Breach News for April 2014


Organizations Impacted by a Breach in April

LocationCompany#BreachedInformation ExposedCause of BreachDate
CaliforniaKaiser Permanente5,100 Involved patients participating in specific research studies and may have compromised their names, birth dates, medical record numbers, lab results associated with research, addresses and additional medical research dataInfected with malicious software10/2011 - 02/2014
New YorkThe Rochester Housing Authority180Names and Social Security numbersEmployee errorUnknown
IowaIowa State University18,949Student ID numbersHack04/2014
IowaIowa State University29,780Social Security numbersHack04/2014
NationalLaCieUnknownCustomers’ names, addresses, email addresses, and payment card numbers and card expiration dates. LaCie website user names and passwords could also have been accessedHack03/2013 - 03/2014
TexasEveryChild, Inc2,934Patients’ birthdates, Social Security numbers, Medicaid numbers, photos and other health informationStolen computers02/2014
TennesseeUniversity Urology, Knoxville,Tenn1,144Patient names and addressesEmployee theft2013-2014
CaliforniaVeterans of Foreign Wars55,000Names, addresses, and Social Security numbersHackUnknown
NationalBigMoneyJobs.com36,800Full names, home addresses, phone numbers, email addresses, website registration information, and plaintext passwordsHack04/2014
VirginiaDeltek Inc.80,000Payment card informationHack03/2014
NationalBoxee TV158,128Names, e-mail addresses, message histories, and partially protected login credentials Hack03/2014
CaliforniaSutherland Healthcare Solutions 338,700Patients' first and last names, Social Security numbers and certain medical and billing information. Birth dates, addresses and medical diagnoses may also have been includedStolen computers08/2012 - 11/2013
MichiganMDCH2,595Names and addresses, and for some individuals, dates of birth. Of those, 1,539 records also included either a Social Security number or a Medicaid identification number.Stolen Laptop and drive01/2014
CaliforniaPalomar Health5,000 Patients' names, dates of birth, diagnoses, insurance carriers and other treatment-related information. It also included 36 patients' Medicare identification numbers,Stolen Laptop and drive03/2014
TexasSpecs8,900 Employee names, addresses,
phone numbers and
Social Security numbers
Hack10/2012 - 04/2014
TexasSpecs 550,000Bank routing
numbers card
security codes
and other
payment card
and check
Hack10/2012 - 04/2014
Learn more about breaches here.

Breach News for March 2014


Organizations Impacted by a Breach in March

LocationCompany#BreachedInformation ExposedCause of BreachDate
MassachusettsBoston Medical Center15,000Patients’ names, addresses, and medical information, including what drugs they were taking, but did not include Social Security numbers or financial informationVendor error03/2014
PennsylvaniaUPMC322Names, home addresses, Social Security numbers, wage information, birth dates and bank account and routing numbers
Property theft05/2014
NationalStatista50,000Email addresses and passwordsHack12/2013 - 03/2014
NationalSmuckers Online StoreUnknownCustomer name, address, email address, phone, credit or debit card number, expiration date, and verification code.Hack12/2012 - 01/2014
PennsylvaniaSands, Bethlehem CasinoUnknownCredit card information or bank account information, as well as Social Security numbers, driver’s license numbers, and other confidential information used to initiate a line of credit, for tax reporting purposes or for gaming. HackUnknown
PennsylvaniaSands CasinoUnknownCredit card information or bank account information, as well as Social Security Numbers, driver's license numbers and other confidential information used to initiate a line of credit for tax reporting purposes or for gamingHackUnknown
NationalSally Beauty25,000Payment card dataHack02/2013 - 03/2014
North DakotaNorth Dakota University300,000Names and Social Security numbersHack02/2013
NationalComixologyUnkownUsernames, emails and encrypted passwordsHackUnknown
ColoradoValley View Hospital5,400Names, addresses, and in some cases credit card numbers, bank account numbers, Social Security numbers and phone numbersHack09/2013 - 01/2014
MarylandService Coordination Inc9,700Social Security numbers and medical informationHack10/2013
MarylandJohns Hopkins University1,307Names, email addresses and phone numbers Hack03/2014
IllinoisAssisted Living Concepts43,600 Names, address, birth dates, Social Security numbers and pay information of current and former employeesHack12/2013 - 01/2014
OhioHealthsource of Ohio8,800Patients' dates of birth, Social Security numbers, credit card numbers and some healthcare informationHack11/2013 - 12/2013
New YorkSyracuse Retired Police Officers Association300Names, addresses and Social Security numbers Employee error03/2014
VirginiaRichmond Fire Department400Names, Social Security numbersEmployee errorUnknown
NationalIRS20,000Names, Social Security numbers and addresses of employees

Employee error03/2014
New YorkNYC MTA15,000Social Security numbers, dates of birth, earnings information and other data.Employee error03/2014
MichiganCity of Detroit1,700Names, birth dates and Social Security Numbers for the current and former employees

Employee errorUnknown
CaliforniaLA County Public County Health168,500Patients’ names, medical and billing information and Social Security numbersComputer theft02/2014
CaliforniaUniversity of California, San Francisco10,000Names, dates of birth, mailing addresses, medical record numbers, health insurance ID numbers, and driver's license numbers

Computer theft01/2014
IndianaIndiana University146,000Names, addresses and Social Security numbers of students and recent graduates who attended the university on any campus from 2011 to 2014 was unsecured for more than 11 months An authentication point was not working correctly; data were accessed by Web crawlers, software that is used to improve Web searches.02/2014

Should Target CEO Be the Next to Get a Pink Slip?

Update: Gregg Steinhafel, Target’s CEO of 35 years, resigned five months following the disclosure of their data breach. By the end of 2014, Target had incurred $162 million in net breach-related expenses.

A growing number of reports suggest that not only did Target’s security work as it was expected to, but the intrusion also set off all the appropriate alarms and those alarms were, in fact, heard. They were just, apparently, ignored. According to an article by Bloomberg Businessweek, “Not only should those alarms have been impossible to miss, they went off early enough that the hackers hadn’t begun transmitting the stolen card data out of Target’s network.” Continue reading

Breach News for February 2014


Organizations Impacted by a Breach in February

LocationCompany# BreachedInformation ExposedCause of BreachDate
IndianaIndiana University146,000Student names, Social Security numbers and addresses Employee Error02/2014
ArizonaArizona Pension System52,000Names, e-mail addresses, Social Security numbers and addresses of membersEmployee Theft10/2011
MarylandUniversity of Maryland309,079 Names, Social Security numbers, date of birth, and University identification numbersHacker02/2014
NationalForbes1,056,986 Unique emails addresses and accounts, educational accounts (.EDU) based emails including administrators accountsHacker (SEA)02/2014
NationalKickstarterUnknownUser names, email addresses, mailing addresses, phone numbers and encrypted passwordsHacker02/2014
NationalWhite LodgingUnknown: 14 different hotels involved Names printed on customers’ credit or debit cards, credit or debit card numbers, the security code and card expiration datesHacker03/2013 - 12/2013
TexasSt. Joseph Health System405,000Patient names, birth dates, Social Security numbers, possibly addresses. Medical information for patients was accessible, as well as bank information for current and former employees.Hacker12/2013
NationalYahoo MailUnknownUsernames and passwords Hacker01/2014
TexasMidland Independent School District14,000Birthdates, Social Security numbers of all current students from seventh grade through high school seniors, along with graduates dating to the class of 2008Stolen Laptop and Hard Drive
CaliforniaEaster Seals3,026Date of birth, health care provider information, patient identification number, health care billing information and therapy notes

Stolen Laptop02/2014