Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: Current

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources
  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features
  • Get our RSS Feed to see when we add new breaches to the list
  • Scroll down to view the Chronology and/or to use our sort feature
  • Download a CSV file showing ALL breaches (A CSV file is a type of Excel spreadsheet that enables you to sort and analyze the breach listings in numerous ways)

If you have questions or need help with our Chronology of Data Breaches, please email admin@privacyrights.org


Click or unclick the boxes then select go.


Select features then click GO. To modify your search, check or uncheck the boxes and click GO.


Reset the checkboxes to the default "all selected."

Help Guide

display_id:page_1

display_id:page_1

Breach Total
900,833,392 RECORDS BREACHED
(Please see explanation about this total.)
from 5,061 DATA BREACHES made public since 2005
Date Made Publicsort ascending Name Entity Type
August 23, 2016 Epic Games Forums
Cary, North Carolina
BSO HACK

808,000

"Epic Games has temporarily shut down some of its user forums for maintenance after data on about 808,000 accounts was stolen, marking the second data breach of the game maker in 13 months.
The compromise involved several forums maintained by Epic Games, based in Cary, N.C., that center on games and developer tools.

The most affected forums are Infinity Blade, UDK, Gears of War archives and those for previous Unreal Tournament games. Email addresses, hashed and salted passwords and data entered into forums were leaked."

More Information: http://www.bankinfosecurity.com/epic-games-forums-breached-again-a-9355

 
Information Source:
Media
records from this breach used in our total: 0
August 19, 2016 Eddie Bauer
Bellevue, Washington
BSO HACK

Unknown

"The outdoor clothing and accessories retailer Eddie Bauer is the latest victim of point-of-sale malware to admit that its customers’ card details may have been stolen.

Just days after hotel operator HEI said 20 of its hotels had been infected, Eddie Bauer said its 350-or-so stores in the U.S. and Canada had also been the victim of a malware attack.

Cleaning up the mess won’t be cheap—Eddie Bauer said Thursday that it had arranged for all customers who made purchases and returns during this period to get free identity protection services from Kroll for the next year."

More Information: http://fortune.com/2016/08/19/eddie-bauer-data-breach/

 
Information Source:
Media
records from this breach used in our total: 0
August 15, 2016 HEI Hotels & Resorts
Norwalk, Connecticut
BSO HACK

Unknown

"A hotel operator responsible for several high-profile hotels across the U.S. says it discovered a breach of its payment processing systems that may impact hotels in several states and The District of Columbia.

In a statement Monday, HEI Hotels & Resorts says 20 hotels representing brands including Marriott, Starwood, Sheraton and Westin were impacted. HEI says they are working with law enforcement and financial institutions to address the breach. An outside forensic expert was also tapped to investigate the breach.

"We are pleased to report that the incident has now been contained and individuals can safely use payment cards at our properties," reads a statement from HEI.

According to HEI, "unauthorized individuals" installed malware on its payment processing systems at these properties that can capture payment card information at the point of purchase."

List of hotels affected: http://www.heihotels.com/list-of-properties

More Information: www.usatoday.com/story/tech/news/2016/08/15/major-hotel-operator-hit-dat...

UPDATE (8/19/2016): "All in all, 12 Starwood properties, 6 Marriott Properties and a single Hyatt hotel have been found to have been snagged in the breach. According to available data, the breach was active March 1, 2015 to June 21, 2016, with 14 of the hotels affected after Dec. 2, 2015, HEI said on its website on Friday.  IHG and Marriott have no comment on the breach at this point. According to HEI – customer names, account numbers, payment card expiration dates and verification codes are all likely to have been stolen.

Affected properties include: Starwood’s Westin hotels in Minneapolis; Pasadena, California; Philadelphia; Snowmass, Colorado; Washington, D.C.; and Fort Lauderdale, Florida. Also affected were Starwood properties in Arlington, Virginia; Manchester Village, Vermont; San Francisco; Miami; and Nashville, Tennessee.

The Marriott properties affected were in Boca Raton, Florida; Dallas-Fort Worth, Texas; Chicago; San Diego, California; and Minneapolis."
 
Information Source:
Media
records from this breach used in our total: 0
August 14, 2016 John E. Gonzalez DDS
Los Angeles, California
MED PORT

Unknown

"On the late afternoon of Monday July 25, 2016, my car window was broken out and my briefcase was stolen.  In that breifcase was an external hard drive containing two different types of data.  First, all office patient records were backed up on the drive, including social security numbers, driver's license numbers, phone numbers, date of birth, physical and email addresses and health insurance information.  NO passwords or user names appear in these records. No complete credit card information or bank account information was stored on this drive (only the last four digist of the most recend card used is stored)."

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-63351

 
Information Source:
California Attorney General
records from this breach used in our total: 0
August 12, 2016 PAX Labs, Inc.
San Francisco, California
BSO HACK

6,000

"On July 15, 2016, we discovered that an unauthorized party had gained access to one of our cloud-based website servers and installed unauthorized software.  PAX removed this software on July 15, 2016. Subsequently, an unauthorized party added similar software on July 22, 2016, which PAX removed that same day.   Our investigation revealed that the
unauthorized party accessed personal payment card information of approximately 6,000 customers who had made purchases from either www.JUULvapor.com or www.PAXvapor.com between June 25, 2016, and July 22, 2016."

The information compromised included payment card data including names, shipping and billing addresses, credit/debit card numbers, expiration dates, and security codes.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-63327

 

 
Information Source:
California Attorney General
records from this breach used in our total: 6,000
August 12, 2016 Bon Secours Health System
Richmond , Virginia
MED DISC

655,000

"Approximately 655,000 patients of the Bon Secours Health System are being notified that their informaiton may have been compromised during an incident with a contractor in April.

According to a release, R-C Healthcare Management, a company doing work for Bon Secours, inadvertently left files containing patient information accessible on the internet while attempting to adjust their network settings from April 18th to April 21st."

The information compromised included patient names, health insurer's name, health insurance identification number, social security number and limited clinical information.

More Information: http://wtkr.com/2016/08/12/655000-bon-secours-patients-exposed-to-data-b...

 
Information Source:
Media
records from this breach used in our total: 655,000
August 12, 2016 Valley Anesthesiology & Pain Consultants
Phoenix, Arizona
MED HACK

Unknown

"On June 13, 2016, we learned that a third party may have gained unauthorized access to the VAPC computer systems on March 30, 2016. Upon learning of the situation, we immediately began an investigation, including hiring a leading forensics firm to assist us, and notifying law enforcement.  The forensics firm found no evidenc that the information on the computer systems was accessed, but was unable to definitively rul that out.  The computer systems may ontain some of your information, such as your name, providers' names, date of service, place treatment, diagnosis and treatment codes, and your Medicare number, which may include your social security number.  Your financial information was not included in these computer systems."

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-63349

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0
August 11, 2016 Prosthetic & Orthotic Care, Inc.
St. Louis, Missouri
MED HACK

23,015

"Prosthetic and Orthotic Care (POC), an independent prosthetics and orthotics company serving disabled individuals in Southern Illinois and Eastern Missouri, has discovered that an unauthorized individual has stolen the protected health information of 23,015 patients.

The cyberattack occurred in June 2016, although POC only became aware of the hacking incident on July 10. The hacker gained access to patient data by exploiting security flaw in a third party software system that had been purchased by POC. The attack was conducted by a hacker operating under the name – TheDarkOverlord – who was also responsible for the cyberattacks on Athens Orthopedic Clinic and Midwest Orthopedics Group, in addition to a hack of as of yet unnamed health insurer. In total, the records of over 9.5 million patients are understood to have been obtained by the hacker.

According to a breach notice issued by POC, the stolen data include names, addresses and other contact information, internal ID numbers, billing amounts, appointment dates, and diagnostic codes. Some patients also had their Social Security number, date of birth, procedure photographs, health insurer’s names, and other identification information stolen."

The "breach total number" was included in the posting of the third party software vendor who was hacked and affected many medical clinics, practices and facilities.

More Information: http://www.hipaajournal.com/hacker-steals-phi-23000-patients-prosthetic-...

 
Information Source:
Media
records from this breach used in our total: 0
August 10, 2016 NLU Products, LLC
Lehi, Utah
BSO HACK

Unknown

"We recently discovered that we have been the victim of a data security incident that began in April 2015, during which personal, private and unencrypted credit/debit card information may have been exposed to an outside party and compromised.

We are reporting the incident to to the appropriate state agencies and federal authorities for investigation. Our notification has not been delayed as a result of any law enforcement investigation."

The information compromised included names, shipping addresses, billing addresses, credit card security codes, credit/debit card numbers.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-63305

 
Information Source:
California Attorney General
records from this breach used in our total: 0
August 10, 2016 Autism Home Support Services
Northbrook, Illinois
MED DISC

533

As reported by Health and Human Services unauthorized access/disclosure/email. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
August 9, 2016 Professional Dermatology Care, P.C.
Reston, Virginia
MED HACK

13,237

As reported by Health and Human Services unauthorized hacking/IT incident. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
August 9, 2016 Brian D. Halevie-Goldman, M.D.
Walnut Creek, California
MED PORT

2,000 (per Department of Health and Human Services)

"On July 19, 2016 two laptop computers belonging to the medical offices of Dr. Brian Halevie-Goldman were stolen. The laptops were password protected, secured in a carrying case and locked inside a vehicle when the theft occurred.  It is not known whether the information contained on the laptops was or will be accessed by the thief.  It is possible that the laptops themsleves and not the information they contained were the target of the thief."

The information compromised included names, birthdate and patient charts.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-63286

 
Information Source:
California Attorney General
records from this breach used in our total: 0
August 8, 2016 7-Eleven, Inc.
Dallas, Texas
BSO DISC

7,820

"On behalf of the 7-Eleven franchisees, 7-Eleven maintains a database of records for each franchise location that contains information on all franchisee employees for that location.  Only the records in the database for the employees of a particular franchisee ("Employing Franchisee") are sent to the local store and are available for access by the Employing Franchisee. 7-Eleven discovered in June 2016 that as a part of the update process, in addition to the normal set of employee records sent for each Employing Franchisee, some additional records from the franchisee employee database were available to certain 7-Eleven franchises.  We immediately updated the records, investigated to determine the cause of the issue, and have taken additional safety measures to protect your informaton and ensure that records are not accidentally made available to any franchisee other than the Employing Franchisee."

The information compromised included names, addresses, Social Security Numbers, and telephone numbers.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-63282

 

 
Information Source:
California Attorney General
records from this breach used in our total: 7,820
August 8, 2016 Newkirk Products Inc.
Albany, New York
BSF HACK

Unknown

"Personal information about members of two local health insurance companies has been breached in a data security incident involving an Albany firm.

Newkirk Products Inc., an Albany company that prints identification cards for insurers, reported a cybersecurity incident that exposed information including names, mailing addresses and, in some cases, date of birth. Social Security numbers, medical information and financial account information was not breached.

Newkirk makes insurance ID cards for Albany nonprofit insurer CDPHP and BlueShield of Northeastern New York, the Latham division of Buffalo's HealthNow New York Inc. More than half a million CDPHP members and 70,000 BlueShield members were affected by the data incident, according to the insurers.

The data systems of the health insurers were not affected."

More Information: http://www.bizjournals.com/albany/news/2016/08/08/data-breach-at-albany-...

 
Information Source:
Media
records from this breach used in our total: 0
August 8, 2016 Oracle's MICROS Point-of-Sale
San Jose, California
BSO HACK

Unknown

"A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems."

"MICROS is among the top three point-of-sale vendors globally. Oracle’s MICROS division sells point-of-sale systems used at more than 330,000 cash registers worldwide. When Oracle bought MICROS in 2014, the company said MICROS’s systems were deployed at some 200,000+ food and beverage outlets, 100,000+ retail sites, and more than 30,000 hotels.

The size and scope of the break-in is still being investigated, and it remains unclear when the attackers first gained access to Oracle’s systems. Sources close to the investigation say Oracle first considered the breach to be limited to a small number of computers and servers at the company’s retail division. That source said that soon after Oracle pushed new security tools to systems in the affected network investigators realized the intrusion impacted more than 700 infected systems."

More Information: https://krebsonsecurity.com/2016/08/data-breach-at-oracles-micros-point-...

 

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
August 5, 2016 Center for Minimally Invasive Bariatric and General Surgery
Chester, Pennsylvania
MED DISC

992

As reported by Health and Human Services unauthorized access/disclosure/email. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
August 3, 2016 Banner Health
Phoenix, Arizona
MED HACK

Unknown

"On July 13, 2016, we discovered that cyber attackers may have gained unauthorized access to information stored on a limited number of Banner Health computer servers.  We immediately launched an investigation, hired a leading forensics firm, took steps to block the cyber attackers, and contacted law enforcement.  The investigation revealed that the attack was initiated on June 17, 2016."

The information compromised included names, birthdates, addresses, physician's name (s), dates of service, clinical information, health insurance information, and Social Security numbers.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-63197

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 30, 2016 Disney Consumer Products and Interactive Media
Burbank, California
BSO HACK

Potentially 365,000 registered users

"Disney Consumer Products and Interactive Media has confirmed a data breach that affected some users of its Playdom forums.

A spokesperson for the business segment of the Walt Disney Company explains in a statement that security teams detected the incident back in July:

On July 12, 2016, we became aware that an unauthorized party gained access to the Playdom Forum servers. We immediately began investigating the incident and discovered that on July 9 and July 12, 2016, the unauthorized party acquired certain user information from the playdomforums.com site.

The information compromised included usernames, email addresses, passwords, and IP addresses of Playdom Forum users.

More Information: http://www.tripwire.com/state-of-security/latest-security-news/disney-co...

 
Information Source:
Media
records from this breach used in our total: 0
July 29, 2016 Jefferson Medical Associates, P.A.
Laurel, Missouri
MED HACK

10,401

"A Laurel clinic has issued a warning to a small group of their patients after a recent data breach of their systems.

Jefferson Medical Associates issued a press release stating that privacy events may have compromised certain personal information.
Continue reading >>

"I find things that are publicly available on the internet that should probably not be public available," said Chris Vickery, a cyber security researcher who lives in Austin, Texas. "Things like databases that have no password and are configured for public access. "

Vickery said he found a security flaw in a database of Jefferson Medical patient information.

"I was just going through randomly looking at the publicly available, configured for public access databases on those ports, and this one showed up," he said. "When I realized there social security numbers and names and phone numbers and prescription information, it dawned on me that 'hey this probably should not be public if it is real data.' So then I started the process of trying to figure out whose it was."

Jefferson Medical said Vickery was an unauthorized individual who shouldn't have had access to that information.

"This information is private information," said Katie Gilchrist, Jefferson Medical's legal counsel. "It's federally protected information. It's information that was on our server. This individual accessed it without our permission. He did in secret. There has never been a time when patient information in Jefferson Medical's possession has been just out there for anyone to get to."

Vickery agrees he shouldn't have had access and said that's why he alerted the clinic to the hole in its security.

"It was as available as a website is," Vickery said.

Gilchrist said, "Basically it's like leaving a window unlocked in your house. You leave the house, and you leave a window unlocked. These folks out there think that entitles them to come into the house and look around at all your stuff and then take things with them when they leave. That's just not appropriate."

Vickery said this isn't a hack because the information was readily available to anyone who knewwhere to look.

"There was nothing to hack," Vickery said. "There simply was no password, no user name, no security features of any sort being used. If you want to use a real analogy, here's a better one. I drove along a country road, a public country road, that not many people drive along, and on the side of the road, there were some records. Jefferson Medical left those records there. I took pictures of them and hunted down Jefferson and told them their records were on the side of the road. There's no crime involved there. That's not hacking. That's simply them being negligent."

Gilchrist said and internal investigation is ongoing, and Jefferson Medical has already increase security in response to the breach."

More Information: http://www.wdam.com/story/32712941/security-flaw-may-be-responsible-for-...

 
Information Source:
Media
records from this breach used in our total: 10,401
July 29, 2016 Hillary Clinton Political Campaign
Washington, District Of Columbia
BSO HACK

Unknown

"The computer network used by Democratic presidential candidate Hillary Clinton's campaign was hacked as part of a broad cyber attack on Democratic political organizations, people familiar with the matter told Reuters.

The latest attack, which was disclosed to Reuters on Friday, follows reports of two other hacks on the Democratic National Committee and the party's fundraising committee for candidates for the U.S. House of Representatives.

The U.S. Department of Justice national security division is investigating whether cyber hacking attacks on Democratic political organizations threatened U.S. security, sources familiar with the matter said on Friday.

The involvement of the Justice Department's national security division is a sign that the Obama administration has concluded that the hacking was state sponsored, individuals with knowledge of the investigation said.

In a comment, the Clinton campaign said the data program maintained by the DNC and used by its campaign and other entities was accessed as part of the DNC hack. It added that its computer system has been under review by outside cyber security experts. To date, the outside experts have found no evidence that the campaign's internal systems have been compromised."

More Information: http://www.cnbc.com/2016/07/29/hackers-breached-clinton-campaign-compute...

 
Information Source:
Media
records from this breach used in our total: 0
July 28, 2016 Athletes' Performance, Inc.
Phoenix, Arizona
MED PORT

854

As reported by Health and Human Services theft/laptop. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
July 27, 2016 Cardon Outreach
The Woodlands, Texas
MED INSD

22

"A health care revenue company says one of its employees looked at nearly two dozen patient records without authorization.

Cardon Outreach does contract work for AnMed Health, and has employees on site at the hospital. AnMed said in a release that a Cardon Outreach employee opened 22 patient files without authorization, including her own file.

Cardon Outreach fired the employee immediately after learning of the breach, according to the release."

More Information: http://www.wyff4.com/news/unauthorized-employee-accessed-hospital-patien...

 
Information Source:
Media
records from this breach used in our total: 0
July 27, 2016 Select Pain & Spine Dr. Christopher T. Sloan, D.P.M.
Farmington, Missouri
MED HACK

48,000

“We write to inform you that our practice discovered a data breach on May 27, 2016 that may have contained personal health information and have been investigating the exact nature and scope of the information obtained by the hackers since,” the letter reads. “To date, our investigation has determined that on May 4, 2016, a hacker, or hackers, likely gained access into our secured database system through a third party contractor and may have obtained some personal information of our patients including: names, addresses, social security numbers, date of births, diagnoses, lab results, other medical records, and potentially some financial information."

"On June 25, a hacker going by the name “thedarkoverlord” provided information to Deep Dot Web of a purported hacking of three different healthcare organizations – one originating from Farmington and containing 48,000 alleged patient records, according to the Deep Dot Web report."

This breach is one entity of the medical group that was hacked.

More Information: http://dailyjournalonline.com/news/local/local-medical-group-involved-in...

More Information: http://www.hipaajournal.com/farmington-medical-group-confirms-cyberattac...

 
Information Source:
Media
records from this breach used in our total: 48,000
July 26, 2016 Harrison Municipality
Harrison, New Jersey
GOV HACK

Unknown

"Since the West Hudson town's website was initially hacked on July 7, Harrison's website has been infiltrated seven more times in the past two weeks, officials said. 

"These are highly intelligent criminals who seek to cause havoc and destruction in the cyber world," said Nick Ayala of Scan Worx, the company that has managed the town's website for eight years. "Unfortunately, these are the times we live in." 

Harrison Mayor James Fife told The Jersey Journal this morning that the town's website does not contain any private information and no "sensitive material" has been compromised."

More Information: http://www.nj.com/hudson/index.ssf/2016/07/this_nj_towns_website_has_bee...

 
Information Source:
Media
records from this breach used in our total: 0
July 26, 2016 Midwest Orthopedic Group
Farmington, Missouri
MED HACK

29,153

"Midwest Orthopedics Group includes a number of healthcare companies including Midwest Imaging Center, LLC; Van Ness Orthopedic and Sports Medicine, Inc.; Mineral Area Pain Center, P.C.; MidWest Orthopedic Pain & Spine; and Select Pain & Spine."

"Patients were informed that the breach was first discovered on May 27, 2016 and the information compromised in the attack included names, dates of birth, addresses, Social Security numbers, Medical diagnoses, laboratory test results, medical records, and possibly also financial information.

An investigation into the breach was launched and it appears that the cyberattack occurred on May 4, 2016. The attack was conducted via a third party contractor, according to the breach notice."

More Information: http://www.hipaajournal.com/farmington-medical-group-confirms-cyberattac...

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 

 
Information Source:
Media
records from this breach used in our total: 29,153
July 26, 2016 Kimpton Hotels
San Francisco, California
BSO HACK

Unknown

"Kimpton Hotels, a boutique hotel brand that includes 62 properties across the United States, said today it is investigating reports of a credit card breach at multiple locations.

On July 22, KrebsOnSecurity reached out to San Francisco-based Kimpton after hearing from three different sources in the financial industry about a pattern of card fraud that suggested a card breach at close to two-dozen Kimpton hotels across the country.

Today, Kimpton responded by issuing and posting the following statement:

“Kimpton Hotels & Restaurants takes the protection of payment card data very seriously. Kimpton was recently made aware of a report of unauthorized charges occurring on cards that were previously used legitimately at Kimpton properties. As soon as we learned of this, we immediately launched an investigation and engaged a leading security firm to provide us with support.”

More Information: http://krebsonsecurity.com/2016/07/kimpton-hotels-probes-card-breach-cla...

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
July 25, 2016 StarCare Specialty Health System
Lubbock, Texas
MED PORT

2844

As reported by Health and Human Services theft/laptop, paper/films. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
July 25, 2016 American Family Care, Inc.
Birmingham, Alabama
MED DISC

7200

As reported by Health and Human Services unauthorized access/disclosure/email. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
July 22, 2016 Ambucor Health Solutions (an unincorporated division of The ScottCare Corporation)
Wilmington, Delaware
MED PORT

1679

As reported by Health and Human Services unauthorized access/disclosure/email/other portable electronic device. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
July 22, 2016 Caring for Women, PA
Easton, Pennsylvania
MED DISC

697

As reported by Health and Human Services unauthorized access/disclosure/email. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
July 22, 2016 Elex (mobile game Clash of Kings)
Bejing,
BSO HACK

1.6 million records

"A hacker has targeted the official forum for popular mobile game "Clash of Kings," making off with close to 1.6 million accounts.

The hack was carried out on July 14 by a hacker, who wants to remain nameless, and a copy of the leaked database was provided to breach notification site LeakedSource.com, which allows users to search their usernames and email addresses in a wealth of stolen and hacked data.

Three major social networks have quietly fallen victim to data breaches. Despite some success, patience and trust is now fading.

In a sample given to ZDNet, the database contains (among other things) usernames, email addresses, IP addresses (which can often determine the user's location), device identifiers, as well as Facebook data and access tokens (if the user signed in with their social account). Passwords stored in the database are hashed and salted."

More Information: http://www.zdnet.com/article/hacker-steals-forums-of-clash-of-kings-mobi...

 

Note: Company breach affected customers within the US

 
Information Source:
Media
records from this breach used in our total: 0
July 21, 2016 Sunbury Plaza Dental
Westerville, Ohio
MED PHYS

7784

As reported by Health and Human Services theft/paper/films. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
July 21, 2016 inVentiv Health, Inc.
Burlington, Massachusetts
BSO HACK

Unknown

"On July 7, 2016, we learned that a targeted "phishing" email message had been sent to inVentiv Health in June.  Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual.  The email was designed to appear as though it had been sent by an inVentiv executive, from the inVentiv executive's email account, requesting the uploading of our U.S. employees' 2015 W-2 Forms to a file sharing site.  Believing the email request to be legitimate, the W-2 data was uploaded.  It is unknown how much of the data uploaded may have been accessed by unauthorized individuals."

The information compromised included W-2 data included your name, address, Social Security number and salary information.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62962

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 20, 2016 Premier Family Care I, Inc.
Midland, Texas
MED DISC

1326

As reported by Health and Human Services unauthorized access/disclosure/paper/films. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
July 19, 2016 Access Health Care Physicians, LLC
Spring Hill , Florida
MED PHYS

2500

As reported by Health and Human Services theft/paper/films. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
July 19, 2016 San Antonio Shoemakers
San Antonio,
BSO HACK

Unknown

"We recently became aware of a computer intrusion that affected checkout systems at a number of San Antonio Shoemakers stores located in the United States. Promptly after discovering the issue, we engaged outside cybersecurity experts to conduct an extensive investigation. We have been working closely with law enforcement authorities and
coordinating our efforts with the payment card organizations to determine the facts. Upon the written request of the United States Attorney’s Office for the Southern District of New York and the New York Electronic Crimes Task Force of the United States Secret Service we delayed notifying individuals potentially affected by this incident for 30 days while law
enforcement began their investigation."

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62930

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 16, 2016 Providence Health & Services
Portland, Oregon
MED INSD

5,400

"Providence Health & Services in Oregon is notifying about 5,400 current and former patients that a former employee may have improperly accessed their patient records.

Providence said in a statement Friday that it learned of the breach in May during an internal audit and had since fired the Portland-based employee.

The audit found the worker had accessed health records between July 2012 and April 2016. It says the worker viewed demographic and medical treatment information, and may also have seen insurance information and Social Security numbers."

More Information: http://www.kgw.com/news/health/providence-notifies-5400-oregon-patients-...

 
Information Source:
Media
records from this breach used in our total: 5,400
July 15, 2016 Lee Rice D.O. Medical Corp DBA Lifewellness Institute
San Diego, California
MED HACK

2473

As reported by Health and Human Services hacking/IT incident. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
July 15, 2016 Matador Recordings, LLC
New York, New York
BSO HACK

Unknown

"On May 4, 2016, we were advised by our third-party website developer that it had identified and removed suspicious files from the e-commerce websites of the record labels for which Matador Direct is the distributor.  We quickly began an investigation and hired a third-party cybersecurity firm to assist us.  Findings from the investigation show that if a customer attempted to or did place an order on one of the affected websites from April 28, 2015 to May 4, 2016, information associated with the order being placed may have been obtained by an unauthorized third-party."

The information compromised included customer names, addresses, phone numbers, email addresses, payment card numbers, expiration dates, security codes, and account passwords.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62853

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 14, 2016 Cefalu Eye-Tech of Green, Inc.
Uniontown, Ohio
MED DISC

850

As reported by Health and Human Services unauthorized access/disclosure/electronic medical records. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
July 14, 2016 Sunshine State Health Plan, Inc.
Sunrise, Florida
MED DISC

1479

As reported by Health and Human Services unauthorized access/disclosure/email. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
July 14, 2016 Blaine Chiropractic
Blaine, Minnesota
MED HACK

1,945

As reported by Health and Human Services hacking/IT incident/network server. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
July 14, 2016 Project Management Institute
Newton Square, Pennsylvania
BSO HACK

Unknown

"PMI was informed on June 14, 2016, that one of its vendors, Comnet Marketing Group, Inc. ("Comnet"), had been the victim of an intrusion of its computer systems.  An unauthorized user gained administrative access to Comnet's systems on April 23-24, 2016, and issued commands to delete all the data housed on Comnet's servers.  That data may have included certain PMI customer credit card information that Comnet had collected on behalf of PMI.  Comnet did not discover any evidence indicating that the credit card data was accessed or acquirred by an unauthorized user or that the unauthorized user intended to steal data.  But the Comnet has been unable to definitively rule out any unauthorized access to or acquisition of data.  Thus, PMI provides this notice out of an abundance of caution."

The information compromised included names, addresses, email addresses, phone numbers, credit card numbers, CVV codes, and expiration dates.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62846

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 14, 2016 Opes Advisors
Cupertino, California
BSO HACK

Unknown

"On or about May 26, 2016, email login credentials were compromised allowing an outside party to gain access to one specific account.  Although we are still investigating the incident, the email may have contained your private information so we wanted to let you know about this incident right away."

The information compromised included email accounts that contained names, Social Security numbers, and any documents emailed.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62850

 
Information Source:
California Attorney General
records from this breach used in our total: 0
July 12, 2016 Kaiser Permanente Northern California
Oakland, California
MED INSD

Unknown

"The preliminary investigation has determined that two Kaiser Permanente employees stole equipment and machines from several Kaiser Permanente sites and stored them in an offsite storage unit.  When the stolen items were returned, each was examined and some of the ultrasound machines were found to contain PHI.  The theft of this equipment appears to have been for the purpose of selling the machine for profit, and not for the disclosing or misuse of PHI.  There is no indication that any protected health information has been used for fraud or other criminal activity."

The information compromised included MRN only or with first names, last names, images.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62796

 

 
Information Source:
records from this breach used in our total: 0
July 12, 2016 Pennsylvania Revenue Department
Harrisburg,
GOV PORT

865

"The Pennsylvania Revenue Department announced Tuesday that it is mailing letters to 865 taxpayers whose "personally identifiable" data were on one of four laptops stolen from a rental car in San Francisco, where auditors were working last month.

Thieves smashed the windows of several parked vehicles, including the auditors' car, the Revenue Department said in a news release.

The department said it determined that "some procedures to secure data may not have been followed with one laptop" but the department's computer network hasn't been accessed or hacked.

The taxpayers whose information was on the potentially unsecure laptop will receive free credit monitoring services and other protections. Details will be provided in the letter."

More Information: http://www.mcall.com/news/local/watchdog/blog/mc-stolen-government-lapto...

 
Information Source:
Media
records from this breach used in our total: 0
July 11, 2016 Dr. Q Pain and Spine d/b/a Arkansas Spine and Pain
Little Rock, Arkansas
MED HACK

17100

As reported by Health and Human Services hacking/IT incident/network server. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
July 11, 2016 Health Incent, LLC
Memphis, Tennessee
MED HACK

1100

As reported by Health and Human Services hacking/IT incident/other. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
July 11, 2016 Lasair Aesthetic Health P.C.
Denver, Colorado
MED DISC

1835

As reported by Health and Human Services unauthorized access/disclosure/email. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

 
Information Source:
Government Agency
records from this breach used in our total: 0
July 8, 2016 Omni Hotels & Resorts
Dallas, Texas
BSO HACK

Unknown

"On May 30, 2016, we discovered we were the victim of malware attacks on our network affecting specific point of sale systems on-site at some Omni properties.  The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date."

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-62753

 
Information Source:
California Attorney General
records from this breach used in our total: 0

Pages

Showing 1-50 of 5061 results