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,102

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
July 26, 2018
Company: Yale university
Location: New Haven, Connecticut
Type of breach:
UNKN
Type of organization:
EDU
Records Breached:
119,000

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
July 19, 2012
Company: Yale University
Location: New Haven, Connecticut
Type of breach:
HACK
Type of organization:
EDU
Records Breached:
1,200

Hackers accessed at least one Yale database and obtained the details of 1,200 students and staff.  Hackers may have obtained names, Social Security numbers, addresses, and phone numbers. Additionally, usernames, passwords, and email addresses were published as proof of the hack.

Information Source:
Databreaches.net
Date Made Public:
August 17, 2011
Company: Yale University
Location: New Haven, Connecticut
Type of breach:
DISC
Type of organization:
EDU
Records Breached:
43,000

A computer file containing the names and Social Security numbers of former faculty, staff and students was accidentally made accessible online.  The file contained information from 1999 and could be located through a Google search for 10 months.  A change in Google's search engine made the file accessible from September 2010 to July 1, 2011.  A person who performed a Google search on his name discovered the breach on June 30.

Information Source:
Databreaches.net
Date Made Public:
August 18, 2010
Company: Yale University
Location: , Connecticut
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
1,000

An unsecured laptop computer containing sensitive protected health information (PHI) involving the Ryan White Part A program, involving approximately 1,000 individuals, was stolen from an office building on Yale’s premises. The types of PHI contained on the laptop consisted of names, dates of birth, diagnoses/conditions, medications, lab results, and other treatment information. The covered entity (CE) provided breach notification to HHS, the media and affected individuals. Following the breach, the CE installed access card readers for entry to the office suite, inspected the facility’s alarm system, replaced custodial staff, and limited cleaning to office hours. The CE also accelerated the implementation of safeguards created prior to the theft, implemented mandatory encryption for all mobile devices, and created a new system to ensure all employees complete mandatory Privacy and Security Awareness training. The CE also revised several policies and procedures on ePHI security. OCR obtained assurances that the CE implemented the corrective actions listed above.

Location of breached information: Laptop

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
August 8, 2007
Company: Yale University
Location: New Haven, Connecticut
Type of breach:
STAT
Type of organization:
EDU
Records Breached:
10,200

Social Security numbers for over 10,000 current and former students, faculty and staff were compromised last month following the theft of two University computers

Information Source:
Dataloss DB
CSV