City of Providence

Type of organization: 
Year of Breach: 
Type of breach: 
Under Review: 
0
Date Breach Made Public: 
March 21, 2012
geo: 
Providence , RI
United States
Rhode Island US
Records Breached: 

3,000

The city of Providence accidentally provided the Social Security numbers of almost 3,000 former employees when releasing information for a public records request.  GoLocalProv filed an Access to Public Records Act request in order to obtain information about pension recipients in Providence.  The city's legal team responded by emailing a .pdf file with retiree names, dates of retirement, dates for cost-of-living-adjustments, and monthly pension received each month.

Source: 
Media

Sacramento Area Fire Fighters Local 522

Type of organization: 
Year of Breach: 
Type of breach: 
Under Review: 
0
Date Breach Made Public: 
March 31, 2012
geo: 
Sacramento , CA
United States
California US
Records Breached: 

Unknown

On or around March 6, a spreadsheet containing the names and contact information of active and retired Local 522 members was sent by a Local 522 employee to the Sacramento Central Labor Council (CLC).  The spreadsheet contained member Social Security numbers, but was only supposed to provide member mailing addresses.  The email did not stop at CLC and was forwarded to Capitol Mailing, Inc.  The mistake was discovered on March 23 after Local 522 members received mailing labels that displayed their Social Security numbers.  

Source: 
California Attorney General

Office of the Texas Attorney General

Type of organization: 
Year of Breach: 
Type of breach: 
Under Review: 
0
Date Breach Made Public: 
April 27, 2012
geo: 
Austin , TX
United States
Texas US
Records Breached: 

6.5 million

Lawyers responsible for challenging a voter ID law in Texas requested the Texas voter database for analysis.  The Texas Attorney General's office released encrypted discs with the personal records of 13 million Texas voters, but half still contained Social Security numbers.  A state police officer was dispatched to New York, Washington D.C., and Boston to retrieve the encrypted discs when the opposing lawyers revealed that a mistake had occurred.

Source: 
Media

First Data Corporation

Type of organization: 
Year of Breach: 
Type of breach: 
Under Review: 
0
Date Breach Made Public: 
May 11, 2012
geo: 
Atlanta , GA
United States
Georgia US
Records Breached: 

15,399

On April 25, 2012, First Data learned that certain limited personal information about approximately 108,500 merchants who currently process with First Data or who applied for processing services had been shared outside of the company. The names, addresses, and Social Security numbers of merchants who submitted applications to First Data for merchant processing services were purposely disclosed to an outside party in January and February of 2012.  First Data later discovered that this action was not clearly permitted in some merchant contracts.

Source: 
California Attorney General

BlueCross Blue Shield of North Carolina

Type of organization: 
Year of Breach: 
Type of breach: 
Under Review: 
0
Date Breach Made Public: 
June 25, 2012
geo: 
Durham , NC
United States
North Carolina US
Records Breached: 

100

A mailing software error caused the private information of current and former Blue Cross Blue Shield members to be mailed to other members.  The error was discovered on April 12.  The records were more than 10 years old and included patient names, Social Security numbers, type of medical care received, and other protected health information.

Source: 
PHIPrivacy.net

Columbia University

Type of organization: 
Year of Breach: 
Type of breach: 
Under Review: 
0
Date Breach Made Public: 
April 30, 2012
geo: 
New York , NY
United States
New York US
Records Breached: 

3,500

A programmer erroneously saved an internal test file onto a public server in January 2010.  Current and former employees had their names, Social Security numbers, addresses, and bank account numbers available on the internet from January 2010 until April of 2012.  A total of 3,000 current and former employees were affected, but an additional 500 sole proprietors were also affected.  It appears that the file was not accessed at anytime between January 2010 and March 10, 2012.  

Source: 
Dataloss DB

Memorial Sloan-Kettering Cancer Center

Type of breach: 
Year of Breach: 
Type of organization: 
Under Review: 
0
Date Breach Made Public: 
June 13, 2012
geo: 
New York , NY
United States
New York US
Extra Info: 

Memorial Sloan-Kettering's statement about the breach is posted on their website and can be found here.

Records Breached: 

880 (Unknown number of SSNs)

A routine check for sensitive information by Memorial Sloan-Kettering revealed that a PowerPoint presentation that was posted on two medical professional websites in 2006 contained embedded private information.  The information included patient names, phone numbers, addresses, and in some cases, Social Security numbers.  Anyone who accessed and manipulated the PowerPoint presentation could have viewed the information that was used to create certain graphs.  A total of five PowerPoint files contained sensitive information.

Source: 
PHIPrivacy.net

DocuSign, Inc.

Type of organization: 
Year of Breach: 
Type of breach: 
Under Review: 
0
Date Breach Made Public: 
June 9, 2012
geo: 
San Francisco , CA
United States
California US
Records Breached: 

Unknown

DocuSign user information was discovered to be accessible through a Google search. The information goes as far back as January 2012, and some information could be even older.  It is possible to see private emails, signatures, times, dates, locations, addresses, document names, and email addresses.  DocuSign claims that the information is available because a small number of DocuSign users have saved their own personal copies of their signed documents to publicly accessible and searchable locations outside of DocuSign's secure global network.  

Source: 
Databreaches.net

Franklin's Budget Car Sales, Inc.

Type of organization: 
Year of Breach: 
Type of breach: 
Under Review: 
0
Date Breach Made Public: 
June 9, 2012
geo: 
Statesboro , GA
United States
Georgia US
Records Breached: 

95,000

The FTC fined Franklin's Budget Car Sales for compromising consumers' personal information by allowing peer-to-peer software to be installed on its network.  Any computers that were connected to the peer-to-peer network could have accessed Franklin's network of consumer names, Social Security numbers, addresses, dates of birth, and driver's license numbers.  The FTC claimed that Franklin's failed to assess risks to the consumer information it collected and stored online and failed to adopt policies to prevent or limit unauthorized disclosure of information.

Source: 
Databreaches.net

EPN, Inc.

Type of organization: 
Year of Breach: 
Type of breach: 
Under Review: 
0
Date Breach Made Public: 
June 9, 2012
geo: 
Provo , UT
United States
Utah US
Records Breached: 

3,800

The FTC has fined EPN, Inc. for failing to implement reasonable security measures. The agency charged that the company did not have an appropriate information security plan, failed to assess risks to the consumer information it stored, did not adequately train employees, did not use reasonable measures to enforce compliance with its security policies, and did not use reasonable methods to prevent, detect and investigate unauthorized access to personal information on its networks.

Source: 
Databreaches.net

Pages

Showing 11-20 of 833 results
Subscribe to DISC