Risky Business: The Hidden Costs & Impact of Business Data Breaches

Data Breaches Become Business-As-Usual

With the volume and velocity of data breaches increasing year-over-year, it’s safe to say no business is safe. Now is the time to be prepared for the myriad of threats to personally identifiable information (PII) – that your business has on employees, customers, partners, vendors – essentially all of the data that runs the business.

Data breaches are often not easily contained (Equifax) nor can their impact be viewed as trivial. Let’s take a closer look at the impact of today’s data breaches upon businesses of all sizes.

Continue reading

Signature Systems Responsible for 108 Small Business Breaches

SignatureSystemsLogoWhat happened?

Signature Systems Inc. the point-of-sale (POS) vendor responsible for leaking customer payment card information at more than 200 Jimmy John’s locations has announced that 108 other businesses have also suffered a breach as a result of using their payment card scanners.

After conducting a forensics investigation, Signature Systems learned that the attack took place between June 16 and September 18. An overwhelming number of these businesses are mom-and-pop pizzerias located across the Mid-Atlantic and Mid-West.
Continue reading

Breach News for April 2014


Organizations Impacted by a Breach in April

LocationCompany#BreachedInformation ExposedCause of BreachDate
CaliforniaKaiser Permanente5,100 Involved patients participating in specific research studies and may have compromised their names, birth dates, medical record numbers, lab results associated with research, addresses and additional medical research dataInfected with malicious software10/2011 - 02/2014
New YorkThe Rochester Housing Authority180Names and Social Security numbersEmployee errorUnknown
IowaIowa State University18,949Student ID numbersHack04/2014
IowaIowa State University29,780Social Security numbersHack04/2014
NationalLaCieUnknownCustomers’ names, addresses, email addresses, and payment card numbers and card expiration dates. LaCie website user names and passwords could also have been accessedHack03/2013 - 03/2014
TexasEveryChild, Inc2,934Patients’ birthdates, Social Security numbers, Medicaid numbers, photos and other health informationStolen computers02/2014
TennesseeUniversity Urology, Knoxville,Tenn1,144Patient names and addressesEmployee theft2013-2014
CaliforniaVeterans of Foreign Wars55,000Names, addresses, and Social Security numbersHackUnknown
NationalBigMoneyJobs.com36,800Full names, home addresses, phone numbers, email addresses, website registration information, and plaintext passwordsHack04/2014
VirginiaDeltek Inc.80,000Payment card informationHack03/2014
NationalBoxee TV158,128Names, e-mail addresses, message histories, and partially protected login credentials Hack03/2014
CaliforniaSutherland Healthcare Solutions 338,700Patients' first and last names, Social Security numbers and certain medical and billing information. Birth dates, addresses and medical diagnoses may also have been includedStolen computers08/2012 - 11/2013
MichiganMDCH2,595Names and addresses, and for some individuals, dates of birth. Of those, 1,539 records also included either a Social Security number or a Medicaid identification number.Stolen Laptop and drive01/2014
CaliforniaPalomar Health5,000 Patients' names, dates of birth, diagnoses, insurance carriers and other treatment-related information. It also included 36 patients' Medicare identification numbers,Stolen Laptop and drive03/2014
TexasSpecs8,900 Employee names, addresses,
phone numbers and
Social Security numbers
Hack10/2012 - 04/2014
TexasSpecs 550,000Bank routing
numbers card
security codes
and other
payment card
and check
Hack10/2012 - 04/2014
Learn more about breaches here.

Breach News for March 2014


Organizations Impacted by a Breach in March

LocationCompany#BreachedInformation ExposedCause of BreachDate
MassachusettsBoston Medical Center15,000Patients’ names, addresses, and medical information, including what drugs they were taking, but did not include Social Security numbers or financial informationVendor error03/2014
PennsylvaniaUPMC322Names, home addresses, Social Security numbers, wage information, birth dates and bank account and routing numbers
Property theft05/2014
NationalStatista50,000Email addresses and passwordsHack12/2013 - 03/2014
NationalSmuckers Online StoreUnknownCustomer name, address, email address, phone, credit or debit card number, expiration date, and verification code.Hack12/2012 - 01/2014
PennsylvaniaSands, Bethlehem CasinoUnknownCredit card information or bank account information, as well as Social Security numbers, driver’s license numbers, and other confidential information used to initiate a line of credit, for tax reporting purposes or for gaming. HackUnknown
PennsylvaniaSands CasinoUnknownCredit card information or bank account information, as well as Social Security Numbers, driver's license numbers and other confidential information used to initiate a line of credit for tax reporting purposes or for gamingHackUnknown
NationalSally Beauty25,000Payment card dataHack02/2013 - 03/2014
North DakotaNorth Dakota University300,000Names and Social Security numbersHack02/2013
NationalComixologyUnkownUsernames, emails and encrypted passwordsHackUnknown
ColoradoValley View Hospital5,400Names, addresses, and in some cases credit card numbers, bank account numbers, Social Security numbers and phone numbersHack09/2013 - 01/2014
MarylandService Coordination Inc9,700Social Security numbers and medical informationHack10/2013
MarylandJohns Hopkins University1,307Names, email addresses and phone numbers Hack03/2014
IllinoisAssisted Living Concepts43,600 Names, address, birth dates, Social Security numbers and pay information of current and former employeesHack12/2013 - 01/2014
OhioHealthsource of Ohio8,800Patients' dates of birth, Social Security numbers, credit card numbers and some healthcare informationHack11/2013 - 12/2013
New YorkSyracuse Retired Police Officers Association300Names, addresses and Social Security numbers Employee error03/2014
VirginiaRichmond Fire Department400Names, Social Security numbersEmployee errorUnknown
NationalIRS20,000Names, Social Security numbers and addresses of employees

Employee error03/2014
New YorkNYC MTA15,000Social Security numbers, dates of birth, earnings information and other data.Employee error03/2014
MichiganCity of Detroit1,700Names, birth dates and Social Security Numbers for the current and former employees

Employee errorUnknown
CaliforniaLA County Public County Health168,500Patients’ names, medical and billing information and Social Security numbersComputer theft02/2014
CaliforniaUniversity of California, San Francisco10,000Names, dates of birth, mailing addresses, medical record numbers, health insurance ID numbers, and driver's license numbers

Computer theft01/2014
IndianaIndiana University146,000Names, addresses and Social Security numbers of students and recent graduates who attended the university on any campus from 2011 to 2014 was unsecured for more than 11 months An authentication point was not working correctly; data were accessed by Web crawlers, software that is used to improve Web searches.02/2014