Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: Current

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources
  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features
  • Get our RSS Feed to see when we add new breaches to the list
  • Scroll down to view the Chronology and/or to use our sort feature
  • Download a CSV file showing ALL breaches (A CSV file is a type of Excel spreadsheet that enables you to sort and analyze the breach listings in numerous ways)

If you have questions or need help with our Chronology of Data Breaches, please email admin@privacyrights.org


Click or unclick the boxes then select go.


Select features then click GO. To modify your search, check or uncheck the boxes and click GO.


Reset the checkboxes to the default "all selected."

Help Guide

display_id:page_1

display_id:page_1

Breach Total
898,584,384 RECORDS BREACHED
(Please see explanation about this total.)
from 4,825 DATA BREACHES made public since 2005
Date Made Publicsort ascending Name Entity Type
April 26, 2016 Lucky Pet
Seattle, Washington
BSO HACK

Unknown

Lucky Pet notified customers of a data breach when an unauthorized individual (s) accessed the company's third party shopping cart software compromising customers personal information.

The information compromised consisted of names, addresses, and credit card information including expiration dates and security codes.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-61371

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 26, 2016 Advanced International Marketing Inc.
Middletown, Ohio
BSO HACK

Unknown

Advanced International Marketing Inc. notified customers of a data breach when an unauthorized party gained access to certain images that were uploaded to the company's website.

The information compromised included names and state ID's.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-61377

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 22, 2016 Berkeley Public Schools
Berkeley, California
EDU DISC

Unknown

The Bay Area News Group, a publisher of multiple Bay Area newspapers, requested information on public employee salaries of the school district. The school district complied with the request, however the employee who transmitted this information to the news group inadvertently put Social Security numbers of the employees as part of the information.

The school district is offering one year free subscription to an identity protection program provide by Identity Fraud Inc.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-61243

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 21, 2016 Voya Financial Advisor's Inc.
New York, New York
BSF HACK

Unknown

Voya Financial Advisors notified customers of a data breach when they discovered unauthorized access to the company's systems, including client records.

The information compromised included names, addresses, dates of birth, last four digits of Social Security numbers, driver's license number, passport number and other government issued ID's, telephone numbers, email addresses, account numbers and account balances.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-61193

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 13, 2016 Academy of Art University
San Francisco, California
BSO HACK

Unknown

Academy of Art University suffered a data breach when hackers posing as an executive at the university asked for employee W2 information.

The information compromised included names, residential addresses and Social Security numbers.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60936

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 11, 2016 Bristol Farms
Carson, California
BSO HACK

Unknown

Bristol Farms notified current and former employees of a data breach when someone posing as a company executive requested certain information.

The information compromised included first and last names, addresses, Social Security numbers, and 2015 compensation and deduction information.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60914

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 11, 2016 Staminus Communications Inc.
Newport Beach, California
BSO HACK

Unknown

"On March 10, 2016 Staminus Communications was the victim of an unauthorized intrusion into its network."

The information compromised included names, credit card numbers, as well as usernames, passwords, and contact information.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60912

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 11, 2016 Schwaab Inc.
Brookfield , Wisconsin
BSO HACK

Unknown

Schwaab, Inc. notified customers of a data breach when DiscountRubberStamps.com (a Schwaab owned company) discovered unauthorized access in their computer system from January 22, 2014 through February 8, 2016.

The information compromised may have included credit card information. For questions call 1-844-608-3819 or customers@discountrubberstamps.com

 

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60906

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 11, 2016 FDIC
Washington , District Of Columbia
GOV DISC

44,000. They have not released the specific information compromised

The FDIC announced a data breach that affected 44,000 customers when an employee who was leaving inadvertently downloaded sensitive information onto a portable hard drive device unknowingly.

The FDIC has not provided the specific information that was compromised but did state that the employee had authority to access personal information  “for bank resolution and receivership purposes.”

More Information: https://www.washingtonpost.com/news/powerpost/wp/2016/04/11/inadvertent-...

 
Information Source:
Media
records from this breach used in our total: 0
April 8, 2016 OptumRx
Eden Prairie, Minnesota
MED PORT

Unknown

OptumRx notified individuals of a data breach when a third party vendor that provides home delivery of prescription services had a laptop computer stolen from an employee vehicle. The laptop contained personal information of OptumRx customers.

The information on the laptop included names, addresses, health plan name, prescription drug information and prescribing provider information.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60898

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 7, 2016 Trump Hotels
New York, New York
BSO HACK

Unknown

Trump Hotel has suffered a second data breach this year. The hotel chain is investigating a pattern of fraud with customer credit cards.

"The Trump Hotel Collection includes more than a dozen properties globally. Sources said they noticed a pattern of fraud on cards that were all used at multiple Trump hotel locations in the past two to three months, including at Trump International Hotel New York, Trump Hotel Waikiki in Honolulu, and the Trump International Hotel & Tower in Toronto."

More Information: http://krebsonsecurity.com/2016/04/sources-trump-hotels-breached-again/#...

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
April 6, 2016 Whiting Turner Contracting
Baltimore, Maryland
BSF HACK

Unknown

Whiting-Turner notified customers of a data breach when a thirs party vendor that they use had a data breach. "Whiting-Turner uses an outside vendor to provide tax filing and information services, including preparation of our employees' W-2 and 1095 tax forms. On March 8, 2016, this vendor notified us they had detected suspicious activity on their systems. We also received reports around that time from some of our employees regarding fraudulent tax filings in their names."

The information compromised included names, dates of birth, and Social Security number of any minor dependent.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60875

 
Information Source:
California Attorney General
records from this breach used in our total: 0
April 5, 2016 Katherman Kitts & Company
Irvine, California
BSF PORT

Unknown

Kathermine Kitss & Co. LLP notified customers of a data breach when hard drives containing backup files for one of the firm's servers was stolen from one of the partner's cars.

There was personal information contained on that drive that included names, addresses, dates of birth, Social Security number, and other information contained in your tax return.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60867

 
Information Source:
California Attorney General
records from this breach used in our total: 0
March 30, 2016 Pivotal Software Inc.
Palo Alto, California
BSO HACK

Unknown

Pivotal Software notified individuals of a databreach when they were a victim of a phishing scam. "On March 22, 2016 a third party sent a fraudulent email message impersonating CEO Rob Mee to an employee requesting certain information about Pivotal employees. The employee responded to the request, mistakenly believing that it came from Mr. Mee."

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60798

 
Information Source:
California Attorney General
records from this breach used in our total: 0
March 28, 2016 Ullrich Delevati
Woodland, California
BSF HACK

Unknown

Ullrich Delevati CPA's notified customers of a data breach when their system was compromised exposing names, addresses, dates of birth, Social Security numbers, and bank account numbers.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60748

 
Information Source:
California Attorney General
records from this breach used in our total: 0
March 28, 2016 Sprouts Farmers Market
Phoenix, Arizona
BSO HACK

Unknown

Sprouts Farmers Market notified employees of a databreach when a phishing attack resulted in disclosure of employee W-2 information.

The information compromised included names, addresses, Social Security numbers, wages, and withheld taxes for 2015 in the state in which individuals pay income taxes.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60739

 
Information Source:
California Attorney General
records from this breach used in our total: 0
March 25, 2016 AspiraNet
Bakersfield, California
NGO HACK

Unknown

AspiraNet notified individuals of a databreach when a spoofing email went out on March 21, 2016. The spoofing email that resulted in W-2 information being disclosed.

The information compromised included names, residential addresses, and Social Security numbers.

The company is providing ProtectMyID Elite for free for two years.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60715

 
Information Source:
California Attorney General
records from this breach used in our total: 0
March 24, 2016 Verizon Enterprise Solutions
New York, New York
BSO HACK

Unknown

Verizon Enterprise Solutions has suffered a data breach of their customer data.

"Earlier this week, a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise.

The seller priced the entire package at $100,000, but also offered to sell it off in chunks of 100,000 records for $10,000 apiece. Buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s Web site."

Verizon communicated to KrebsOnSecurity that "the company recently identified a security flaw in its site that permitted hackers to steal customer contact information, and that it is in the process of alerting affected customers."

More Information: http://krebsonsecurity.com/2016/03/crooks-steal-sell-verizon-enterprise-...

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
March 23, 2016 Lamps Plus
Chatsworth, California
BSR HACK

Unknown

Lamps Plus notified employees of a data breach when a phishing email sent to an employee that posed as an executive of the company asking for employee W-2 information.

The information compromised included names, Social Security numbers, addresses and unfortunately this compromised information was used to file fraudulent tax returns.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60670

UPDATE (4/4/2016): "Lamps Plus is facing a proposed class action lawsuit over allegations that the company failed to provide adequate security measures to prevent a recent massive data hack into the company’s payroll system, putting more than 1,300 employees’ sensitive information at risk."

Information regarding the lawsuit is as follows: "The Lamps Plus Employee Data Breach Class Action Lawsuit is Frank Varela, et al. v. Lamps Plus Inc., et al., Case No. 5:16-cv-00577, in the U.S. District Court for the Central District of California, Eastern Division – Riverside."

More Information: http://topclassactions.com/lawsuit-settlements/lawsuit-news/331892-lamps...

 
Information Source:
California Attorney General
records from this breach used in our total: 0
March 21, 2016 LAZ Parking
Hartford, Connecticut
BSO HACK

Unknown

LAZ Parking notified employees of a data breach when an email phishing scam was sent to an employee appearing as though it was from a LAZ Parking executive asking for employees' 2015 W2 information.

The information compromised included first and last names, home addresses, Social Security numbers, and 2015 compensation data.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60586

 
Information Source:
California Attorney General
records from this breach used in our total: 0
March 16, 2016 Advanced Auto Parts
Roanoke, Virginia
BSR HACK

Unknown

Advance Auto Parts notified individuals of a data breach when the company suffered a phishing attack when an unauthorized individual posed as an employee, and convinced an employee of the company to provide a file containing information about certain individuals working for the company.

The information compromised included names, Social Security numbers, 2015 gross wages, and the state(s) the individual pays income taxes.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60518

 
Information Source:
California Attorney General
records from this breach used in our total: 0
March 16, 2016 PerkinElmer, Inc.
Waltham, Massachusetts
BSO HACK

Unknown

PerkinElmer, Inc notified employees of a data breach when a PerkinsElmer employee was a victim of a phishing scam and was sent an email that appeared to be from another PerkinsElmer employee requesting information on other employees.

The information compromised included names, dates of birth, home addresses, Social Security numbers, salary information, titles and specific employee information.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60521

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0
March 15, 2016 Laborers Funds Administrative Office of Northern California, Inc.
Fairfield, California
BSO DISC

Unknown

The Laborers Health and Welfare Fund of Northern California notified member of a databreach when a computer error caused personal information of members and member's family to be sent to another fund member.

The information compromised included full names, Social Security numbers, and health plan coverage. The same information was compromised for dependents as well.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60488

 
Information Source:
California Attorney General
records from this breach used in our total: 0
March 14, 2016 Mitchell International, Inc.
San Diego, California
BSO HACK

Unknown

Mitchell International, Inc. notified individuals of a data breach when an individual impersonated an executive with the company and convinced an employee to provide certain information on current and former employees.

The information compromised included first and last names, Social Security numbers, and salary information.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60473

 
Information Source:
California Attorney General
records from this breach used in our total: 0
March 11, 2016 Sequoia Union High School
Redwood City, California
BSO HACK

Unknown

Sequoia Union High School District (SUHSD) notified employees and retiree personal information of a data breach when a phishing incident when a third party accessed an office computer that contained personal information of employees and retirees.

The information compromised included names and Social Security numbers.

The school district is providing a free membership for one year through ProtectMyID. For these questions they can call 1-844-754-5532 Monday through Friday 6:00 a.m to 6:00 p.m Pacific Time.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60445

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0
March 11, 2016 Staminus Communications Inc.
Newport Beach, California
BSO HACK

Unknown

Staminus Communications Inc. has notified individuals of a data breach when their network was hacked and their site went down. Customer credentials, support tickets, credit card numbers and other sensitive data showed up on online download links.

More information: http://krebsonsecurity.com/2016/03/hackers-target-anti-ddos-firm-staminus/

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
March 8, 2016 1-800-Flowers
Carle Place, New York
BSO HACK

Unknown

1-800-Flowers customer service received reports on February 15, 2016 from customers that they couldn't complete their online orders. The company investigated and discovered from February 15th, 2016 through February 17th, 2016 orders that were placed may have been compromised customer personal information.

Information compromised may have included names, addresses, email addresses, payment card numbers, expirations dates and security codes.

For those that were affected can call 888-687-9294 from 9 a.m to 7 p.m EST.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60377

 
Information Source:
records from this breach used in our total: 0
March 8, 2016 Billy Casper Golf
Reston, Virginia
BSO HACK

Unknown

Billy Casper Golf has notified customers of a data breach when they were a target of email spoofing attack. Hackers were able to obtain information from individuals W-2 information. The spoofing email appeared as if it was coming from the CEO asking for all 2015 employee W2 information.

For those with questions call 877-213-5100 Monday through Friday from 9:00 a.m. to 7 p.m. EST and provide reference number 9416022816.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60368

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0
March 7, 2016 Turner Construction
San Diego, California
BSO DISC

Unknown

Turner Construction notified individuals of a data breach when certain personal information was disclosed in an email to an unauthorized party.

The information included names, Social Security number, name of each state in which wages or taxes are reported, federal, state, local and Medicare earnings and tax withholding data.

The company is providing identity monitoring services through Kroll. For those affected call 1-877-451-9366.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60340

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 0
March 6, 2016 Seagate
Scottsvalley, California
BSO HACK

Minimum 2,000 up to less then 10,000

Seagate notified current and former employees of a data breach, when an employee feel for a phishing attack that exposed W2 information of employees.

"Email scam artists last week tricked an employee at data storage giant Seagate Technology into giving away W-2 tax documents on all current and past employees, KrebsOnSecurity has learned. W-2 forms contain employee Social Security numbers, salaries and other personal data, and are highly prized by thieves involved in filing phony tax refund requests with the Internal Revenue Service (IRS) and the states."

The information compromised includes all information found on a W2 form, which includes Social Security numbers.

The company is not saying exactly how many individuals were affected at this time, only that “It’s accurate to say several thousand. But less 10,000 by a good amount.”

More information: https://krebsonsecurity.com/2016/03/seagate-phish-exposes-all-employee-w...

 
Information Source:
Krebs On Security
records from this breach used in our total: 2,000
March 4, 2016 Rosen Hotels & Resorts
Orlando, Florida
BSO HACK

Unknown

Rosen Hotels have notified customers of a data breach when unauthorized charges occurred on payment cards after guests used their payments during their stay. The hotel discovered that an unauthorized malware was installed on their payment card network.

The information compromised included card numbers, expiration dates, and internal verification codes. Cards used from September 2, 2014 and February 18, 2016.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60301

 
Information Source:
California Attorney General
records from this breach used in our total: 0
March 4, 2016 21st Century Oncology
Fort Meyers, Florida
MED HACK

2.2 million records across all 50 states.

21st Oncology notified individuals of a data breach of patient information via unauthorized access to their database.

The information compromised included names, Social Security numbers, physician's name, diagnosis and treatment information, and insurance information.

The company is offering Experian's Protect My ID to those who were affected.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60307

UPDATE (3/24/2016): 3 class action lawsuits have been filed against 21st Century Oncology over a major data breach of patient data. "Patients affected by a recent computer data breach at 21st Century Oncology have filed federal class-action lawsuits, claiming the Fort Myers-based cancer-care provider failed to adequately protect sensitive medical and personal information."

More Information: http://www.news-press.com/story/news/2016/03/23/21st-century-breach-prom...

 
Information Source:
California Attorney General
records from this breach used in our total: 2,200,000
March 4, 2016 Snapchat
Venice, California
BSO HACK

Unknown

Snapchat has notified current and former employes of a phishing scam that targeted their payroll department that compromised employee information.

The information compromised included names, Snapchate employee ID, Social Security numbers, state of residence and work, 2015 wages earned, including stock-option gains, costs of company paid benefits for life and health insurance, relocation reimbursements, employee contricutions to retirement, dependent care, and healthcare plans, additional required payments and taxes withheld.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60310

 
Information Source:
California Attorney General
records from this breach used in our total: 0
March 1, 2016 Central Concrete Supply Company
San Jose, California
BSO HACK

Unknown

 

Central Concrete Supply Company notified employees of a data breach when they discovered a third party gained access to copies of employees W2 information along with tax withholding statements that contained personal information of the employees.

The information compromised included employer name, employee names, addresses, phone numbers, tax identification numbers, social security numbers, and income information.

The company has retained Kroll to provide identity theft protection for one year for free.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60270

 
Information Source:
California Attorney General
records from this breach used in our total: 0
February 26, 2016 Bailey's Inc.
Woodland , California
BSO HACK

15000 credit/debit cards

Bailey's Inc. have notified  customers of a data breach when an unauthorized party access their website server, obtaining credit card information of customers who puchased items from the company's online store.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-59802

 
Information Source:
California Attorney General
records from this breach used in our total: 15,000
February 18, 2016 Hollywood Presbyterian Hospital
New York, New York
BSO HACK

Unknown

Hollywood Presbyterian Hospital paid $17,000 in bitcoin in order to retrieve records they held for ransom against the hospital. The hackers installed a malicious ransomware on their server to hold patient records hostage so the hospital staff could not access any record.

More information: http://www.csmonitor.com/USA/Justice/2016/0218/Why-California-hospital-p...

 
Information Source:
Media
records from this breach used in our total: 0
February 12, 2016 Magnolia Health Corporation
Tulare, California
MED HACK

Unknown

Magnolia Health Corporation has notified individuals of a data breach when someone impersonating the CEO in an email, obtained personal information for all active employees of the health center. Magnolia Health Corporation and each of their facilities managed including Twin Oaks Assisted Living, Inc., Twin Oaks Rehabilitation And Nursing Center, Inc., Porterville Convalescent, Inc., Kaweah Manor, Inc., Merritt Manor Inc.

The personal information compromised included employee numbers, names, addresses, city, state, zip code, sex, dates of birth, Social Security numbers, hire dates, seniority dates, salary/hourly, salary/rates, departments, job titles, last dates paid, and names of facility.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60061

 
Information Source:
California Attorney General
records from this breach used in our total: 0
February 10, 2016 Internal Revenue Service
Washington , District Of Columbia
GOV HACK

101,000

"The IRS revealed on Tuesday that it discovered and stopped an automated cyberattack on its e-filing personal identification number (PIN) system last month. According to the IRS, the cybercriminals used information stolen “elsewhere outside the IRS” to generate e-file PINs for stolen Social Security numbers (SSNs). E-file PINs are used by some taxpayers to electronically file their tax returns.

Although no personal taxpayer data were compromised or disclosed by the breach, the IRS noted that the cybercriminals succeeded in using 101,000 SSNs to access e-file PINs (out of 464,000 attempts)."

The IRS is notifying individuals and placing markers on their tax accounts to try and catch any fraudulent tax returns being filed.

More information: http://www.journalofaccountancy.com/news/2016/feb/irs-data-breach-expose...

 
Information Source:
Media
records from this breach used in our total: 101,000
February 9, 2016 Washington State Health Authority (HCA)
, Washington
GOV INSD

91,000

"The Washington State Health Authority (HCA) said Tuesday that an employee mishandled the Social Security numbers, dates of birth, Apple Health client ID numbers and private health information of 91,000 Apple Health (Medicaid) clients."

The employees involved worked at two different state agencies and they exchanged files of clients which violates HIPAA. They are not clear if any of the files were disseminated beyond the two employees who exchanged the files.

More information: http://www.king5.com/story/news/health/2016/02/09/state-data-breach-impa...

 
Information Source:
Media
records from this breach used in our total: 91,000
February 8, 2016 BajaBound.com (Mexican Insurance Services)
Baja, California
BSF HACK

Unknown

Bajabound.com notified customers of a data breach when they discovered an agent's email account was compromised through a phishing attack. The company investigated the incident and the phishing was meant to collect email addresses.

The information that was compromised included names, addresses, dates of birth, driver's license numbers, and credit card numbers.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60000

 
Information Source:
California Attorney General
records from this breach used in our total: 0
February 5, 2016 Gyft
Mountain View, California
BSR HACK

Unknown

Gyft notified customers of a data breach when they discovered unauthorized access to two cloud providers used by the company contained personal information of customers.

The information compromised included names, addresses, dates of birth, phone numbers, email addresses, and gift card numbers. Gift cards may have been used to make purchases on their site. The dates of the breach were March 19, 2015 and December 4, 2015.

For additional information on the breach go to www.myidcare.com/gyft.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-59990

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0
February 4, 2016 University of Central Florida
Orlando, Florida
EDU HACK

63,000

The University of Central Florida notified current and former students of a data breach when they discovered unauthorized access into the university system.

The information compromised included financial records, medical records, grades and Social Security numbers.

"We have established a call center that you can contact at 877-752-5527 between 9 a.m. and 9 p.m. EST Monday through Friday if you have questions about this incident."

The university will be providing one year free of credit monitoring to those who were affected

More information: http://www.ucf.edu/datasecurity/

 
Information Source:
Security Breach Letter
records from this breach used in our total: 63,000
February 2, 2016 Grx Holdings LLC dba Medicap Pharmacy
West Des Moines, Iowa
MED PHYS

2300

Grx Holdings, LLC dba Medicap Pharmacy notified Health and Human Services of a data breach when they suffered a loss of information. There are no specifics as to what kind of loss it was or what type of information was compromised.

More information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
February 2, 2016 Hawaii Medical Service Association (HMSA)
Honolulu, Hawaii
MED DISC

10,800

HMSA notified 10,800 members of a data breach when letters communicating care management went to the wrong addresses.

The information compromised included patient names, management of certain health conditions and steps individuals could take to identify or treat an ailment.

"Members are encouraged to visit hmsa.com/media-center to see copies of the letters. Members who have questions about this mailing can visit an HMSA Center or office. They can also call (808) 948-6404 on Oahu and 1 (800) 459-3963 toll-free on the Neighbor Islands or the Mainland, from 8 a.m.- 5 p.m. Hawaii Time, Monday to Friday."

More information: https://hmsa.com/media-center/2015/12/letter-error/

 
Information Source:
Databreaches.net
records from this breach used in our total: 0
February 1, 2016 IATSE Local 134
San Jose, California
BSO HACK

Unknown

IA 134 notified individuals of a data breach when a laptop that belonged to the organization was connected to a network at Levi's Stadium was hacked compromising personal information.

Individual Social Security numbers may have been compromised.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-59899

 
Information Source:
California Attorney General
records from this breach used in our total: 0
February 1, 2016 Neiman Marcus
Dallas, Texas
BSO HACK

5,200

Neiman Marcus has notified individuals of a data breach when the company discovered unauthorized access to online accounts on or around December 26, 2015.

The information compromised included usernames, passwords, names, mailing addresses, phone numbers, last four digits of payment card along with purchase histories.

"The firm suspects the attacker obtained the login credentials from large breaches at other companies where login names and passwords were stolen in order to gain unauthorized access to other accounts where victims might use the same credentials. Rawlinson said, customers will be required to reset their passwords on all NMG websites the next time they log into their accounts."

More information: http://www.scmagazine.com/attacker-accesses-5200-neiman-marcus-group-cus...

 
Information Source:
Media
records from this breach used in our total: 0
February 1, 2016 Tax Slayer
Evans, Georgia
BSF HACK

8,800

Tax Slayer is notifying customers of a data breach that may have affected their 2014 tax return information. The company is stating that an unauthorized party accessed the information through a third party vendor. The company is not stating who the vendor is.

The information compromised included names, addresses, Social Security numbers, Social Security numbers of independents and other data contained in a tax return.

"The company is making $1 million worth of identity theft insurance available to those affected for one year along with credit monitoring for the same period. The company is recommending that these individuals change not only their TaxSlayer user names and passwords, but also those on any other accounts on which they are used."

More information: http://www.scmagazine.com/taxslayer-breached-8800-customers-notified-pii...

 
Information Source:
Media
records from this breach used in our total: 8,800
January 29, 2016 Crown Point Health Center
Crown Point, Indiana
MED PHYS

1,854

Crown Point Health Center notified Health and Human Services of a data breach when the company improperly disposed of paper health files. The specific information compromised was not communicated.

More information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
January 27, 2016 Wendy's
Dublin, Ohio
BSO HACK

Unknown

Wendy's, the fast food chain retailer, is investigating reports regarding a potential breach of their credit card systems in their restaurants. The company has hired a security expert to investigate the incidences.

The company received reports from their payment industry contacts alerting them of unusual activity and fraudulent charges after credit/debit cards were used at their locations for legitimate purchases.

A spokesperson for the restaurant chained stated, "We began investigating immediately, and the period of time we’re looking at the incidents is late last year,” he said. “We know it’s [affecting] some restaurants but it’s not appropriate just yet to speculate on anything in terms of scope.”

KrebsOnSecurity heard from banking industry sources stating a possible breach and the reports were coming mostly from financial institutions in the midwest. Krebs has also heard "similar reports from banks on the east coast".

"The Wendy’s system includes approximately 6,500 franchise and company-operated restaurants in the United States and 28 countries and U.S. territories worldwide. Bertini said most of the U.S.-operated stores are franchises."

More information: http://krebsonsecurity.com/2016/01/wendys-probes-reports-of-credit-card-...

UPDATE (3/2/3026): The Wendy's credit/debit card breach appears to be much worse then originally thought, according to credit unions.

"This is what we’ve heard from three different credit union CEOs in Ohio now: It’s more concentrated and the amounts hitting compromised debit accounts is much higher that what they were hit with after Home Depot or Target,” Berger said. “It seems to have been been [the work of] a sophisticated group, in terms of the timing and the accounts they targeted. They were targeting and draining debit accounts with lots of money in them.”

More information: https://krebsonsecurity.com/2016/03/credit-unions-feeling-pinch-in-wendy...

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
January 26, 2016 County of San Diego
San Diego, California
GOV DISC

Unknown

The County of San Diego Human Resources Department notified employees of a data breach when information involving employees Wells Fargo Health Savings Accounts. The County stated,  "data regarding County employees who elected to set up HSAs was sent to Wells Fargo.

The information compromised includes names, addresses, Social Security Number, birthdate, employee ID, primary email, work phone number, personal phone number.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-59801

 
Information Source:
California Attorney General
records from this breach used in our total: 0
Breach Total
898,584,384 RECORDS BREACHED
(Please see explanation about this total.)
from 4,825 DATA BREACHES made public since 2005

Pages

Showing 1-50 of 4825 results