Chronology of Data Breaches

Lifeline (Federal Communications Commission), TerraCom Inc., YourTel America Inc.

jessika d r — Tue, 21 May 2013 22:29:34 +0000

Location

Washington, DC

United States

See map: Google Maps

Date Breach Made Public:

May 21, 2013

geo:

Washington, DC

United States

See map: Google Maps

Extra Info:

TerraCom customers who have questions may call 1-855-297-0243.

Records Breached:

127,000 (44,000 Social Security numbers exposed)

44000

Around 44,000 application forms and 127,000 supporting documents for Lifeline were posted online. Lifeline is a federal program that provides discount internet and phone service for low-income Americans. Information such as name, Social Security number, scans of food-stamp cards, driver's licenses, tax records, pay stubs, and parole letters was available online. the information had been available since at least March and was removed April 26.

Source:

Media

Goldman Sachs, Bloomberg LP

jessika d r — Tue, 21 May 2013 23:38:38 +0000

Location

New York, NY

United States

See map: Google Maps

Date Breach Made Public:

May 18, 2013

geo:

New York, NY

United States

See map: Google Maps

Records Breached:

Unknown

Bloomberg News reporters were able to monitor clients' usage of data terminals leased from Bloomberg LP. Goldman Sachs is one of the companies that has complained publicly while JP Morgan Chase, the Federal Reserve, and the United States Treasury Department have started investigations. It is unclear how many other organizations may have been affected.

Reporters may have routinely retrieved login and contact information from data-services clients over the past 20 years. Some reporters had access to information on when and how often clients logged into their terminals, their most frequently used functions and contact information.

Source:

Media

Valley Mental Health

jessika d r — Mon, 20 May 2013 13:28:09 +0000

Location

Murray, UT

United States

See map: Google Maps

Date Breach Made Public:

May 17, 2013

geo:

Murray, UT

United States

See map: Google Maps

Records Breached:

700 (No SSNs or financial information)

The February 27 theft of a computer resulted in the exposure of patient information.

Source:

HHS via PHIPrivacy.net

Community Health Network, Community Health Medcheck

jessika d r — Mon, 20 May 2013 14:27:43 +0000

Location

Speedway, IN

United States

See map: Google Maps

Date Breach Made Public:

May 17, 2013

geo:

Speedway, IN

United States

See map: Google Maps

Records Breached:

180

A dishonest employee of Community Health Medcheck accessed the medical records of up to 180 people between mid-March and mid-April. Social Security numbers, dates of birth, credit card numbers, and other information may have been exposed.

Source:

PHIPrivacy.net

Public Health - Seattle and King County

jessika d r — Mon, 20 May 2013 13:06:45 +0000

Location

Seattle, WA

United States

See map: Google Maps

Date Breach Made Public:

May 17, 2013

geo:

Seattle, WA

United States

See map: Google Maps

Extra Info:

Public Health - Seattle and King County has a notice about the incident here: http://www.kingcounty.gov/healthservices/health/locations/breach.aspx

Records Breached:

750 (No SSNs or financial information reported)

A custodian improperly disposed of client medical information on March 7. The records were from the Refugee Screening, WIC, and Needle Exchange programs. Patient names, dates of birth, phone numbers, addresses, medical record numbers, appointment dates, and medical condition or treatment may have been accessed.

Source:

HHS via PHIPrivacy.net

Wood County Hospital

jessika d r — Mon, 20 May 2013 13:49:03 +0000

Location

Bowling Green, OH

United States

See map: Google Maps

Date Breach Made Public:

May 17, 2013

geo:

Bowling Green, OH

United States

See map: Google Maps

Extra Info:

Those with questions may call 855-322-6427.

Records Breached:

2,500 (No SSNs or financial information reported)

The March theft of radiology films resulted in the exposure of patient information. The films were most likely stolen from the Hospital's storage room in order to be stripped of their silver. The films contained patient names, medical record numbers, dates of exams, and in some cases, dates of birth. The thieves posed as recycling subcontractors.

Source:

HHS via PHIPrivacy.net

Orthopedics and Adult Reconstructive Surgery, AssuranceMD

jessika d r — Mon, 20 May 2013 13:13:40 +0000

Location

United States

See map: Google Maps

Date Breach Made Public:

May 17, 2013

geo:

United States

See map: Google Maps

Records Breached:

22,000 (No SSNs reported)

AssuranceMD lost a portable electronic device of their associate Orthopedics and Adult Reconstructive Surgery. The breach occurred between March 1 and March 15.

Source:

HHS via PHIPrivacy.net

The Guidance Center of Westchester, Inc.

jessika d r — Mon, 20 May 2013 14:03:13 +0000

Location

New Rochelle, NY

United States

See map: Google Maps

Date Breach Made Public:

May 17, 2013

geo:

New Rochelle, NY

United States

See map: Google Maps

Records Breached:

1,416

1416

On February 22, 2013, the Guidance Center of Westchester discovered that a central processing unit (CPU) had been removed form a staff member's office. The CPU was removed on February 21 and contained, names, Social Security numbers, dates of birth, dates of admittance to the Center, names of insurance carriers, home addresses, diagnoses, outpatient treatment authorization request, doctors' names, case numbers, and whether or not a patient was prescribed medication.

Source:

HHS via PHIPrivacy.net

LSU Health Shreveport, Siemens Healthcare

jessika d r — Tue, 21 May 2013 22:55:21 +0000

Location

Shreveport, LA

United States

See map: Google Maps

Date Breach Made Public:

May 17, 2013

geo:

Shreveport, LA

United States

See map: Google Maps

Extra Info:

Those with questions may call (888) 824-0379 or (318) 675-7550.

Records Breached:

8,330 (No SSNs or financial information reported)

A computer data entry error resulted in a mailing error that exposed patient information. The names and treatment information of certain patients were mistakenly mailed to other patients. No Social Security numbers, dates of birth, or financial account numbers were exposed.

Source:

PHIPrivacy.net

Delta Dental of Pennsylvania, ZDI

jessika d r — Mon, 20 May 2013 13:23:51 +0000

Location

Mechanicsburg, PA

United States

See map: Google Maps

Date Breach Made Public:

May 17, 2013

geo:

Mechanicsburg, PA

United States

See map: Google Maps

Records Breached:

14,829 (No SSNs or financial information reported)

The March 20 loss of paper records may have exposed the information of patients. ZDI lost the records of their associate Delta Dental of Pennsylvania.

Source:

HHS via PHIPrivacy.net

Stronghold Counseling Services, Inc.

jessika d r — Mon, 20 May 2013 14:12:22 +0000

Location

Sioux Falls, SD

United States

See map: Google Maps

Date Breach Made Public:

May 17, 2013

geo:

Sioux Falls, SD

United States

See map: Google Maps

Records Breached:

8,500 (No SSNs or financial information reported)

The December 24, 2012 theft of a computer resulted in the exposure of patient information.

Source:

HHS via PHIPrivacy.net

Weather Shield

jessika d r — Wed, 22 May 2013 00:14:26 +0000

Location

Medford, WI

United States

See map: Google Maps

Date Breach Made Public:

May 16, 2013

geo:

Medford, WI

United States

See map: Google Maps

Records Breached:

Unknown

A total of 55 current and former Weather Shield employees across the country discovered that someone had stolen their identities and filed fraudulent tax refunds. Several employees who were victims of identity theft in 2012 discovered that they had been affected again when filing their taxes in April of 2013. It is unclear how the 2012 or 2013 breaches occurred.

Source:

Media

DENT Neurologic Institute of Amherst

jessika d r — Sat, 18 May 2013 00:07:01 +0000

Location

Amherst, NY

United States

See map: Google Maps

Date Breach Made Public:

May 16, 2013

geo:

Amherst, NY

United States

See map: Google Maps

Records Breached:

10,200 (No SSNs or financial information exposed)

An administrative error led to the personal information of 10,200 patients being emailed to 200 patients. Names, addresses, date of last appointment, visit type, primary care physician, referring physician, email addresses, and whether or not the patient was actively receiving treatment were in an Excel attachment of an email that was sent to unspecified parties. The recipients were called and instructed to delete the email.

Source:

Media

OptiNose US Inc.

jessika d r — Thu, 16 May 2013 01:51:49 +0000

Location

Yardley, PA

United States

See map: Google Maps

Date Breach Made Public:

May 15, 2013

geo:

Yardley, PA

United States

See map: Google Maps

Records Breached:

Unknown

An unencrypted laptop was stolen from an employee's car. It may have contained names, Social Security numbers, and personal information related to people who worked at OptiNose.

Source:

Media

El Centro Regional Medical Center

jessika d r — Fri, 30 Nov 2012 22:25:14 +0000

Location

El Centro, CA

United States

32° 47' 31.2" N, 115° 33' 46.9836" W

See map: Google Maps

Date Breach Made Public:

May 15, 2013

geo:

El Centro, CA

United States

See map: Google Maps

Records Breached:

189,489

189489

El Centro Regional Medical Center is claiming that they were defrauded by an unnamed company. The company was responsible for digitizing El Centro Regional's x-rays, but never returned the digitized version. The process should have been completed by the end of July. The original x-rays were most likely taken and destroyed to extract silver.

UPDATE (05/18/2013): The information on the records was as recent as February 2011. El Centro Regional Medical Center learned of the issue on March 22, 2013. Patients were notified on May 13.

Source:

PHIPrivacy.net

Presbyterian Anesthesia Associates

jessika d r — Wed, 22 May 2013 00:51:37 +0000

Location

Charlotte, NC

United States

See map: Google Maps

Date Breach Made Public:

May 14, 2013

geo:

Charlotte, NC

United States

See map: Google Maps

Records Breached:

9,988

9988

A hacker took advantage of a security flaw in Presbyterian Anesthesia Associates' website and gained access to a database of patient information. Names, credit card numbers, dates of birth, and contact information may have been exposed.

Source:

Media

Regional Medical Center

jessika d r — Mon, 13 May 2013 01:06:30 +0000

Location

Memphis, TN

United States

See map: Google Maps

Date Breach Made Public:

May 11, 2013

geo:

Memphis, TN

United States

See map: Google Maps

Extra Info:

Those with questions may call 1-855-716-3627 for more information.

Records Breached:

1,200

1200

Some patients who were treated at an outpatient facility between May 1 of 2012 and January 31 of 2013 had their information attached to emails that went out to an unspecified organization or organizations. Three emails that were not secure were sent on October 29 and November 1 of 2012 and February 4, 2013. Patient names, Social Security numbers, account numbers, dates of birth, home phone numbers, and reasons for outpatient physical therapy services may have been exposed.

Source:

PHIPrivacy.net

Indiana University Health Arnett

jessika d r — Mon, 13 May 2013 00:40:43 +0000

Location

Lafayette, IN

United States

See map: Google Maps

Date Breach Made Public:

May 10, 2013

geo:

Lafayette, IN

United States

See map: Google Maps

Records Breached:

10,300 (No SSNs reported)

The theft of an employee's unencrypted laptop resulted in the exposure of patient information. The laptop was stolen from an employee's car on April 9 and contained email records. Patient names, medical record numbers, dates of birth, physician names, diagnoses, and dates of service may have been exposed.

Source:

Media

PHH Corporation

jessika d r — Thu, 16 May 2013 01:20:16 +0000

Location

Suwanee, GA

United States

See map: Google Maps

Date Breach Made Public:

May 10, 2013

geo:

Suwanee, GA

United States

See map: Google Maps

Records Breached:

6,700

6700

A former employee was indicted on charges related to misuse of applicant and employee personal information. Employee names, Social Security numbers, dates of birth, telephone numbers, email addresses, addresses, I-9 alien registration numbers, and other personal information may have been exposed. The issue was discovered on April 3.

Source:

California Attorney General

Coinbase

jessika d r — Sat, 18 May 2013 00:20:03 +0000

Location

San Francisco, CA

United States

See map: Google Maps

Date Breach Made Public:

May 10, 2013

geo:

San Francisco, CA

United States

See map: Google Maps

Records Breached:

Unknown

A flaw in Coinbase's systems cause the information of some merchants to be exposed. Any merchant who created a "buy now" button, donate button, or hosted a payment page using Coinbase's Merchant Tools and posted a public link to it online had the page publicly visible on the internet. The page contained the company name, website, phone number, email address, and mailing address. Additionally, anyone could search for public Coinbase merchant payment pages and collect the email addresses of merchants. At least one phishing attack targeted merchants with an email that appeared to come from Coinbase.

Source:

Media

Lutheran Social Services of South Central Pennsylvania

jessika d r — Sun, 12 May 2013 22:39:00 +0000

Location

York, PA

United States

See map: Google Maps

Date Breach Made Public:

May 9, 2013

geo:

York, PA

United States

See map: Google Maps

Records Breached:

7,300

7300

Lutheran Social Services became aware of a malware program that was on its software system. Resident names, Social Security numbers, dates of birth, Medicare numbers, medical diagnosis codes, payer names, and health insurance numbers may have been exposed. The breach was discovered in March and Lutheran Social Services had not involved investigators or police as of May 9.

Source:

Media

Administrative Office of the Courts - Washington

jessika d r — Sat, 11 May 2013 01:10:52 +0000

Location

Olympia, WA

United States

See map: Google Maps

Date Breach Made Public:

May 9, 2013

geo:

Olympia, WA

United States

See map: Google Maps

Extra Info:

The Administrative Office of the Courts provided a website for additional information: www.courts.wa.gov/databreach

Those with questions may call 1-800-448-5584

Records Breached:

1,000,000 (160,000 SSNs)

160000

A breach of the Administrative Office of the Courts' server resulted in the exposure of one million driver's license numbers between fall of 2012 and February of 2013. It was confirmed that at least 94 people had their Social Security numbers accessed. Up to 160,000 Social Security numbers could have been accessed.

In April the court was able to confirm that public records and confidential information were exposed. People who were booked in a city or county jail within the state of Washington between September 2011 and December 2012 may have had their name and Social Security number accessed. Anyone who received a DUI citation in Washington state between 1989 and 2011, had a superior court criminal case in Washington state that was filed against them or resolved between 2011 and 2012, or had a traffic case in Washington filed or resolved in a district or municipal court between 2011 and 2012 may have had their names and driver's license numbers exposed.

Source:

Media

Name.com

jessika d r — Sat, 11 May 2013 00:21:18 +0000

Location

Denver, CO

United States

See map: Google Maps

Date Breach Made Public:

May 8, 2013

geo:

Denver, CO

United States

See map: Google Maps

Records Breached:

Unknown

Hackers accessed Name.com servers and may have obtained usernames, email addresses, passwords, and credit card account information. Customer passwords and credit card information were encrypted. Customers were notified of the breach and received an email asking them to reset their passwords.

Source:

Media

Linode.com

jessika d r — Sat, 11 May 2013 00:33:53 +0000

Location

Galloway, NJ

United States

See map: Google Maps

Date Breach Made Public:

May 8, 2013

geo:

Galloway, NJ

United States

See map: Google Maps

Extra Info:

This notice appeared on Linode's website on April 16, 2013: https://blog.linode.com/2013/04/16/security-incident-update/

Those with questions may email support@linode.com.

Records Breached:

Unknown

Hackers exploited an Adobe vulnerability and used it to access Linode Manager web servers. One of Linode's web servers, parts of their source code, and their database were accessed. No other components of the Linode infrastructure were accessed by the hackers. Encrypted customer credit card numbers and passwords were obtained. The group HTP claimed responsibility for the hack.

Source:

Media

Department of Family and Support Services (DFSS)

jessika d r — Sat, 11 May 2013 00:45:26 +0000

Location

Chicago, IL

United States

See map: Google Maps

Date Breach Made Public:

May 8, 2013

geo:

Chicago, IL

United States

See map: Google Maps

Records Breached:

Unknown

Nearly $41,000 in computer equipment was reported stolen from the Department of Family Support Services on May 7. The Division on Domestic Violence and a satellite senior center share the building where the theft occurred. The types of information that may have been on the device or devices were not reported.

Source:

PHIPrivacy.net