Latest news about data loss worldwide as reported by Privacy Rights Clearinghouse. (republished with permission)
| February 24, 2011 | Cambridge Who’s Who Publishing, Inc. Uniondale, New York |
BSO | PORT | 400,000 |
| A former employee made accusations that Who’s Who experienced a breach of 400,000 data tapes with customer information. It is not clear what happened, but the tapes were misplaced during the shipping process sometime before October 20, 2010. The information on the tapes included customer names, Social Security numbers, addresses, driver’s license numbers, payroll data, checking account numbers and credit card information may have been exposed. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 400,000 | |||
|
|
||||
| February 24, 2011 | Snow Creek Weston, Missouri |
BSO | HACK | Unknown |
| It appears that a hacker was able to obtain unencrypted customer credit card information around Friday February 18. Online customers of the ski resort were not affected. Information from electronic card transactions that were performed on-site was exposed. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| February 23, 2011 | Chapman University, Brandman University Los Angeles, California |
EDU | DISC | 13,000 |
| A student discovered a document with sensitive information in an unsecured folder. It contained names, Social Security numbers, student ID numbers and financial aid information. Around 11,000 current and former Chapman students, 1,900 applicants and an unspecified number of Brandman students were affected. Only students and people affiliated with the University could have accessed the file, and it appears that the student who reported the incident was the only one who accessed the file. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 13,000 | |||
|
|
||||
| February 22, 2011 | Emory Healthcare Atlanta, Georgia |
MED | PHYS | 2,400 (77 confirmed cases) |
| Those with questions may call (404) 727-7777 (option 6).
Seventy-seven patients had their Social Security numbers stolen and used for fraudulent tax returns. Patient names and possibly addresses, dates of birth, clinic numbers, limited health information and health insurance companies were exposed. Patients who were seen in orthopaedics between May of 2008 and January of 2009 for something other than physical therapy were affected. |
||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 2,400 | |||
|
|
||||
| February 22, 2011 | Jack in the Box Pearland, Texas |
BSR | INSD | Unknown |
| Investigators determined that a Jack in the Box location had been visited by multiple victims of fraudulent credit and debit card charges. Law enforcement visited the store and found a drive-thru employee with a skimmer in his pocket. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| February 22, 2011 | Integrity Bank Plus, MicroBilt Corp Kennesaw, Georgia |
BSF | UNKN | 500 |
| Someone gained access to Integrity Bank Plus’ MicroBilt account and was able to view the information of consumers connected with MircroBilt. The breach occurred between December 23 and December 28. Consumer credit report information may have been exposed. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 500 | |||
|
|
||||
| February 20, 2011 | Howard Brown Health Center Chicago, Illinois |
MED | INSD | Unknown |
| Call (773) 388-8793 for more information.
A donor database may have been breached. It would have revealed phone numbers and email addresses. It appears that one or more disgruntled organization insiders distributed a libelous letter to people who had their information on the donor database. Several of these people reported receiving the letter. |
||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| February 19, 2011 | Loud Technologies, Inc. Woodinville, Washington |
BSR | STAT | Unknown |
| The office theft of a computer may have exposed names and Social Security numbers of current and former employees. Some other items had been taken from the office too. The theft was discovered on November 15. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| February 18, 2011 | The Cigarette Box, Colton’s General Store Las Vegas, Nevada |
BSR | CARD | Unknown |
| The Cigarette Box in Las Vegas and The Cigarette Box in Laughlin are associated with the suspect.
A suspect was arrested and charged with fraudulent use of a credit card. The suspect is associated with three businesses and investigators are checking to see if customers of those businesses were victims of fraud. Several card skimmers were recovered at the three businesses. |
||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| February 16, 2011 | Charleston Area Medical Center (CAMC) Charleston, West Virginia |
MED | DISC | 3,655 |
| Someone discovered that they could find information about a relative’s name, address, patient ID, date of birth, Social Security number and other sensitive information through an online search that brought up WVChamps.com. WVChamps.com is a CAMC website relating to respiratory and pulmonary rehabilitation for seniors. The information was accidentally posted in a report on September 1, 2010 and appears to have been accessed a total of 94 times. The error was discovered on February 8 of 2011. The breach occurred within the CAMC subsidiary CAMC Health Education Research Institute. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 3,655 | |||
|
|
||||
| February 15, 2011 | Baptist Memorial Hospital Huntingdon, Tennessee |
MED | UNKN | 4,800 (No SSNs or financial information reported) |
| A number of patients were notified after a breach occurred on November 27, 2010. | ||||
| Information Source: HHS via PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| February 15, 2011 | Lake Woods Nursing and Rehabilitation Center Muskegon, Michigan |
MED | STAT | 656 (No SSNs or financial information reported) |
| The December 28 theft of a computer may have exposed the health information and other types of information of certain individuals. | ||||
| Information Source: HHS via PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| February 15, 2011 | Baylor Health Care Systems, Baylor Heart and Vascular System, Baylor University Medical Center Dallas, Texas |
MED | PORT | 8,241 (No SSNs or financial information reported) |
| A portable ultrasound machine was stolen from the Baylor Jack and Jane Hamilton Heart and Vascular Hospital in Dallas. The machine was stolen from a patient’s room sometime between December 2 and December 3. Patients who were seen at the hospital between December 26 of 2006 and the date of the theft may have had their names, dates of birth, blood pressure, height, weight and ultrasound images of their hearts on the machine. It is believed that only a fraction of the 8,000 patients who are at risk actually had their information on the machine at the time of the theft. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| February 15, 2011 | Day’s Jewelers Waterville, Maine |
BSR | HACK | Unknown |
| The location listed is the headquarters of Day’s Jewelers.
Those with questions can call Day’s at (800) 439-3297. A number of Maine residents have experienced credit, bank account and credit union fraud after shopping at Day’s Jewelers. An investigation has revealed that a hacking incident caused the breach and the approximate time of the breach. |
||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| February 15, 2011 | Affiliated Computer Services (ACS) Columbus, Ohio |
BSO | DISC | 8,000 (Unknown number of SSNs) |
| ACS handles the state of Ohio’s automated system for paying and tracking child care providers. An ACS mistake meant that over 8,000 providers were mailed letters with Social Security numbers visible form the outside of the envelope. Some of the providers were childcare centers and only had ID numbers revealed; smaller providers who had their Social Security numbers as IDs face a greater risk. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| February 13, 2011 | Bank of America Charlotte, North Carolina |
BSF | DISC | Unknown |
| An unknown number of customers were able to see the information of other customers when attempting to access their accounts online. The problem appeared to involve customers who had the same last name. The mistake exposed information for credit, mortgage and home equity accounts. All access to problem accounts was suspended within hours of the discovery. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| February 12, 2011 | Jacobi Medical Center, North Central Bronx Hospital, Tremont Health Center, and Gunhill Health Center New York, New York |
MED | PORT | 1.7 million |
| Health and Hospital Corporation is the group that runs the affected hospitals and clinics.
Backup tapes were stolen from an unsecured and unlocked van during transport by GRM Information Management Services. The theft occurred during December of 2010. The information on the tapes was from patients, staff members and associated employees and dated back to 1991. Names, Social Security numbers, addresses, patient health information and other patient and employee information may have been exposed. |
||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 1,700,000 | |||
|
|
||||
| February 12, 2011 | Saint Francis Broken Arrow (Broken Arrow Medical Center) Broken Arrow, Oklahoma |
MED | STAT | 84,000 |
| A computer that had not been used since May of 2004 was stolen from a secured information systems room. Patient billing information and some employee records were exposed. The information would have included names, Social Security numbers, dates of birth, addresses and patient insurance and diagnostic information. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 84,000 | |||
|
|
||||
| February 11, 2011 | First Transit, FirstGroup America Cincinnati, Ohio |
BSO | PORT | Unknown |
| A flash drive with First Transit applicant personal information was lost on a bus on January 21. Applicant names, Social Security numbers, addresses, dates of birth and possibly other employment information such as conviction record and drug test results may have been on the flash drive. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| February 9, 2011 | Oregon Department of Corrections Madras, Oregon |
GOV | PORT | 550 (300 SSNs exposed) |
| Payroll reports from Warner Creek Correctional Facility in Lakeview, Deer Ridge Correctional Institution in Madras, and Shutter Creek Correctional Institution in North Bend were exposed.
An outsider with a thumb drive that contained confidential payroll information contacted the agency on January 27. The thumb drive contained payroll reports with the information of around 550 staff members. Pay stub data with names, Social Security numbers and other payroll information were exposed. People employed at Warner Creek between July 31, 2005 and September 30, 2007 had their Social Security numbers exposed. People employed by Deer Ridge between August 31, 2006 and September 30, 2007 had their Social Security numbers exposed. People employed at Warner Creek, Shutter Creek and Deer Ridge between October 1, 2007 and the time of the breach had personal information other than Social Security numbers exposed. The drive was damaged before being returned to the department and it is unclear what, if any, additional types of information may have been exposed. |
||||
| Information Source: Databreaches.net |
records from this breach used in our total: 300 | |||
|
|
||||
| February 7, 2011 | HBGary Federal Sacramento, California |
BSO | HACK | 60,000 business emails (No SSNs or financial information reported) |
| HBGary announced that it had information about the Anonymous hackers collective. Anonymous supporters hacked into HBGary’s network in order to learn what information had been gathered during the investigation. Over 60,000 business emails were extracted and the company’s website was defaced. HBGary’s leader also had his Twitter account hacked and his personal information exposed. Anonymous supporters claim the attack was to prevent HBGary from selling trivial information to the FBI. The hackers published a 23-page document online and claimed that it was the information HBGary was going to sell. HBGary’s email database was also published. Sensitive information about customers may have been exposed. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| February 7, 2011 | Marriott Vacation Club International Orlando, Florida |
BSR | PHYS | Unknown |
| An unknown number of customer payment slips were lost during shipping. Timeshare maintenance fee payment slips were processed by a bank and shipped back to Marriott. The box of slips arrived damaged and had some of the slips missing. Timeshare owners’ names, credit card numbers and expiration dates, and addresses were exposed. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| February 5, 2011 | Human Services Agency of San Francisco San Francisco, California |
GOV | INSD | 2,400 |
| A former city employee emailed the information of her caseload to her personal computer, two attorneys and two union representatives. The former employee wanted proof that she was fired for low performance because she had been given an unusually high number of cases. Certain MediCal recipients in San Francisco had their names, Social Security numbers and other personal information exposed. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 2,400 | |||
|
|
||||
| February 4, 2011 | Twitter, Facebook and PayPal Rapides Parish, Louisiana |
BSO | HACK | Unknown |
| A 17-year old hacker was charged with various computer crimes. He somehow managed to access the Twitter, Facebook, PayPal and email accounts of multiple celebrities and other people. The teen was charged with cyberstalking, computer fraud, computer tampering and extortion. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| February 3, 2011 | University of Washington Hospital Seattle, Washington |
EDU | PHYS | 17 (No SSNs or financial information reported) |
| A customer purchased a piece of furniture from the University’s Surplus Store that had the medical records of patients. The information in the records was mostly x-ray and MRI images of spines. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| February 3, 2011 | SettlementOne Credit Corporation, Sackett National Holdings Inc., ACRAnet Inc., Fajilan and Associates Inc. (Statewide Credit Services and Robert Fajilan) , |
BSO | HACK | 1,800 |
| No location is listed since the incidents involve several organizations and their information security systems.
http://www.ftc.gov/opa/2011/02/settlement.shtm Three companies who resell consumer credit reports have agreed to settle with the FTC over charges that computer hackers could easily access consumer data through their weak information security systems. Hackers accessed more than 1,800 credit reports via security flaws in the computer networks used by the companies’ clients. |
||||
| Information Source: Databreaches.net |
records from this breach used in our total: 1,800 | |||
|
|
||||
| February 2, 2011 | University Book Exchange Greenville, North Carolina |
BSR | CARD | 100 |
| People who used their credit or debit cards to make purchases at the University Book Exchange may have had their financial information taken. A number of victims have contacted the police, but investigators are still not completely sure that the source of the fraudulent activity is a breach at the U.B.E. store. All or nearly all of those affected by the breach were connected to East Carolina University.
UPDATE (2/13/11): At least 100 East Carolina University students have reported fraudulent charges to their accounts. The breach is believed to have occurred between January 5 and 25. |
||||
| Information Source: Databreaches.net |
records from this breach used in our total: 100 | |||
|
|
||||
| February 2, 2011 | Texas Children’s Hospital Houston, Texas |
MED | HACK | Unknown |
| On December 29, the Harris County District Attorney’s Office notified Texas Children’s Hospital that its Accounts Payable system may have been breached. Vendors and employees who received checks between 1999 and 2011 may have had their names and Social Security numbers accessed by an unauthorized third party. The information seems to have been used to open electricity accounts. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 30, 2011 | JP Morgan Chase, Citibank New York, New York |
BSF | UNKN | Unknown |
| A Staten Island resident somehow obtained the personal information of JPMorgan Chase Bank and Citibank customers. The woman then used the names, addresses, dates of birth and bank account numbers of the people to steal more than $300,000 from Chase and $30,000 from Citibank. The woman visited banks in and around Manhattan between November 26, 2007 and April 29, 2010. She used forged driver’s licenses to make fraudulent withdrawals. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 30, 2011 | The Minnesota Department of Education Roseville, Minnesota |
GOV | DISC | 20 (No SSNs or financial information reported) |
| The transcripts of 20 online BlueSky Charter School students were accidentally released in November of 2010. The breach was not discovered until the week of January 30 when a new data request for the school was being processed. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 29, 2011 | Bend Ophthamology Bend, Oregon |
MED | STAT | Unknown |
| Five desktop computers were stolen from the Bend office during a robbery sometime between January 26 and 27. The office is located in the Pilot Butte Medical Clinic. How much information and the kinds of information exposed were not reported. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 29, 2011 | Southern Perioperative Services, P.C. Pelham, Alabama |
MED | PORT | 2,000 (No SSNs or financial information reported) |
| The breach may not have occurred at the Pelham office and may have affected other offices in Alabama.
A device with protected health information of patients was stolen on or around November 17, 2010. |
||||
| Information Source: HHS via PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 29, 2011 | Friendship Center Dental Office Ocala, Florida |
MED | PORT | 2,200 (No SSNs or financial information reported) |
| A laptop that contained the protected health information of patients was stolen on or around December 20, 2010. | ||||
| Information Source: HHS via PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 29, 2011 | Franciscan Medical Group Tacoma, Washington |
MED | STAT | 1,250 (No SSNs or financial information reported) |
| The breach may have occurred outside of Tacoma and affected patients who were seen at other hospitals and clinics.
A computer that contained the protected health information of patients was stolen on or around November 18, 2010. |
||||
| Information Source: HHS via PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 29, 2011 | Benefits Resources, Inc. Cincinnati, Ohio |
MED | PORT | 16,200 (No SSNs or financial information reported) |
| The location listed is the headquarters of Benefits Resources, Inc. The breach occurred in South Carolina.
A portable electronic device was lost or stolen on or around November 22, 2010. It contained the PHI of patients. |
||||
| Information Source: HHS via PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 29, 2011 | Veteran’s Affairs Medical Center White River Junction, Vermont |
GOV | DISC | 114 (No full SSNs or financial information reported) |
| A client device owned by Dartmouth allowed an unknown amount of people to anonymously log on to a computer network. A document that contained Veteran and Dartmouth patient information could be viewed once people had logged on using the client device. The document contained a list of Dartmouth and Veteran patients. Last names, last four digits of Social Security number, clinical diagnosis and comments were exposed. At least one patient had their full name and date of birth exposed. The problem had existed for an unknown amount of time. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 29, 2011 | Dermatology Clinic Durham, North Carolina |
MED | PHYS | 55 (No full SSNs or financial information reported) |
| A log book with patient appointment information was discovered missing. Patients had their names, last four digits of Social Security number, telephone numbers and names of procedures scheduled exposed. Two searches did not lead to the recovery of the log book; there is a possibility that a patient took the book. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 29, 2011 | Texas Health Harris Methodist Hospital Azle Azle, Texas |
MED | PORT | Unknown |
| Those with questions may call (800) 277-3597.
The loss of a back-up computer disc with patient information was confirmed on April 22, 2010. The disc contained laboratory chemistry exam results. Patients who were treated at the Hospital’s lab between July 2008 an February 2010 were affected. |
||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 29, 2011 | Ankle and Foot Center of Tampa Bay, Inc. Tampa Bay, Florida |
MED | HACK | 156,000 (No SSNs or financial information reported) |
| The Center experienced a hacking or IT incident on or around November 10 of 2010. The protected health information of patients was exposed.
UPDATE (2/3/2011): Names, Social Security numbers, dates of birth, home addresses, account numbers, and health care services and related diagnostic codes may have also been exposed. |
||||
| Information Source: HHS via PHIPrivacy.net |
records from this breach used in our total: 156,000 | |||
|
|
||||
| January 29, 2011 | Amazon.com Seattle, Washington |
BSR | DISC | Unknown |
| A security flaw that allows some Amazon customers to log in with variations of their actual passwords was recently discovered. Lowercase and uppercase letters are not distinguished and people could even use passwords with extra characters as long as the incorrect characters came after the 8th character of the password. An example of this problem is that Amazon would accept “PASSWORD”, “password” and “passwordpassword” as correct if someone had a password of “Password”. The problem appears to affect older Amazon.com passwords that have not been changed recently. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 28, 2011 | University of Iowa Hospitals and Clinics Iowa City, Iowa |
MED | INSD | 13 |
| University officials launched an investigation to determine if electronic medical records of 13 Iowa Hawkeyes football players receiving care at the facility were accessed inappropriately. Speculation about the health of the football players and the causes of their illness had been in the media.
UPDATE (2/3/2011): It appears that three workers will be fired and two will be suspended because they inappropriately accessed football player information. UPDATE (2/7/2011): One of the fired workers is challenging allegations that she viewed patient information without authorization. She and her representative claim that she did nothing wrong, and that if the accusations were true, viewing computerized medical records for a few seconds should be treated as a minor infraction. |
||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 28, 2011 | Five County Credit Union Bath, Maine |
BSF | HACK | Unknown |
| Five County decided to send 3,000 credit and debit cards to customers after discovering a breach that affected a third party. Some customers noticed suspicious transactions on their debit cards. About 2,500 debit cards were reissued and 500 Visa credit cards were reissued. The organization that experienced the breach and the number of customers affected were not reported. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 26, 2011 | Temple University School of Medicine Philadelphia, Pennsylvania |
MED | INSD | Unknown |
| A former Chair of the University’s Department of Ophthalmology and Assistant Dean for Medical Affairs faces 144 counts of health care fraud and making false statements in health care matters. The former faculty member and doctor is accused of causing thousands of false claims to be submitted to health care benefits programs between 2002 and 2007. The former faculty member allegedly instructed staff members to bring patient charts from other doctors to his office. Patient charts were improperly stored outside of his office and then fraudulently edited to make it seem as though the former faculty member had seen and evaluated the patients. The prosecution claims that after falsifying the documents, the former faculty member collected fees for services he had never performed. The former faculty member is also accused of falsifying the records of patients he had seen. The false claims may total more than $3,000,000. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 26, 2011 | North Carolina Department of Health and Human Services Raleigh, North Carolina |
GOV | PORT | Unknown |
| A set of computer disks may have been accidentally discarded during an office renovation. The disks contained data from the Division of Services for the Deaf and Hard of Hearing and would have been taken to a landfill if they were accidentally discarded. Those who applied for services from the Division’s Equipment Distribution Service between January of 2005 and December of 2008 may have had their information exposed. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 26, 2011 | Warner Pacific College Portland, Oregon |
EDU | PORT | 1,536 |
| A laptop was stolen from an employee’s home on January 3. It contained the names, Social Security numbers, dates of birth, telephone numbers and addresses of students. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 1,536 | |||
|
|
||||
| January 26, 2011 | Universal Technical Institute Phoenix, Arizona |
EDU | PORT | 98 |
| The names and Social Security numbers of recent applicants were on a stolen laptop. The laptop was stolen from UTI’s Phoenix office on November 18. Some applicants may have had their dates of birth and contact information exposed as well. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 98 | |||
|
|
||||
| January 26, 2011 | Ember Corporation Boston, Massachusetts |
BSO | PHYS | 50 |
| Ember received a package that had been sent from Ceridian via Federal Express. The package appeared to have been tampered with. Ceridian processes Ember’s payroll information and the package contained individual W-2 forms for current and former Ember employees. Two corners of the package had opened and the contents were wrinkled, but no documents appeared to be missing or opened. Ember warned its employees that their names, Social Security numbers, addresses and 2010 payroll information may have been exposed. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 50 | |||
|
|
||||
| January 26, 2011 | Hamilton Beach Brands, Inc. Glen Allen, Virginia |
BSR | HACK | Unknown |
| Hacker code was discovered on a server that hosts www.hamiltonbeach.com and www.proctorsilex.com. The server was breached on or around January 5. Customer names, credit card information, addresses, telephone numbers and email addresses were captured. The captured information was sent to hmtbccv@gmail.com and prosilexccv@gmail.com | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 26, 2011 | J. Press New Haven, Connecticut |
BSR | HACK | Unknown |
| An unauthorized party gained access to records of customer online orders placed between January 5 and January 10. Customer names, credit card information, order information and addresses may have been exposed. The website was temporarily shut down after J. Press learned of the breach. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 26, 2011 | KBR, Inc. Houston, Texas |
BSO | PORT | Unknown |
| People with questions regarding this incident may call 1-877-311-6112 or email response@kbr.com.
A company laptop that contained the personal information of current and former KBR employees and contractors was stolen. Names, Social Security numbers, addresses, dates of birth and employee ID numbers may have been accessed. |
||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 25, 2011 | Presbyterian Health Care Services Albuquerque, New Mexico |
MED | INSD | Unknown |
| Between May and June of 2008, a PHS pharmacy employee misused the names and identification information of customers. The former employee had fraudulent prescription reimbursement checks mailed to her friends and relatives, who then gave the proceeds back to the pharmacy employee. The employee allegedly generate 17 fraudulent checks for a total of $27,129.63. The woman was sentenced to two years in prison and four years of supervised release. She will also have to pay restitution to PHS and Medicaid. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 25, 2011 | Plainfield Board of Education Plainfield, New Jersey |
EDU | UNKN | Unknown |
| Someone posted administrative login information and a link to the login page of the Plainfield District’s Genesis Student Information System on a popular online message board. Plainfield did not disclose how the admin user name and password were discovered. An unknown number of people would have had access to student records and maybe even student and parent contact information. The breach was discovered and addressed within 24 hours. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 24, 2011 | Grays Harbor Pediatrics Aberdeen, Washington |
MED | PORT | 12,000 |
| People with questions about the incident may call 1-877-810-7248.
A backup tape was stolen from an employee’s car sometime around November 23. The device was used for storing copies of paper records. Patients may have had their names, Social Security numbers, insurance details, driver’s license information, immunization records, medical history forms, previous doctor records and patient medical records scanned and placed on the backup tape. |
||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 12,000 | |||
|
|
||||
| January 24, 2011 | Wentworth Institute of Technology Boston, Massachusetts |
EDU | DISC | 1,300 |
| On December 22 of 2010, Wentworth became aware of a breach that left sensitive student information online. A file was accidentally placed on Wentworth’s website at some point. Current and former students may have had their names, Social Security numbers, dates of birth and medical information exposed. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 1,300 | |||
|
|
||||
| January 24, 2011 | University of Missouri, Coventry Health Care Columbia, Missouri |
EDU | DISC | 750 (No SSNs or financial information reported) |
| A Coventry Health Care computer malfunction caused the names of University of Missouri health insurance program participants to be aligned with incorrect mailing addresses. Names, member numbers and birth dates were on mailed documents like benefits statements, health services letters and new ID cards. The erroneous mail was sent out to employees between January 6 and 10. An employee notified the University on or around January 14. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 20, 2011 | Chase San Luis Obispo, California |
BSF | CARD | 100 |
| A Chase ATM in Atascadero was also tampered with.
Three people were arrested for tampering with ATMs and making fraudulent charges on customer cards. They allegedly accomplished this by placing small cameras and card readers on at least two ATMs in the San Luis Obispo area. Over 100 people discovered that fraudulent charges had been made on their cards. Investigators first became aware of the situation on January 13. |
||||
| Information Source: Databreaches.net |
records from this breach used in our total: 100 | |||
|
|
||||
| January 19, 2011 | Abbott Medical Optics, Baylor College of Medicine Department of Ophthalmology Malpitas, California |
MED | PORT | Unknown |
| More information is available at (713) 798-2667.
Backup tapes with information from Ophthalmology department equipment were stolen from Abbott’s office after being collected from Baylor. The information on the tapes included the eye contour measurement charts, names and physician names of patients who were preparing for Lasik surgery. |
||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 19, 2011 | Ingenix Eden Prairie, Minnesota |
BSO | DISC | 142 |
| A search of health care providers on the Ingenix website revealed that Social Security numbers were sometimes attached to the names of providers as ID numbers. It appears that some health plans or preferred providers had listed the Social Security numbers as ID numbers. People searching for providers covered by their plans would have seen the numbers. Some health care providers may have had their Social Security numbers used as ID numbers for five years. At least 142 New Hampshire residents were affected, but the number of affected individuals nationwide was not revealed. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 142 | |||
|
|
||||
| January 19, 2011 | U.S. Postal Service St. Louis, Missouri |
GOV | PHYS | Unknown |
| The back door of a contractor truck popped open during its journey between a St. Louis distribution center and Memphis, Tennessee. Hundreds of pieces of U.S. mail were scattered across 70 miles of highway. A recovery effort was launched by police officers and postal workers within 24 hours. Most of the mail included statements and bills that were headed for the West Coast. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 18, 2011 | MIchael’s Rock Hill Grille Rock Hill, South Carolina |
BSR | HACK | 30 |
| Michael’s appears to be the common thread in a number of credit card fraud cases in the Southeast. It is believed that someone accessed credit card information by using malware on or obtaining passwords for the system on which the information was stored. The group of affected people most likely includes customers who used their card between September 16 and early December. Many of the cases involved Florida residents, but people in Texas, Kentucky, Tennessee, Georgia and Washington were also affected. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 30 | |||
|
|
||||
| January 18, 2011 | Tulane University New Orleans, Louisiana |
EDU | PORT | 10,000 |
| A University issued laptop was stolen from an employee’s car on December 29. The laptop was used to process 2010 tax records for employees, students and others who will receive a 2010 W-2. The information included names, Social Security numbers, salary information and addresses. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 10,000 | |||
|
|
||||
| January 18, 2011 | Iowa Telecommunications, Experian Newtown, Iowa |
BSO | UNKN | Unknown |
| One of Experian’s clients experienced a breach that gave unauthorized users access to Experian’s pool of consumer names, Social Security numbers, dates of birth and account numbers. Someone gained access to the Experian login information for Iowa Telecommunications and was able to obtain consumer report information in the company’s name. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 15, 2011 | South Carolina State Budget and Control Board Employee Insurance Program Columbia, South Carolina |
GOV | HACK | 5,600 |
| People who are covered by South Carolina’s state insurance program may have had their personal information obtained. A virus affected one of the Insurance Program’s computers. The breach occurred sometime between November 8 and November 18. Insured current and former employees, dependents and survivors may have had their names, Social Security numbers, health information, addresses and dates of birth exposed. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 5,600 | |||
|
|
||||
| January 15, 2011 | Omaha School Employees Retirement System Omaha, Nebraska |
EDU | HACK | 4,300 |
| A breach of Omaha School Employees Retirement System’s website was discovered on December 21. The incident occurred because of an attempt to access administrator log-in information. The hacker or hackers may have obtained a database with names, Social Security numbers, dates of birth, years of service and beneficiary information of current and former Omaha Public Schools employees. The website was shut down within two hours of the discovery. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 4,300 | |||
|
|
||||
| January 14, 2011 | California Therapy Solutions , California |
MED | PORT | 1,226 (No SSNs or financial information reported) |
| The breach could have affected four different offices in southern California. No city is listed.The November 15 theft of a device resulted in the exposure of protected patient health information. | ||||
| Information Source: HHS via PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 14, 2011 | Osceola Medical Center, Hils Transcription Service Osceola, Wisconsin |
MED | HACK | 500 (No SSNs or financial information reported) |
| The November 25 hack of a Hils Transcription server exposed the health information of 500 patients. | ||||
| Information Source: HHS via PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 14, 2011 | International Union of Operating Engineers Health and Welfare Fund, Zenith Administrators, Inc. Baltimore, Maryland |
NGO | PHYS | 800 (No SSNs or financial information reported) |
| Papers pertaining to Union’s employee benefits program were stolen from Zenith’s office on November 3. Zenith administers the benefits program. The papers contained health information. | ||||
| Information Source: HHS via PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 14, 2011 | Azure Acres New York, New York |
MED | PORT | 699 (No SSNs or financial information reported) |
| People in Sebastopol, California were affected. Concerned patients may call (855) 252-3784.
The November 12 theft of a physician’s laptop resulted in the exposure of client information. The information included full name and billing information, but did not include addresses or Social Security numbers. Azure Acres is a drug and alcohol abuse facility. |
||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 14, 2011 | Blue Cross Blue Shield of Michigan (BCBSM), Tstream Software Harper Woods, Michigan |
MED | DISC | 2,979 |
| The location listed is the headquarters of Tstream Software. Members with questions may call (866) 519-5876.
A BCBSM website created by Tstream was the source of a breach. A BCBSM found her personal information online when searching her name. People applying for individual health insurance between 2006 and an unclear date had their names, Social Security numbers, addresses and dates of birth exposed. BCBSM was notified of the error on November 17, 2010. The information was accessible for an unspecified amount of time. Though 6,500 BCBSM members were notified, only 2,979 were affected. |
||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 2,979 | |||
|
|
||||
| January 13, 2011 | St. Vincent Hospital Indianapolis, Indiana |
MED | UNKN | 1,800 (No SSNs or financial information reported) |
| St. Vincent encouraged patients who received letters to call 800-805-7004.
In November, Saint Vincent officials learned that several associate email accounts had been breached. A third party managed to obtain email logins. Patient names, dates of service and clinical information may have been accessed. |
||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 13, 2011 | Green River District Health Department, Fox Technology Group (now part of Intergranetics) Owensboro, Kentucky |
MED | DISC | 9,986 (more than half with SSNs) |
| The personal information of people who visited Green River District Health Department was accidentally placed online by Fox Technology. A resident notified the Department after discovering personal information online. Many visitor names were given with dates of birth; around half included Social Security information as well. The information was exposed sometime in October of 2010 or before. The problem was fixed soon after the Department was notified. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 5,000 | |||
|
|
||||
| January 13, 2011 | New Mexico National Guard Sante Fe, New Mexico |
GOV | STAT | 650 |
| A computer with the deployment records and Social Security information of soldiers throughout the state was stolen from the National Guard Headquarters in Sante Fe. The theft occurred sometime between December 23 and 28. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 650 | |||
|
|
||||
| January 12, 2011 | Kadlec Regional Medical Center Richland, Washington |
MED | HACK | Unknown |
| Those with questions may call (877) 451-9363.
A computer server that contained brain scan and other patient studies was hacked sometime around September 15. Patient names, dates of birth, ages, genders, medical record numbers and doctors’ names were exposed. The breach was discovered on November 11 during routine monitoring of computer network backups. The server was removed from service and a firm was hired to investigate the issue. |
||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 12, 2011 | Seacoast Radiology Rochester, New Hampshire |
MED | HACK | 231,400 |
| http://www.seacoastprivacy.com/
On November 12, Seacoast discovered that a server had been breached. Patient names, Social Security numbers, addresses, phone numbers and other personal information may have been exposed by the breach. Credit card and other financial information were not exposed. The estimated number of individuals who received notification is 231,400. Not all people who received a notification letter were affected. Patients and people serving as insurance guarantors were affected. It is believed that the hackers were utilizing Seacoast’s bandwidth to play a popular game called Call of Duty: Black Ops. |
||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 231,400 | |||
|
|
||||
| January 12, 2011 | Universal Medical Center Tucson, Arizona |
MED | INSD | Unknown |
| Three staff members and one contract employee were fired for viewing sensitive patient information without cause. The electronic medical records of patients who were injured during a terrorist shooting spree may have intrigued the workers. There were no reports of confidential patient information being released to the public. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 11, 2011 | University of Connecticut, HuskyDirect.com Storrs, Connecticut |
EDU | HACK | 18,059 |
| Customers who used their credit cards on UConn’s Huskydirect.com sports gear website may have had their personal information exposed in a data security breach. A hacker was able to access the Huskydirect.com customer database and may have viewed billing information with names, addresses, telephone numbers, credit card numbers, expiration dates, security codes and email addresses. The Huskydirect.com database is run by an outside vendor. People who made purchases offline are not at risk.
UPDATE (1/31/11): Some people who were affected by the breach have recently reported fraudulent charges. UPDATE (2/19/11): Additional details reveal the exact number of names that were on the customer database, the fact that the perpetrator used an administrative password, and the fact that Fandotech, the company that was hosting and managing the site, was not following correct web security procedures. |
||||
| Information Source: Databreaches.net |
records from this breach used in our total: 18,059 | |||
|
|
||||
| January 10, 2011 | Entertainment Software Rating Board (ESRB) New York, New York |
BSO | DISC | 1,000 (No SSN or financial information exposed) |
| People who contacted ESRB to complain about a Blizzard Entertainment change in privacy were sent a response that included the emails of other people who had contacted ESRB with similar concerns. Blizzard had proposed implementing Real ID (required usage of real first and last name) for participation in forums, but abandoned it after a backlash. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 8, 2011 | Race Trac Melbourne, Florida |
BSR | CARD | 600 |
| People with questions may call (321) 259-1211.
Authorities investigating fraudulent debit and credit card charges discovered a skimming device inside of a gas pump. Only one pump at the station was found to have a skimming device. Gas station employees first learned about the possible existence of a skimmer at their store in December. |
||||
| Information Source: Databreaches.net |
records from this breach used in our total: 600 | |||
|
|
||||
| January 8, 2011 | Campus Suite Apartments West Lafayette, Indiana |
BSO | PHYS | 30 |
| In November of 2008, documents with tenant Social Security numbers and dates of birth were stolen from the office. Many of the tenants were able to avoid fraudulent charges by immediately placing fraud alerts on their accounts. One man pleaded guilty to stealing the information and another pleaded guilty to using the information to commit fraud and identity theft. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 30 | |||
|
|
||||
| January 8, 2011 | Washington State Employment Security Division Olympia, Washington |
GOV | PHYS | 1,000 |
| Authorities discovered that names and Social Security numbers of hundreds of Employment Security Division state employees were in the possession of a man who intended to misuse and profit from the information. The man was arrested and held on 50 counts of identity theft. It appears that the employee information was stolen from a car parked on the state Capital campus sometime in 2009. Authorities are still notifying those who were affected by incident. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 1,000 | |||
|
|
||||
| January 8, 2011 | Duval Clerk of Courts Jacksonville, Florida |
GOV | DISC | Unknown |
| People who want to check their information in the Duval system must go to http://www.duvalclerk.com, scroll to the bottom of the page, click “search court and official records”, click “OnCore” and type in their name.
Someone discovered sensitive information on the government website. Some Social Security numbers and bank account numbers were viewable. Records entered after and around 2002 are carefully checked for Social Security numbers and bank accounts, but some records prior to that time still contain sensitive information. The clerk’s office removed sensitive information from several records after being notified of the problem. |
||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 6, 2011 | Adventist Behavioral Health Rockville, Maryland |
MED | PHYS | Unknown |
| Patients whose information was compromised may call (301) 251-4567.
An employee error caused sensitive patient documents to be sent to a recycling facility. Some of the documents, which should have been shredded instead of recycled, were found on December 29 after being blown out of a recycling truck. The documents included patient names and dates of birth. The papers that fell off the truck were shredded by Adventist and any documents that remained at the facility were destroyed there. The employee responsible for the mistake was not fired. |
||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 6, 2011 | Grant Medical Center, OhioHealth Columbus, Ohio |
MED | INSD | 501 (No SSNs or financial information reported) |
| Affected individuals may call 1 888-845-0818.
On November 5, several out-of-service computers were determined to be missing from a storage facility. An investigation revealed that a dishonest employee had stolen the computers, attempted to clear the hard drives and was in the process of reselling them. Information from patients treated at Grant between 2008 and November 5 of 2010 may have remained on the stolen computers. UPDATE (1/14/11): The breach affected 501 individuals. |
||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 6, 2011 | Heraeus Incorporated New York, New York |
BSO | PORT | 514 |
| The location listed is Heraeus Incorporated’s headquarters. The incident may have occurred elsewhere.
A steel cabinet was discovered missing on November 18. The cabinet had a safe which contained IT data and software backup tapes. Personal information on the backup tapes included names, Social Security numbers, addresses, financial account numbers, driver’s license numbers, medical information and other personal information. The cabinet was most likely thrown out during a cleaning. If so, the cabinet and its contents would have been taken to a transfer station, crushed, and then transported to a landfill for further destruction and disposal. |
||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 514 | |||
|
|
||||
| January 6, 2011 | Marsh U.S. Consumer, Seabury and Smith, ITT Corporation Tulsa, Oklahoma |
BSO | DISC | Unknown |
| Some ITT Corporation employees may have been able to view unencrypted personal information of other ITT employees when accessing an ITT website serviced by Marsh U.S. Consumer. The incident resulted from a programming issue and occurred from November 1 through November 8. Employees and their spouses may have had their Social Security numbers and medical history information exposed. Marsh U.S. Consumer is a service of Seabury and Smith. At least nine New Hampshire residents were affected by the breach, but the total number of individuals affected nationwide was not revealed. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 6, 2011 | Private Dental Practice Germantown, Maryland |
MED | HACK | 1,000 |
| The office discovered a hacking incident after the computer system shut down on October 14. A hacker accessed the computer system and server. Patient names, Social Security numbers, addresses, dates of birth, dental care and X-ray records, dental insurance member numbers and health insurance member numbers may have been exposed. | ||||
| Information Source: HHS via PHIPrivacy.net |
records from this breach used in our total: 1,000 | |||
|
|
||||
| January 6, 2011 | PinnacleHealth System, Gair Medical Transportation Services Harrisburg, Pennsylvania |
MED | DISC | 1,086 |
| Affected patients may call 1-877-825-4485.
Pinnacle became aware that outpatient information may have been accessed through an independent medical transcription company. Gair provides transcription services for Pinnacle and may have experienced a breach in 2008 that involved its computer server. Gair’s server appears to have been open to access through the Internet. Pinnacle became aware of the incident in mid-August when someone reported seeing patient information on the Internet. The information included Social Security numbers, medications, dates of birth, dates of interviews and dates of examinations. |
||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 1,086 | |||
|
|
||||
| January 6, 2011 | Pentagon Federal Credit Union (PenFed) Alexandria, Virginia |
BSF | HACK | 514 |
| The location listed may not be the location of the breach.
On December 12, a laptop was found to be infected with malware. PenFed current and former employees, beneficiaries, current and former members and joint owners may have had their names, Social Security numbers, addresses, credit and debit card numbers, and PenFed account numbers exposed. At least 514 New Hampshire residents were affected, but the total number of affected individuals nationwide was not reported. UPDATE (1/18/11): The breach affected 674 New Hampshire residents and an unknown number of people nationwide. |
||||
| Information Source: Databreaches.net |
records from this breach used in our total: 514 | |||
|
|
||||
| January 5, 2011 | Taco Bell Grand Rapids, Michigan |
BSR | INSD | 50 |
| Two Taco Bell employees were paid to use skimming devices at their store or stores. Between 50 and 100 customers had their credit card information obtained. It is likely that the scam lasted several weeks during the second half of 2010. Two of the men who bought information from the Taco Bell employees were arrested and charged after one of them was recorded buying pre-paid cards. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 50 | |||
|
|
||||
| January 4, 2011 | White Rock Networks Plano, Texas |
BSO | PHYS | Unknown |
| Nearly 50 boxes of medical records, Social Security numbers, addresses, phone numbers and other personal information were found in a paper recycling dumpster behind a library. White Rock personnel records from 2000 to 2005 were in the boxes. The company went bankrupt in 2006 and was purchased. A local news crew contacted at least one of the affected people so that she could retrieve her information. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 3, 2011 | EVG Quality Gas Sierra Madre, California |
BSR | CARD | 380 |
| On December 27, a customer reported fraudulent charges on her credit card after using it at the station. Later cases of identity theft were also traced to the gas station.
UPDATE (1/6/11): The gas station closed shortly before customers started reporting fraudulent charges. The former owner and two other people are being sought for questioning. Customers had their debit and credit card information captured by a skimming device when they used their cards at a store ATM or inside the store. UPDATE (1/10/11): The total number of victims is now at 380 and over $109,000 in fraudulent charges have been made. |
||||
| Information Source: Databreaches.net |
records from this breach used in our total: 380 | |||
|
|
||||
| January 3, 2011 | Half Hitch Tackle Panama City, Florida |
BSR | HACK | Unknown |
| A breach of the systems security resulted in the exposure of customer credit and debit cards. It is possible that the breach originated overseas. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| January 1, 2011 | Kinetic Concepts Inc, (KCI) San Antonio, Texas |
BSR | INSD | Unknown |
| A call center employee with authorization to access a customer payment card database used some of the information to make fraudulent purchases. The database contained names, addresses, insurance information and dates of birth. The Social Security numbers and payment card information of some customers were also in the database. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| December 31, 2010 | Sovereign Bank Wyomissing, Pennsylvania |
BSF | HACK | Unknown |
| The Bank became aware of suspicious online activity on October 15. On December 15, it was determined that a key logger had been installed on a company laptop. Customer names, Social Security numbers and addresses may have been accessed by unauthorized parties. At least 2 New Hampshire residents were affected, but the total number of affected individuals nationwide was not revealed. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| December 31, 2010 | Samuels, Green, and Steel, LLP Irvine, California |
BSO | UNKN | Unknown |
| An unauthorized party obtained the law firm’s login information and accessed consumer credit reports. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| December 31, 2010 | CHS, Inc. St. Paul, Minnesota |
BSR | DISC | Unknown |
| PATR-1099 forms were mailed with names and Social Security numbers visible from the outside of the envelope. The company became aware of the problem after a recipient notified them of the mistake. The error did not affect all recipients. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| December 31, 2010 | Armstrong Atlantic State University Savannah, Georgia |
EDU | PORT | Unknown |
| Affected individuals may call (912) 344-3529.
A portable hard drive was stolen from the nursing department in early October. It contained the Social Security numbers of several hundred alumni. |
||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| December 28, 2010 | Apothecary of Colorado Denver, Colorado |
MED | PHYS | Unknown |
| A man handling recyclables near his home found a conspicuous binder in a dumpster. It turned out that medical marijuana records had been placed there. The names, Social Security numbers, dates of birth, addresses and phone numbers of patients were in the binder. The current owners believe the records are from the previous owner or owners. ”Dozens” of people were affected. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| December 28, 2010 | Geisinger Health System Wilkes-Barre, Pennsylvania |
MED | DISC | 2,928 (No SSNs or financial information reported) |
| A former physician emailed patient medical information to his home email account in an unencrypted manner. The information included patient names, medical record numbers, procedures and indications. The physician deleted the information from his computer, home network and servers. The incident occurred on or around November 3. | ||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| December 27, 2010 | Riverside Mercy Hospital, Mercy Health Partners Toledo, Ohio |
MED | PHYS | 1,000 (No SSNs or financial information reported) |
| Concerned current and former patients and employees may call 1-877-451-9361 for more information.
Patient and employee records were left in the Hospital after the facility was sold to Toledo Public Schools in 2003. The Hospital closed in 2002 and was sold in 2003. Records were left unsecured in the facility from 2003 until the discovery in November of 2010. |
||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| December 27, 2010 | American Honda Motor Company Torrance, California |
BSR | HACK | 4.9 million (No SSNs or financial information reported) |
| A Honda vendor maintaining a customer mailing list for My Acura and Honda’s Owner Link websites was hacked. Names, email addresses, vehicle identification numbers and user IDs may have been exposed. There is speculation that this breach is connected to a hack of Silverpop that exposed the information of McDonald’s and deviantART subscribers.
UPDATE (1/24/11): Around 2.2 million Honda customers had their information exposed. Around 2.7 million Acura customers had their email addresses exposed, but names and other information were not breached. |
||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| December 25, 2010 | Dallas Police Department Dallas, Texas |
GOV | PORT | Unknown |
| Laptops were stolen from ten decommissioned Dallas police cars. The decommissioned squad cars were burglarized sometime during the last six months. The laptops were used to check license plates, receive calls, and check people’s records. Officials believe there is little chance of sensitive information on the laptops or Dallas police network being accessed by unauthorized persons. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| December 23, 2010 | Mankato Clinic Mankato, Minnesota |
MED | PORT | 3,159 (No SSNs or financial information reported) |
| Patients who received a notification letter may call 1-800-657-6944 X8633 or 625-1811 X8633.
A laptop was stolen from the car of a registered nurse sometime between November 1 and 2. It contained a spreadsheet with patient names, dates of birth, medical record numbers, health provider names and diagnosis information. Patients were notified in late December because it took nearly two months to notify patients because the Clinic was determining what was on the laptop. |
||||
| Information Source: PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| December 23, 2010 | Stens Corporation Jasper, Indiana |
BSF | INSD | Unknown |
| Former employees continued to use passwords to access Stens’ computer system after they left the company. Both employees left to work for a competitor and are thought to have used information on the computer system for commercial advantage and personal benefit. Stens employees became suspicious and changed the passwords, but the former employees guessed the new passwords. One of the men pleaded guilty to computer intrusion. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| December 23, 2010 | Louisiana Horsemen’s Benevolent and Protective Association (HBPA) New Orleans, Louisiana |
NGO | INSD | Unknown |
| A former employee admitted that she conspired with others to send fraudulent votes. The woman falsified election ballots for members unlikely to vote, enclosed them in envelopes and marked the envelopes with the members’ Social Security numbers. The purpose was to rig the outcome of the 2008 March HBPA election. | ||||
| Information Source: Databreaches.net |
records from this breach used in our total: 0 | |||
|
|
||||
| December 22, 2010 | Zarzamora Family Dental Care San Antonio, Texas |
MED | STAT | 800 (No SSNs or financial information reported) |
| The October 15 theft of a desktop computer affected 800 patients. | ||||
| Information Source: HHS via PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| December 22, 2010 | Hospital Auxilio Mutuo Hato Ray, Puerto Rico |
MED | HACK | 1,000 (No SSNs or financial information reported) |
| The Hospital experienced a breach of one or more computers on or around November 19. The exact nature of the breach was not reported and could have been theft, unauthorized access, hacking, or an IT incident. | ||||
| Information Source: HHS via PHIPrivacy.net |
records from this breach used in our total: 0 | |||
|
|
||||
| December 22, 2010 | Cook County Health and Hospital Systems chicago, Illinois |
MED | STAT | 556 (No SSNs or financial information reported) |
| A desktop computer was found to be missing on or around November 1. It contained the medical record identification numbers, names, dates of birth, clinic names, physician names, and lab results of some patients. | ||||
Wow, scary stuff! You’d think these companies would have heard of encryption by now!!!
It is in point of fact a great and useful piece of information. I am satisfied that you simply shared this useful information with us. Please keep us up to date like this. Thank you for sharing.
I am very interested in this idea. I’m not in arhcives, but I do work in a library, and I think this is one of the major information issues libraries should be thinking about today. I could see it expand, too, to how do we collect digital records, and how can we create institutional/organizational strategies for planning what to collect.