theDataMap

Documenting all the places
personal data goes.

healthDataMap


Legend: with your name, without your name.
Click on a circle above for names of organizations and details of data shared.


Employers receive information from health insurance companies about the overall health of employees and family members covered by the employer's health insurance plan. The information employers receive from Health Insurance Companies should not include the names of employees. Employers often share information with the the employee unions about their employees since unions commonly coordinate health insurance.

Employers also receive personal health information from wellness programs. Because Wellness Program often have an incentive and reward structure aimed at changing your life specifically, information between the Wellness program and the Employer usually includes your name.

These data sharing occur because employers have a financial interest in your healthcare. Not only do employers in the United States provide health insurance options to employees that cover employees and the families of employees, but employers also tend to contribute monthly insurance payments to the health plan. The healthier the population of employees, the less healthcare costs may be for the employer.

A Self-Insured Employer pays your medical bills directly, rather than there being a separate health insurance company. Because medical bills often include sensitive information, such as diagnoses, procedures and lifestyle content, self-insured employer typically use third parties to receive medical bill details from physicians, hospitals, and clinical laboratories. Bills typically include your name, address, policy number, date of birth, diagnoses, and procedures. Feedback to the employer should be aggregate information that does not include your name.

Examples

HealthCare Concepts, Inc. purchases statewide personal hospital discharge data from at least ME [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Affiliated Computer Services (ACS), Kraft Foods had a data breach in 2007, in Illinois. A computer tape with the names and Social Security numbers of current and former Kraft employees was lost by ACS. ACS administers Krafts prescription drug benefits program. ACS believes it accidentally destroyed the tape. Kraft reported the number of affected residents in North Carolina, New Hampshire, Maine and New York, but the total number nationwide was not reported and is likely to exceed 1446. (1446 records involved) [source].

  

1st Mariner Bank had a data breach in 2017, in Maryland. 1st Mariner Bank experienced a phishing attack that resulted in the exposure of the records of 1500 persons. Information exposed included Social Security Numbers, as well as names in combination with credit card or financial account information. [source]

  

7-Eleven, Inc. had a data breach in 2016, in Texas. On behalf of the 7-Eleven franchisees, 7-Eleven maintains a database of records for each franchise location that contains information on all franchisee employees for that location. Only the records in the database for the employees of a particular franchisee (Employing Franchisee) are sent to the local store and are available for access by the Employing Franchisee. 7-Eleven discovered in June 2016 that as a part of the update process, in addition to the normal set of employee records sent for each Employing Franchisee, some additional records from the franchisee employee database were available to certain 7-Eleven franchises. We immediately updated the records, investigated to determine the cause of the issue, and have taken additional safety measures to protect your informaton and ensure that records are not accidentally made available to any franchisee other than the Employing Franchisee.The information compromised included names, addresses, Social Security Numbers, and telephone numbers. [source]

  

ABB Inc. had a data breach in 2017. [source]

  

ABM Industries had a data breach in 2017, in New York. [source]

  

Access Health CT had a data breach in 2014, in Connecticut. The Connecticut health insurance exchange has suffered a data breach, when one of the exchanges employees lost a backpack at a local deli that included names, Social Security numbers and birthdates of 413 individuals.The employee was not authorized to remove these documents from the facility and has since been put on administrative leave. [source]

  

Acclaim Technical Services had a data breach in 2015, in California. Acclaimed Technical Services has notified individuals of a data breach when their system was hacked compromising personal information of individuals who had a background check done with the company.The information compromised included names, Social Security numbers, addresses, dates and places of birth, residency, educational and employment history, personal foreign travel history, information about immediate family, as well as business and other personal information contained in a background check. [source]

  

Active Outdoors had a data breach in 2016, in Texas. After we have made and continue to make significant investments in technology and security, on August 22, we became aware that we were the victim of an unauthorized and unlawful access to our online hunting and fishing licensing applications in Idaho, Oregon and Washington.The information compromised included names, addresses, dates of birth, driver's license number, Social Security number. [source]

  

Aecom had a data breach in 2014, in California. Aecom has notified current and prior employees of a data breach that exposed employee personnel files. Hackers were able to penetrate their corporate network, which included the employee payroll system for the US specifically.The information exposed inlcuded names, addresses, Social Security numbers, personal bank account numbers and routing numbers. [source]

  

Affiliated Computer Services (ACS), Kraft Foods had a data breach in 2007, in Illinois. A computer tape with the names and Social Security numbers of current and former Kraft employees was lost by ACS. ACS administers Krafts prescription drug benefits program. ACS believes it accidentally destroyed the tape. Kraft reported the number of affected residents in North Carolina, New Hampshire, Maine and New York, but the total number nationwide was not reported and is likely to exceed 1446. [source]

  

Alamo Capital had a data breach in 2017, in California. On March 14, 2017, a data security incident occurred which may have affected your personal information. When we discovered the incident on the same day, we immediately launched an investigation, and reported it to the FBI, the SEC and the Financial Industry Regulatory Authority (FINRA). Our information technology personnel also took measures to secure all client information. What Information Was Involved? The incident may have involved names, dates of birth, and Social Security numbers. [source]

  

Alcoa Global Mobility Group had a data breach in 2010, in New York. An electronic folder containing personal information on current and former expatriates and others who received assistance from Alcoas Global Mobility Group was shared as a public folder within its network. The personal information included names, dates of birth, family members names and dates of birth, salary compensation, Social Security numbers, and some peoples medical information. [source]

  

American Residuals and Talent Inc. had a data breach in 2014, in California. American Residuals and Talen Inc, dba ART Payroll, a specialized payroll company for the entertainment, advertising and events production industry, notified customers of a breach to their system when hackers infiltrated their servers and obtained personal information. The information included names, addresses, dates of birth, Social Security number, email addresses, phone numbers, ART account numbers, bank account information, ART account user ID and password.The company is providing ProtectMyID for 1 year at no cost to those who were affected. [source]

  

AMR Corporation had a data breach in 2010, in Texas. American Airlines parent company said Friday the personal information of about 79,000 retirees, former and current employees has been compromised after a hard drive was stolen from its Fort Worth headquarters. No customer data was affected. The data was held by the companys pension department. The drive contained images of microfilm files, which included names, addresses, dates of birth, Social Security numbers and a limited amount of bank account information. Some health insurance information may have also been included -- mostly enrollment forms, but also details about coverage, treatment, and other administrative information. The data spans a period from 1960 to 1995. AMR also believes some of the employee files also contained information on beneficiaries, dependents and other employees from 1960 to 1995. [source]

  

AOL had a data breach in 2014, in New York. AOL has sent a message to millions of its account holders of a data breach to their system urging them to change their usernames and passwords. AOL won't confirm an exact number but it appears to be approximately 2 percent of its accounts.AOL noticed the attack when a significant amount of spam began appearing from spoofed emails from AOL account holders email addresses. [source]

  

Areas had a data breach in 2016, in Florida. Areas notified employees of a data breach when they were the victim of a phishing scheme."On April 29, 2016, Areas learned it was the target of an email phishing scheme which resulted in unauthorized access to your peronal information."The information compromised included names, addresses, and Social Security numbers. [source]

  

Arlington Public Schools had a data breach in 2016, in Washington. More than two dozen Arlington Public Schools employees have had their social security numbers and tax information compromised in a data breach, according to a memo sent to APS employees Monday.The information compromised included information found on employees W-2 forms. UPDATE (4/28/2016): The first report stated that 28 employees were affected, a new updated report came out on April 28th that 40 additional employees were affected for a total of 68 individuals. = [source]

  

AT&T Mobility, LLC had a data breach in 2014, in Missouri. AT&T has informed California regulators of a data breach that occurred with a third party service provider. \"Employees of one of our service providers violated our strict privacy authorization,\" the company said in a letter to affected customers. AT&T believes the employees accessed your account as part of an effort to request codes from AT&T than are used to unlock AT&T obile phones in the secondary mobile phone market. Personal information such as Social Security numbers and phone records were accessed. The incident took place between April 9th through April 21st, but the California regulators were just informed this week. AT&T would not disclose how many customers were affected, but the law requires disclosure if more than 500 people have been affected. [source]

  

Autoneum North America had a data breach in 2017, in Michigan. A Swiss company said Wednesday income tax information was stolen for about 2,400 workers in the United States, putting them at risk of identity theft just as many are awaiting tax refunds. Autoneum North America Inc. said the data included 2016 W-2 salary and tax information as well as the current and former workers' names, addresses and Social Security numbers. Company spokeswoman Anahid Rickmann said it has been working with the FBI and IRS to investigate the breach and has offered its employees identity repair and credit monitoring services. She said the information was stolen with criminal intent. [source]

  

Avanti Markets Inc. had a data breach in 2017, in Washington. [source]

  

BajaBound.com had a data breach in 2016, in California. [source]

  

Bakersfield City School District had a data breach in 2017, in California. On November 9, 2017, at or about 4:24 p.m., the Board Docs Agenda was posted to the District’s website. In this agenda packet under the Certificated Human Resources Report, a report of certificated extra-time was inadvertently attached. It was confirmed that the personal information contained in this attachment included that of approximately 1,250 certificated employees and/or substitutes who worked extra-time. The error was identified at approximately 7:45 p.m. and immediately removed. The total time this information remained online was approximately three hours and twenty-one minutes. [source]

  

Bank of The West had a data breach in 2014, in California. The Bank of Manhattan Mortgage Lending notified customers of a data breach when an employee handled mortgage information of customers that did not meet the company policies, which may have resulted in disclosure of customers loan file information.The information compromised included names, addresses, loan numbers, phone numbers, Social Security numbers, birth dates, credit information, tax information, and other financial information. [source]

  

Baxter Credit Union had a data breach in 2016, in California. [source]

  

BDO USA, Rubio's Restaurants, Inc. had a data breach in 2012, in California. BDO was contracted by Rubios to perform financial auditing services. A BDO employee accidentally removed one or more CD-ROMs from the office. The CD-ROM or CD-ROMs contained a list of Rubios workers compensation claimants and a list of people who owned equity shares in Rubios Restaurants, Inc. The CD-ROM or CD-ROMS appear to have been stolen from the BDO employees vehicle. The workers compensation information contained names, claim numbers, medical status, and date of loss. The medical status information included the employees claim for injuries or illnesses. No Social Security numbers were involved. The partial equity roll list contained names and Social Security numbers. [source]

  

Bistro Burger had a data breach in 2015, in California. Bistro Burger confirmed that malware was installed on the point-of-sale system at their San Francisco location between October 2, 2014 and December 4, 2014. The information compromised included names, payment card account numbers, card expiration dates and security codes. [source]

  

Boxee had a data breach in 2014, in New Jersey. The personal data of over 158,000 Boxee.tv forum accounts were hacked and leaked online to a Tor Internet site and at least one researcher. The information included email addresses, birth dates, IP addresses, message histories, and password changes. It also included message archives and past password changes.The company was purchased by Samsung last July. [source]

  

Bristol Farms had a data breach in 2016, in California. Bristol Farms notified current and former employees of a data breach when someone posing as a company executive requested certain information.The information compromised included first and last names, addresses, Social Security numbers, and 2015 compensation and deduction information. [source]

  

Broward College had a data breach in 2017, in Florida. On or about August 3, 2017, Broward College employees received a spam phishing email to their email accounts. The school learned that certain employees had clicked on the link and provided their credentials. Between July 18, 2017 and September 8 2017, Broward college determined that records were exposed including name, date of birth, address, social security number, financial account numbers, credit/debit card numbers, and/or driver's license or state identification card number. The breach affected 44,000 records. [source]

  

California Correctional Institution had a data breach in 2014, in California. On March 9, 2014 an employee roster was discovered within an unsecure desk drawer at one of the correctional facilities.The roster included full names and the last 6 digits of Social Security numbers.For those affected they are being directed to call Tim Fites, Information Security Coordinator at 1-661-823-5011. [source]

  

California Department of Public Health (CDPH) had a data breach in 2011, in California. [source]

  

Campbell Taylor & Company Certified Public Accountants & Consultants had a data breach in 2017, in California. [source]

  

Casa Del Sol Day Care had a data breach in 2008, in Texas. [source]

  

CBC Restaurant Corporation (Corner Bakery Cafe) had a data breach in 2015, in Texas. The Corner Bakery Corporation notified employees of a data breach when an ex-employee of the company may have stolen employee files with the intent to commit identity theft. The company has not been able to verify if this has happened.The information that may have been exposed includes names, addresses, dates of birth and Social Security numbers. [source]

  

Centene had a data breach in 2016, in Missouri. Centene, a St. Louis-based payer, is searching for six missing hard drives that contain protected health information of approximately 950,000 individuals. The six hard drives contain information of individuals who received laboratory services from 2009 to 2015, including names, addresses, birth dates, Social Security numbers, member ID number and health information. There is no financial or payment information stored on the hard drives, according to the payer.Centene noticed the hard drives were missing when they were unaccounted for in an inventory of IT assets. The hard drives were part of a data project that used laboratory results to improve health outcomes.The payer does not believe the information has been inappropriately used but has launched an ongoing search out of abundance of caution and in transparency, according to a media notice. [source]

  

Central Concrete Supply Company had a data breach in 2016, in California. Central Concrete Supply Company notified employees of a data breach when they discovered a third party gained access to copies of employees W2 information along with tax withholding statements that contained personal information of the employees.The information compromised included employer name, employee names, addresses, phone numbers, tax identification numbers, social security numbers, and income information. The company has retained Kroll to provide identity theft protection for one year for free. [source]

  

Chapman University had a data breach in 2017, in California. Last week an external hard drive went missing from Chapman University’s Harry and Diane Rinker Health Science Campus. The employee who was assigned the external drive had access to several University network drives. Chapman University cannot determine the actual contents of the missing external disk drive but it is treating the entire content of all drives that the assigned employee had access to as potential content on the missing external drive. [source]

  

Cheddar's Scratch Kitchen had a data breach in 2017, in Texas. Early on July 21, 2017, there was a break-in at locked corporate facility for Cheddar's Scratch Kitchen in Texas that resulted in the theft of several laptops and a hard drive containing personal some team members' personal information and very limited guest information. The incident was promptly reported to the police and their investigation is ongoing.What Information Was InvolvedWhile the investigation continues, our current understanding is that the personal information that may have been involved in the incident likely includes your Social Security number; contact information, such as your name, address, email address, and telephone number; other employment-related information and limited guest information, if applicable. In some cases, a photocopy of your ID may have been included. We regret that your personal information may be affected. [source]

  

Club Sport San Ramon/Oakwood Athletic Club had a data breach in 2017, in California. On July 31, 2017, we discovered that an employee was the subject of a phishing attack when they received an email that appeared to be from an executive, requesting copies of employees W-2 wage and tax statements. In response to that email, individual employee W-2 information was sent to an unauthorized email address. From our investigation, it appears that this contained your personal information, including your name, address, Social Security number, and wage and tax information from 2016. This DID NOT include personal banking or financial account information. Local law enforcement and the IRS have been notified of this incident and we are cooperating with their investigations. [source]

  

Cohn Handles Sturm had a data breach in 2017, in California. [source]

  

College of the Desert had a data breach in 2014, in California. [source]

  

Corporate Employment Resources, Inc. had a data breach in 2018, in Michigan. On January 26, 2018, a Company employee sent an e-mail to other current and former Company employees who were authorized to receive the e-mail but inadvertently attached a document not intended for the recipients. The erroneous attachment contained the intended recipients' personal information as well as the personal information of other current and former employees, including first and last names and Social Security numbers. The Company employee realized her error almost immediately in sending the January 26 e-mail and promptly notified the Company on that day. The Company has asked all recipients of the January 26 e-mail to delete it (along with the erroneous attachment) and to confirm the deletion. The Company is in the process of collecting confirmations of the deletion. [source]

  

County of Sacramento had a data breach in 2016, in California. An error was discovered in the online automated application system within the Accela software that may have made your personal data available to Emergency Medical Service license applicants that had an account on the system.The report that allowed unauthorized access was deployed on August 8 2015.  The report providing that data was shut off within an hour of discovery on August 1, 2016.While we have no indication that any data was compromised or misused, we are taking the precaution of notifying you so you can, if you deem appropriate, take additional steps to protect yourself and your information.The information compromised incuded names, addresses, social security number, driver's licenses, phone numbers, and birth dates. [source]

  

County of San Diego had a data breach in 2016, in California. The County of San Diego Human Resources Department notified employees of a data breach when information involving employees Wells Fargo Health Savings Accounts. The County stated, "data regarding County employees who elected to set up HSAs was sent to Wells Fargo. The information compromised includes names, addresses, Social Security Number, birthdate, employee ID, primary email, work phone number, personal phone number. [source]

  

Crest Foods had a data breach in 2016, in Oklahoma. An individual contacted a local news agency in Oklahoma City, Oklahoma when information on Crest Food employees was found in a dumpster at a recycling facility. The information this individual found on one employee included her application of employement, direct deposit form. Another individuals Social Security number and bank routing numbers were exposed.The grocery store chain is currently investigation the issue with both their internal procedures and procedures with a third party vendor that they use to destroy sensitive information. [source]

  

DBM Global had a data breach in 2017, in Arizona. On January 7, 2017, our Phoenix office was burglarized and one employee laptop was stolen. We contacted law enforcement and conducted an investigation. What Information Was Involved? The stolen laptop data may have included personal information such as employee, former employees, and their respective dependents from December 2014 to present. Specifically, the information may have included: name, address, social security number, employee identification number, date of birth, and direct deposit bank information. The stolen data may also have included name, address, social security number and date of birth for dependents of the employees and former employees. [source]

  

Defense Finance and Accounting Service/ Defense Department Document Automation and Production Service had a data breach in 2010, in Virginia. An error at the U.S. Department of Defense Document Automation and Production Service caused pay statements containing names and sensitive information about the finances of about 18,000 recipients of a special pay for disabled retirees to be sent to wrong addressees. The statements, a page of which contained information about annual increases in Concurrent Retirement and Disability Pay, mistakenly listed data including at least a portion of another recipientí£s name, their bank or insurance company name, the amount of their allotment and the allotment type. There is no indication that any Social Security numbers, bank account numbers or phone numbers were listed on the erroneously mailed pages. [source]

  

Defense Point Security had a data breach in 2017, in Virginia. Name, address, ssn, and w2 tax info were breached. [source]

  

Delta Career Education Corporation had a data breach in 2017, in Virginia. [source]

  

Dollar General Corporation had a data breach in 2018, in Tennessee. On January 15, 2018, one of our service providers, Ernst & Young LLP (EY), became aware that on three separate occasions during the week of January 8, 2018, one of their tax professionals had mistyped a fax number while transmitting a total of forty-four (44) Tax Credit and Incentive Forms which contained personal information pertaining to 43 current employees and prospective hires of Dollar General. These faxes were transmitted in connection with the Work Opportunity Tax Credit (WOTC) services EY provides to Dollar General. Due to the EY tax professional transposing digits in the fax number, the Forms were sent to an unintended recipient's fax machine (instead of the fax machine located at another EY office). [source]

  

Douglas County School District had a data breach in 2014, in Colorado. Douglas County School District notified employees of a data breach of their personal information when a laptop containing their personal information was stolen.In a letter sent to district employees, the district stated that the stolen computer contained some workers' Social Security numbers and bank account information.The district is currently investigating the breach. [source]

  

Dover Federal Credit Union had a data breach in 2016, in Delaware. On September 20, 2016, DFCU learned that an employee had transferred DFCU files to the employee’s personal Dropbox account to access the information from the employee’s home computer for business purposes. Although DFCU had no indication that any of the transferred information was compromised, DFCU managers immediately began an investigation to determine what information had been transferred. DFCU hired a computer forensic firm to help investigate the incident. The investigation determined on November 18, 2016, that it was unlikely that any information was accessed by any unauthorized person, as the employee was the only authorized user of the Dropbox account and did not provide the Dropbox credentials to any other individual. DFCU determined on November 23, 2016, that the files transferred to the employee’s Dropbox account included personal information of all DFCU members. What information was involved? The information included your name, address, DFCU account number, and your Social Security number. [source]

  

Eastwood Company had a data breach in 2016, in Pennsylvania. On July 22, 2016, Eastwood learned that malicious software code may have been inserted into its e-commerce website. We immediately removed the malicious software, began an investigation and hired a third-party cyber-security firm to assist us. Findings from the investigation show that if a customer placed an order on our website from May 29, 2016 to July 22, 2016, information associated with the order being placed may have been obtained by an unauthorized third-party.The information compromised included names, addresses, phone numbers, email addresses, payment card numbers, expiration date and security code. [source]

  

Ebay had a data breach in 2014, in California. Ebay, the online auction site, was hacked between late February and early March with login credentials obtained from employees. The hackers then accessed a database containing user records of approximately 145 million users which they appeared to have copied. The information included email addresses, encrypted passwords, birth dates, mailing addresses. The company reports that no financial data or PayPal databases were compromised. The company is encouraging all who were affected to login into their account and change their passwords. [source]

  

Equifax Inc. had a data breach in 2016, in Georgia. The information was breached via Electronic Medical Record. [source]

  

Extreme Reach had a data breach in 2017, in Massachusetts. On or about August 22, 2016, we received confirmed notice from our electronic medical record provider that their electronic system was subject to a malware attack on July 26, 2016. They became aware of the incident on July 27, 2016, and we are informed that they promptly took action to secure their systems. We immediately requested further information to understand what happened and to determine which, if any, of our patients were affected. On September 14, 2016, we were provided further detail of the events, and learned that the company, MMPC, experienced a ransomware infection. Ransomware is a type of malware which restricts access to the computer system that it infects, and demands that a ransom be paid to the creator of the malware to remove the restriction. The third party forensic IT firm hired to investigate this incident found no evidence that patient information was viewed, transferred or accessed. However, during the restoration process of their system, MMPC has informed us that one of their backup systems failed causing the loss of consultation notes between July 11, 2016 and July 26, 2016. Given these events, we wanted to notify you of this matter. [source]

  

Fingerhut had a data breach in 2017, in Minnesota. [source]

  

Fresno State had a data breach in 2014, in California. Name, date of birth, telephone number(s), address, social security number, employment (W-2) information, and 1099 information were breached. [source]

  

Gary W. Janke had a data breach in 2017, in California. On the night of September 26, 2017, a thief broke into the back of the office building in Northridge, California. [source]

  

Goldenvoice/Coachella Music Festival had a data breach in 2017, in California. On 10/31/2017 Goldleaf Partners Services, Inc. suffered a hack that affected 6020 records, including Social Security numbers as well as names and credit card or financial account information. [source]

  

Goldleaf Partners Services, Inc. had a data breach in 2017, in Minnesota. On 10/31/2017 Goldleaf Partners Services, Inc. suffered a hack that affected 6020 records, including Social Security numbers as well as names and credit card or financial account information. [source]

  

Goldman Sachs & Co. LLC had a data breach in 2018, in New York. On January 11, 2018, Aperio Group, LLC, a third party investment manager used by Goldman Sachs, discovered that the email accounts of two of its employees were compromised by a sophisticated phishing attack which resulted in an unauthorized auto-forward rule being applied to those two employees' accounts. This caused all emails sent to those accounts between August 21, 2017, and January 11, 2018, to be blind copied to two external email addresses. The personal information involved in the incident consisted of the account name and account number for a Goldman Sachs account owned by two residents of North Carolina. [source]

  

Google Inc. had a data breach in 2016, in California. Google Inc. notified employees of a data breach when a third-party vendor that provides benefit management services inadvertently sent a document that contained personal information of their employee to a benefits manager of another organization.The information exposed included names, Social Security numbers. [source]

  

Gourmesso had a data breach in 2017, in Maine. [source]

  

Gourmesso had a data breach in 2017, in Maine. Discover Card account information of 1 Maine citizen breached. [source]

  

Green's Accounting had a data breach in 2014, in California. Exposed boxes of patient information were reported to Greenville Hospital System on December 31, 2010 by someone wishing to remain anonymous. The boxes were in a storage structure behind the building of an abandoned hospital. The hospital was Allen Bennett Memorial Hospital; it closed in August of 2008. Greenville Hospital System collected the boxes and notified patients in February. The 22 boxes contained information from Allen Bennett Memorial dating from 1990 to 1999. The information in the boxes included patient names, reasons and dates for visits, amount paid, patient insurance information with diagnosis and treatment, and admission reports with patient dates of birth and some Social Security numbers. An investigation revealed that the information in the boxes was probably not used for criminal purposes and that no one was sure how the boxes had gotten there. [source]

  

Hamilton Acquisition Corp. t/a Stallings Group had a data breach in 2018, in Virginia. The Social Security number of each employee was visible through the window of the envelope used to mail W2s to employees. [source]

  

Hanover Foods Corporation had a data breach in 2014, in Pennsylvania. Hanover Foods Inc, who is a Paytime client has learned that over 5,800 of it's employees were part of the over 216,000 individuals affected by the Paytime breach. Hanover's representing law firm has also sent a letter to those affected and has reported the incident to those individuals affected.The information breached included names, Social Security numbers, direct deposit bank account information, dates of birth, hire dates, wage information, home and cell phone numbers, and other payroll information when hackers obtained usernames and passwords associated with the Paytime system. [source]

  

Hard Rock Hotel & Casino Las Vegas had a data breach in 2016, in Nevada. [source]

  

Hathaway-Sycamores Child and Family Services had a data breach in 2017, in California. [source]

  

Heraeus Incorporated had a data breach in 2011, in New York. A steel cabinet was discovered missing on November 18. The cabinet had a safe which contained IT data and software backup tapes. Personal information on the backup tapes included names, Social Security numbers, addresses, financial account numbers, drivers license numbers, medical information and other personal information. The cabinet was most likely thrown out during a cleaning. If so, the cabinet and its contents would have been taken to a transfer station, crushed, and then transported to a landfill for further destruction and disposal. [source]

  

Hewlett Packard Enterprise Services had a data breach in 2016, in Texas. [source]

  

Hillary Tentler, CPA had a data breach in 2016, in California. The information was breached via Email. [source]

  

Home Point Financial had a data breach in 2017, in California. On March 30, 2017, we learned that an unauthorized individual utilized a phishing scheme and may have gained access to employees' email accounts beginning in November 2016. When we learned of this, we immediately secured the email accounts, reset passwords, and began an investigation.What Information Was InvolvedWe conducted a thorough review of the employees' email accounts and determined that they contained information that you may have included with your loan application such as your name, address, Social Security number, date of birth, driver's license/passport/state identification number, payment card number, and financial account numbers. [source]

  

Horizon Media, Inc. had a data breach in 2017, in New York. [source]

  

Hume Lake Christian Camps had a data breach in 2016, in California. Hume Lake Christian Camps notified employees of a data breach when they were a victim of a phishing scam. "On March 4, 2016, we discovered that between February 29, 2016 and March 4, 2016, as a result of a phishing incident, an unauthorized third party gained accessed to a Hume Lake employee's email account and, in turn, may have accessed files containing certain personal information." [source]

  

Hyatt Hotels had a data breach in 2017, in Illinois. The Hyatt hotel chain has notified individuals of a data breach when they discovered 250 of their 627 hotels were infected with malware that stole information, in particular, credit/debit card information.The malware infected restaurants, spas, parking, golf shops, front desk reception. The infection may have started as early as July 30, 2015 to December 8, 2015 and affecting hotels in US, UK, China, Germany, Japan, Italy, France, Russia and Canada. Hyatt is offering one year of credit monitoring for free via CSID. [source]

  

Imhoff & Associates, PC had a data breach in 2014, in California. Imhoff and Associates, a criminal defense lawfirm notified clients of a data breach when a backup hard drive was stolen from a locked trunk of an employee's vehicle.The personal information contained on the backup hard drive may have included names, birth dates Social Security numbers, driver's license numbers, addresses, emails and phone numbers.The firm is offering those affected 12 months of AllClear ID at no cost. [source]

  

Indalex had a data breach in 2011, in California. An abandoned Indalex plant still contained personnel records. Employee names, Social Security numbers, medical records, addresses, and other sensitive information were exposed when scavengers looking for aluminum and other materials ravaged the abandoned plant. The plant was closed in 2008 and Indalex filed for bankruptcy in 2009. Indalex received clearance from a bankruptcy court to officially abandon the plant in 2010. The damage was discovered when 40 workers from the Stanislaus County jail alternative work program cleared the plant. [source]

  

InterContinental Hotels Group (IHG) had a data breach in 2017, in Buckinghamshire. InterContinental Hotels Group (IHG), the parent company for more than 5,000 hotels worldwide including Holiday Inn, says it is investigating claims of a possible credit card breach at some U.S. locations.Last week, KrebsOnSecurity began hearing from sources who work in fraud prevention at different financial institutions. Those sources said they were seeing a pattern of fraud on customer credit and debit cards that suggested a breach at some IHG properties — particularly Holiday Inn and Holiday Inn Express locations.Asked about the fraud patterns reported by my sources, a spokesperson for IHG said the company had received similar reports, and that it has hired an outside security firm to help investigate. [source]

  

International Union of Operating Engineers Health and Welfare Fund, Zenith Administrators, Inc. had a data breach in 2011, in Maryland. The information was breached via Network Server. [source]

  

inVentiv Health, Inc. had a data breach in 2016, in Massachusetts. On July 7, 2016, we learned that a targeted phishing email message had been sent to inVentiv Health in June. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. The email was designed to appear as though it had been sent by an inVentiv executive, from the inVentiv executive's email account, requesting the uploading of our U.S. employees' 2015 W-2 Forms to a file sharing site. Believing the email request to be legitimate, the W-2 data was uploaded. It is unknown how much of the data uploaded may have been accessed by unauthorized individuals.The information compromised included W-2 data included your name, address, Social Security number and salary information. [source]

  

IRS had a data breach in 2014, in Pennsylvania. A former emloyee of the IRS took home a computer thumb drive that contained personal information on 20,000 current and former employees and contractors. The information included Social Security numbers, names and addresses. The thumb drive was plugged into the employees unsecured network, which could have left the information vulnerable. This incidence dates back to 2007 before the IRS stared using automatic encryption. The IRS will not comment why they did not discover this breach until now, or if the employee who used the thumb drive is still working at the IRS. [source]

  

ITA Group had a data breach in 2014, in Massachusetts. It was discovered on April 7, 2017 that a system error associated with the website was temporarily allowing for potential unauthorized access to certain program participants’ account information. [source]

  

James R. Glidwell, Dental Ceramics, Inc. had a data breach in 2015, in California. Glidewell, Dental Ceramics, Inc. and its subsidiaries notified employees of a breach to their system that maintains employee files was discovered. The unauthorized individual (s) may have taken documents that contained personal information of employees, including names, addresses, Social Security numbers, and financial account informaiton related to direct deposit accounts. The company is offering one year free of fraud resolution and identity theft protection services through ProtectMyID. Those affected can call 888-227-1416 or www.protectmyid.com/alert and engagement number PC96191. [source]

  

Jason's Deli - Deli Management, Inc. had a data breach in 2017. [source]

  

Johns Hopkins University had a data breach in 2010, in Maryland. Approximately 85 staff members received an email from the Applied Physics Laboratory on June 15. The email had an attachment with personal benefits information of APL staff dependents. The information included names, Social Security numbers, parent names, dates of birth, marital and disability status and medical and dental coverage. The emails were deleted by the IT department and staff members were asked to reply that they had not made copies or disclosed the information. [source]

  

Kaiser Foundation Health Plan had a data breach in 2012, in California. Someone purchased a hard drive in September of 2011 and immediately notified law enforcement that it contained confidential information. The external hard drive did not come from a Kaiser Permanente office. It contained employee data that was as recent as 2009. Current and former employees may have had their names, Social Security numbers, dates of birth, and addresses exposed. There is no evidence that the information from the hard drive was used for illegal purposes as of March of 2012.UPDATE(3/22/2012): The external hard drive was purchased at a thrift store. Phone numbers, pay stubs, COBRA Error, Trust Fund Paid Hours, or Fidelity Savings Plan Deduction reports may have also been on the hard drive.UPDATE(4/16/2012): At least one source lists the total number of affected current and former employees as 30,000. [source]

  

KeepKey had a data breach in 2016, in Washington. On the last day of 2016, KeepKey, a vendor of Bitcoin hardware wallets, has notified users of a security breach that inadvertently exposed some of its customers' details.According to Darin Stanchfield, KeepKey founder and CEO, the attack took place on Christmas Day, December 25, when an unknown attacker had activated a new phone number with Stanchfield's Verizon account.This allowed the attacker to request a password reset for his Verizon email account, but receive the password reset details on the newly activated phone number.Attacker hijacked CEO's Verizon account by activating a rogue phone numberA few minutes later, the attacker had taken over Stanchfield's email account and proceeded to request password resets for several services where the KeepKey founder had used that email address to register profiles.In no time, the attacker had taken over several of Stanchfield's accounts on other sites, such as KeepKey's official Twitter account, and several of KeepKey's side services, such as accounts for sales distribution channels and email marketing software. [source]

  

Kinetics Systems, Inc. had a data breach in 2018, in California. On February 1, 2018, Kinetics received notice that an inadvertent data exposure occurred on January 25, 2018. Kinetics experienced a "phishing" attack - via fraudulent email a scammer posed as an Officer of Kinetics, and obtained personal information of current and past employees who worked at Kinetics during 2017. [source]

  

Kool Kids Model & Talent Management had a data breach in 2016, in California. [source]

  

Korn/Ferry International had a data breach in 2012, in California. A cyber breach affected Korn/Ferry databases. Names, Social Security numbers, drivers license numbers, government-issued identification numbers, credit card numbers, and health information may have been exposed. The information may have been available to unauthorized parties for months before the breach was discovered in August of 2012. [source]

  

LANDesk had a data breach in 2015, in Utah. LANDesk, an IT automation firm has notified employees of a databreach when they discovered hackers had infiltrated their system and obtained personal information of current and former employees. According to the company \"it is possible that, through this compromise, hackers obtained personal information, including names and Social Security numbers, of some LANDESK employees and former Wavelink employees." [source]

  

LAZ Parking had a data breach in 2016, in Connecticut. LAZ Parking notified employees of a data breach when an email phishing scam was sent to an employee appearing as though it was from a LAZ Parking executive asking for employees' 2015 W2 information. The information compromised included first and last names, home addresses, Social Security numbers, and 2015 compensation data. [source]

  

Library Resources, Inc. (LRI) had a data breach in 2012, in Pennsylvania. On April 29, an employee accidentally attached a sensitive file to an encrypted email that was sent to a third-party payroll provider. It contained the names and Social Security numbers of pension plan participants of multiple payroll vendors. The error was discovered on May 17, and notifications were sent in July. [source]

  

Los Angeles Department of Water and Power had a data breach in 2008, in California. A computer was stolen from a contractor on February 11, 2008. Compromised information included name, Social Security number, date of birth, employee identification number, salary, work location, deferred compensation balances, insurance plan coverage and health care benefits selection for all active employees who were members of the DWP Retirement Plan during 2006 and 2007.UPDATE(2/15/08): The contractor has been identified as Systematic Automation Inc. Nineteen organizations were affected by the breach. [source]

  

Lynn N. Talbott, JR., CPA had a data breach in 2016, in California. On April 19, 2016, I detected suspicious activity on a work computer. I immediately took the computer off-line and contacted our IT consultant. The consultant has confirmed unusual activity and changed potentially impacted passwords. Further, on April 21, 2016, after a thorough analysis of the computer, the consultant removed malware found on the impacted computer's hard drive, and confirmd all firewalls and security protections were properly functioning.The information compromised included names, gender, dates of birth, telephone numbers, addresses, Social Security numbers, all employment (W-2) information, direct deposit bank account information. [source]

  

Magnolia Health Corporation had a data breach in 2016, in California. Magnolia Health Corporation has notified individuals of a data breach when someone impersonating the CEO in an email, obtained personal information for all active employees of the health center. Magnolia Health Corporation and each of their facilities managed including Twin Oaks Assisted Living, Inc., Twin Oaks Rehabilitation And Nursing Center, Inc., Porterville Convalescent, Inc., Kaweah Manor, Inc., Merritt Manor Inc.The personal information compromised included employee numbers, names, addresses, city, state, zip code, sex, dates of birth, Social Security numbers, hire dates, seniority dates, salary/hourly, salary/rates, departments, job titles, last dates paid, and names of facility. [source]

  

Maine State Lottery Commission had a data breach in 2007, in Maine. Documents containing personal information such as names, Social Security numbers, references to workers compensation claim records, psychiatric and other medical records, and police background checks were found in a dumpster. [source]

  

Management Services, LLC had a data breach in 2018, in Virginia. The Social Security number of each employee was visible through the window of the envelope used to mail W2s to employees. [source]

  

Marriott International Inc. had a data breach in 2018, in Maryland. Specifically, on February 5, 2018, Mariott discovered that between January 23, 2018 and February 5, 2018, a third party obtained unauthorized access to employee information. A third party successfully posed as a Marriott employee by providing valid employee credentials in order to obtain access to Marriott employee Human Resources accounts. Through investigation, have determined that third party had access to the employees' direct deposit information, pay statement and W2 information. Mariott has taken steps to block access to compromised employee accounts and are actively monitoring for fraudulent activity.Breached records include SSN and Account #. [source]

  

Marsh U.S. Consumer, Seabury and Smith, ITT Corporation had a data breach in 2011, in Oklahoma. [source]

  

Maryland Health Benefit Exchange had a data breach in 2015, in Maryland. The information was breached via Desktop Computer. [source]

  

Matador Recordings, LLC had a data breach in 2016, in New York. On May 4, 2016, we were advised by our third-party website developer that it had identified and removed suspicious files from the e-commerce websites of the record labels for which Matador Direct is the distributor. We quickly began an investigation and hired a third-party cybersecurity firm to assist us. Findings from the investigation show that if a customer attempted to or did place an order on one of the affected websites from April 28, 2015 to May 4, 2016, information associated with the order being placed may have been obtained by an unauthorized third-party.The information compromised included customer names, addresses, phone numbers, email addresses, payment card numbers, expiration dates, security codes, and account passwords. [source]

  

McKenna Long & Aldridge had a data breach in 2014, in New York. The information was breached via Desktop Computer, and Electronic Medical Record. [source]

  

Met West Terra had a data breach in 2017, in Wyoming. [source]

  

Milpitas Knights PAL Youth Football had a data breach in 2014, in California. Parents of 80 youth football players were notified of a data breach, when a bag of registration materials required by the league were stolen from the back seat of a volunteers car.The information included original birth certificates and physical forms. The league did not comment on what information was entered on the physical form. [source]

  

Milwaukee Bucks had a data breach in 2016, in Wisconsin. Name, DOB, SSN, address were breached. [source]

  

Mitchell International, Inc. had a data breach in 2016, in California. Mitchell International, Inc. notified individuals of a data breach when an individual impersonated an executive with the company and convinced an employee to provide certain information on current and former employees. The information compromised included first and last names, Social Security numbers, and salary information. [source]

  

Mollie Stone's Markets had a data breach in 2017, in California. [source]

  

Multnomah Athletic Club had a data breach in 2017, in Oregon. Multiple shredding bins on the premises were stolen on Dec. 2, 2017. It is possible that one or more of the bins contained name, addresses, social security numbers, passports, drier's license numbers and or bank account information. To date they are not aware of any reports of identity fraud or improper use of PII as a direct result of the incident. [source]

  

National Stores, Inc. had a data breach in 2017, in California. On December 22, 2017, National Stores received an alert that its point-of-sale systems were affected by malware, and that customer payment card information may have been accessed without authorization. National Stores immediately launched an investigation and engaged digital cybersecurity firms to assist with the investigation. National Stores also contacted the Federal Bureau of Investigation and payment card brands to prevent fraudulent activity on payment cards that may have been affected. The affected payment card holders have not yet been identified, although National Stores is diligently attempting to do so. The number of affected North Carolina residents is therefore unknown. We have entered the number "1" as there is not a mechanism to submit the report with an unknown number. [source]

  

NBTY had a data breach in 2010, in New York. An email containing current and former employees and plan participants personal information was sent to the wrong recipient on June 15th. The information in the email included names, dates of birth, and Social Security numbers. [source]

  

NextGen Global Resources had a data breach in 2017, in Illinois. Name and ssn were breached via email.[source]

  

Northeast Arc had a data breach in 2014, in Massachusetts. Name or other personal identifier in combination with SSN, and financial account number or credit or debit card number, in combination with the security code, access code, password, or PIN for the account for 1837 records, and 3 Maine citizens breached. [source]

  

Northern Trust Company had a data breach in 2014, in Illinois. [source]

  

Northrop Grumman Systems Corporation had a data breach in 2017, in California. [source]

  

Novation Settlement Solutions had a data breach in 2016, in Florida. Name, email address, ssn were breached. [source]

  

NSC Technologies had a data breach in 2017, in Virginia. On March 2, 2017 an on-line hacker posing as NSC’s CEO emailed the company’s payroll department and directed that copies of employee W-2 forms be sent to him. Believing the request to come from the CEO, the payroll department forwarded PDF copies of a number of employee IRS W-2 forms to the requestor, who was using a false email address that appeared to belong to NSC’s CEO. Although this “spoofing” episode was identified for what it was literally moments after the W-2 forms were sent to the hacker, by that point the forms themselves had already been shared with him or her. [source]

  

Oak Ridge National Laboratory had a data breach in 2010, in Ohio. About 1,500 unused hard drives were mismanaged, abandoned, and unsecured in the offices. The hard drives had sensitive information such as names, medical information, dates of birth and salary information. Auditors found hard drives in hallways, unused offices and docks. Only 55 unused hard drives were being stored properly; computer security officers destroyed the others. [source]

  

Office of Personnel Management had a data breach in 2014, in District Of Columbia. In March 2014, it has been reported that Chinese hackers broke into the computer networks of the United States government, specifically The Office of Personnel Management, which houses personal information of all federal employees. The hackers appeared to be targeting the files on tens of thousands of employees who have applied for top-secret security clearance.The hackers gained access to some of the databases of the Office of Personnel Management before the federal authorities detected the threat and blocked them from the network, according to the officials. It is not yet clear how far the hackers penetrated the agency's systems, in which applicants for security clearances list their foreign contacts, previous jobs and personal information like past drug use."This particular hacking is unusual as the US computer systems are constantly being hacked by international hackers, but up until this point, have been stopped before any information was compromised.Currently, officials are investigating to pinpoint exactly where these attacks came from. [source]

  

Opes Advisors had a data breach in 2016, in California. On or about May 26, 2016, email login credentials were compromised allowing an outside party to gain access to one specific account. Although we are still investigating the incident, the email may have contained your private information so we wanted to let you know about this incident right away.The information compromised included email accounts that contained names, Social Security numbers, and any documents emailed. [source]

  

Orbitz had a data breach in 2017. [source]

  

Palo Alto Unified School District had a data breach in 2018, in California. On January 18, 2018, Palo Alto Unified School District learned that an employee was storing confidential parent information on his laptop. This same employee had a prior laptop stolen and based on this information, the District conducted an investigation to determine whether personal information was affected by the prior incident. The District's investigation determined that although the stolen laptop was password protected, confidential information may have been stored on the device, including the name, address, and Social Security number for seven (7) North Carolina residents. The District will begin notifying North Carolina residents by U.S. Mail in accordance with North Carolina law in substantially the same form as the document enclosed herewith. The District is also offering the affected individuals a complimentary one year membership in credit monitoring and identity theft protection services through Experian and has provided a dedicated phone number to answer any questions that individuals may have regarding the incident. [source]

  

PAR Electrical Contractors, Inc. had a data breach in 2017, in Missouri. According to a breach notification form and letter sent to the Indiana Office of Attorney General, PAR Electrical Contractors, Inc. experienced a data breach that resulted in the exposure of "~25,000" persons. According to the accompanying notification letter, "On or about December 22, 2017, a thief stole a container holding daily backup tapes that, as part of PAR's regular practices, had been taken off-site. . . The backup tapes included data from PAR's employment records for present and former employees.We believe the data included your name, contact information, Social Security number, date of birth, and payroll dataincluding bank account number if used for direct deposit). In addition, the tapes may have included your driver's license or passport number (if submitted as part of the new hire process)." [source]

  

Park Hill School District had a data breach in 2014, in Missouri. [source]

  

Paul Stuart had a data breach in 2017, in New York. [source]

  

Performant Financial Corporation had a data breach in 2017, in Ohio. By letter dated April 7, 2017, C&T informed Performant that after noticing unusual activity on its network, C&T had hired a specialist forensic information technology firm to investigate. As a result of that investigation it was determined that an unauthorized individual had accessed a C&T network drive between January 27, 2017, and February 2, 2017. C&T, however, could not determine whether any specific files were accessed. The network drive, unfortunately, contained the Company’s 401K audit files for certain years.Upon receiving C&T’s notification of a potential data breach, Performant undertook its own investigation to determine what specific information may have been compromised. [source]

  

PerkinElmer, Inc. had a data breach in 2016, in Massachusetts. PerkinElmer, Inc notified employees of a data breach when a PerkinsElmer employee was a victim of a phishing scam and was sent an email that appeared to be from another PerkinsElmer employee requesting information on other employees. The information compromised included names, dates of birth, home addresses, Social Security numbers, salary information, titles and specific employee information. [source]

  

Perry & Associates CPA's A.C. had a data breach in 2018, in Ohio. [source]

  

Pivotal Software Inc. had a data breach in 2016, in California. Pivotal Software notified individuals of a databreach when they were a victim of a phishing scam. "On March 22, 2016 a third party sent a fraudulent email message impersonating CEO Rob Mee to an employee requesting certain information about Pivotal employees. The employee responded to the request, mistakenly believing that it came from Mr. Mee. [source]

  

Qvale Auto Group, Inc. had a data breach in 2016, in California. QVC uses technology to track activities that occur on its website, and the tracking technology sends data to companies that provide services to QVC. We recently learned that as the result of a technical setting, instead of sending anonymous data, the tracking technology unintentionally sent limited information about website visitors to those online marketing partners. While the information was sent securely, neither QVC nor the online marketing partners intended for this data to be sent.The information compromised included email addresses and passwords used to access QVC accounts. [source]

  

Real Estate Business Services, Inc. had a data breach in 2017, in California. [source]

  

Reznick Group, AssureCare Risk Management Inc, Colonial Healthcare Inc, Gypsum Management and Supply had a data breach in 2011, in Minnesota. The information was breached via Paper/Films. [source]

  

Richard Berger CPA had a data breach in 2015, in California. The information was breached via Network Server. [source]

  

Riverside Logistics Services had a data breach in 2018, in Virginia. On February 5, 2018, personal information for certain employees and former employees may have been accessed without authorization. As soon as Riverside discovered the incident, it reported the matter to the FBIŠ__΢Š—_’öÎ劗_’•Î¢s Internet Crime Complaint Center and notified the Internal Revenue Service/Criminal Investigation to prevent fraudulent activity. [source]

  

Rosewood Hotel Group had a data breach in 2017, in Maine. Guest name and payment card information (cardholder name, payment card number, exp date and security code) for 8 records breached. [source]

  

San Juan Capistrano Unified School District (CA) had a data breach in 2006, in California. Five computers stolen from the HQ of San Juan Capistrano Unified School District likely contain the names, SSNs and dates of birth of district employees enrolled in an insurance program. [source]

  

Sawicki and Phelps had a data breach in 2011, in Minnesota. Detailed medical information was discovered on the back of a drawing from a student of Hale Elementary. An attorney from Sawicki and Phelps donated the firms old paper to her childs school. A local news team contacted the school after discovering the incident and additional pieces of paper were collected and stored in a secure location. The number of people affected was not revealed. [source]

  

Seagate had a data breach in 2016, in California. [source]

  

Securadyne Systems LLC had a data breach in 2017, in Texas. On or about September 12, 2017, Securadyne discovered that it had become the target of a phishing email campaign and that several employees had clicked on the phishing email and entered their credentials. Securadyne immediately took steps to secure the employees' email accounts and launched an in-depth investigation to determine whether any sensitive information was accessed or acquired. Securadyne subsequently determined, with the help of outside computer forensic investigators, that an unknown actor had gained access to the Securadyne employees' email accounts. On November 7, 2017, Securadyne determined, after a lengthy programmatic and manual review of the contents of the email accounts, the types of protected information contained in the email accounts and to which individuals the information relates, and immediately launched a review of its files to ascertain address information for the impacted individuals. [source]

  

Sequoia Union High School had a data breach in 2016, in California. The information was breached via Network Server. [source]

  

Service Alternatives had a data breach in 2014, in Washington. Service Alternatives has informed individuals of a data breach to their payroll system. It appears that an unauthorized third person or persons obtained access to that system between November 2013 and March 2014. The information obtained included full names, addresses, dates of birth (excluding foster parents), Social Security number, Driver's license number or identity card number (excluding foster parents), tax documents, documents provided on form I-9 for anyone hired after Oct. 2010 (excluding foster) parents, bank routing number and account number if direct deposit was ever used. [source]

  

Six Continents Hotels, Inc. dba InterContinental Hotels Group had a data breach in 2017, in Georgia. Many IHG-branded locations are independently owned and operated franchises, and certain of these franchisee operated locations in the Americas were made aware by payment card networks of patterns of unauthorized charges occurring on payment cards after they were legitimately used at their locations. To ensure an efficient and effective response, IHG hired a leading cyber security firm on behalf of franchisees to coordinate an examination of the payment card processing systems of franchise hotel locations in the Americas region.What Information Was InvolvedThe investigation identified signs of the operation of malware designed to access payment card data from cards used onsite at the front desk at certain IHG-branded franchise hotel locations in the Americas* between September 29, 2016 and December 29, 2016. The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the affected hotel server. There is no indication that other guest information was affected.You are being notified because you used payment card(s) ending in during this time period onsite at the front desk of an affected hotel. A list of affected IHG franchise locations and respective time frames, which may vary by location, is available at www.ihg.com/protectingourguests. [source]

  

Snelling Staffing LLC had a data breach in 2014, in Texas. Snelling Staffing LLC informed current and previous employees of a data breach that exposed personal information to others via the Internet due to an installation error of a cloud based server at the home of a former Snelling employee, on January 24, 2014.The information exposed included Social Security numbers, driver's license numbers, dates of birth, home addresses, medical information, alleged criminal activity and/or drug test results. The company did discover that breach and shut down access to the information within the same day. [source]

  

Spark Pay had a data breach in 2017, in New York. [source]

  

Sprouts Farmers Market had a data breach in 2016, in Arizona. Sprouts Farmers Market notified employees of a databreach when a phishing attack resulted in disclosure of employee W-2 information. The information compromised included names, addresses, Social Security numbers, wages, and withheld taxes for 2015 in the state in which individuals pay income taxes. [source]

  

Stallcup & Associates CPA's had a data breach in 2017, in California. [source]

  

StarCite Inc. had a data breach in 2006, in Pennsylvania. A laptop containing personal information of employees was stolen from a hotel room on September 13. The information included name, Social Security number, date of birth, address, date of hire, occupation, salary, supplemental insurance information, and identified the type and tier of medical and/or dental coverage. [source]

  

State Compensation Insurance Fund had a data breach in 2014, in California. The State Compensation Insurance Fund, a state agency that provides workers compensation insurance to businesses informed customers of a data breach when one of their brokers suffered a data breach to their system.Lucy Gomez Blankley Interpreting Inc., a provider of Stat Fund was the victim of a computer hack that resulted in theft of emails in which contained information regarding patient workers compensation claims.The specific information included names, addresses, phone, Social Security Number, dates of birth and workers compensation claim number.The agency is providing one year free of Experian ProtectMyID services to those who were affected. [source]

  

State Department of Labor and Industries, Washington State Employees Credit Union, Court of Appeals had a data breach in 2010, in Washington. Confidential paper files from at least three tenants of the state-owned Rhodes Building were found in an unsecured recycling bin. Some documents included names, Social Security numbers, checking account information, health information and dates of birth. A news report claimed the documents numbered in the dozens. Representatives for some of the organizations claimed that the files were supposed to be shredded. [source]

  

State Industrial Products had a data breach in 2014, in Ohio. The information was breached via Desktop Computer. [source]

  

Sterling M Enterprise (dba Lee's Deli) had a data breach in 2015, in California. [source]

  

Sunrun had a data breach in 2017, in California. [source]

  

talentReef, Inc. had a data breach in 2017, in Colorado. [source]

  

Talx Corporation had a data breach in 2014, in Missouri. [source]

  

Texas Association of School Boards had a data breach in 2017. [source]

  

The Boeing Corporation had a data breach in 2017, in Washington. The information was breached via Portable Electronic Device. [source]

  

The Coca-Cola Company had a data breach in 2017, in Georgia. Electronic breach affecting credit/debit cards as reported by the department of Consumer Affairs and Business Regulation the state of Massachusetts. [source]

  

Tio Networks had a data breach in 2014, in Michigan. Name, contact information and subscriber/billing account numbers (also payment card info, bank acct info, SSN and other government ID numbers and account userNames and passwords for an estimated 336 Maine citizens breached. [source]

  

T-Mobile had a data breach in 2017, in Texas. A bug on T-Mobile‘s website may have allowed hackers to view your personal information. The bug, which has since been patched, allowed hackers to view your email address, account number, and even your phone’s IMSI number (a unique number that identifies subscribers). According to the researcher that found the bug, there was no way to prevent someone writing a script and finding out the information for all 69.6 million potential victims. [source]

  

Toyota Motor Corporation had a data breach in 2016, in Texas. [source]

  

TuneCore had a data breach in 2015, in New York. [source]

  

Twitter Counter had a data breach in 2017, in California. Thousands of high-profile Twitter accounts have been spewing swastikas and spam following the hack of a popular third-party Twitter service.Sites tied to Amnesty International, BBC's North American service, Forbes magazine, the European Parliament and even tennis star Boris Becker were affected.The hacking traces to third-party analytics service Counter, which bills itself as "the #1 stat site powered by Twitter". [source]

  

Tyler Technologies Inc. had a data breach in 2017, in Texas. An employee reported a portable hard drive stolen or missing that might contain personal information about veterans including Social Security numbers. uPDATE (2/10/07): vA increases number of affected veterans to 535,000, included in the total below. uPDATE (2/12/07): vA reported that billing information for 1.3 million doctors was also exposed, including names and Medicare billing codes, not included in the total below. uPDATE (3/19/07): the VAs Security Operations Center has referred 250 incidents since july 2006 to its inspector general, which has led to 46 separate investigations. uPDATE (6/18/07):More than $20 million to respond to its latest data breach, the breach potentially puts the identities of nearly a million physicians and vA patients. [source]

  

Uber had a data breach in 2017, in California. The "Uber partner" app that was designed by the company apparently has leaked drivers information which included their license and Social Security number. An Uber driver found the glitch and communicated his findings with a reporter. (1/7/2016): New York has agreed to a $20,000 settlement with Uber over their "god view" rider-tracking system that compromised driver information. [source]

  

University of Iowa Hospitals and Clinics had a data breach in 2011, in Iowa. University officials launched an investigation to determine if electronic medical records of 13 Iowa Hawkeyes football players receiving care at the facility were accessed inappropriately. Speculation about the health of the football players and the causes of their illness had been in the media.UPDATE (2/3/2011): It appears that three workers will be fired and two will be suspended because they inappropriately accessed football player information.UPDATE(2/7/2011): One of the fired workers is challenging allegations that she viewed patient information without authorization. She and her representative claim that she did nothing wrong, and that if the accusations were true, viewing computerized medical records for a few seconds should be treated as a minor infraction.UPDATE(4/5/2011): The nurse who challenged her termination has agreed to resign rather than be fired. [source]

  

Ursus Holdings, LLC had a data breach in 2016, in Texas. The US agency responsible for certifying the security of voting machines reportedly fell victim to a hacker believed to be Russian.Security firm Recorded Future said Thursday that it discovered login credentials for computers at the US Election Assistance Commission for sale on the internet black market. The firm said its analysis identified the hacker as Russian.The breach appeared to include more than one hundred access credentials, including some with the highest administrative privileges, Andrei Barysevich, director of advanced collection at Recorded Future, wrote in a blog post. These administrative accounts could potentially be used to access sensitive information as well as surreptitiously modify or plant malware on the EAC site. [source]

  

US Postal Service had a data breach in 2014, in District Of Columbia. The US Postal Service is releasing information today that they have been the victim of a cyber attack with Chinese hackers being suspected of hacking into their computer networks compromising the information of over 800,000 employees.Currently the FBI is investigating the breach and it appears that information obtained included names, dates of birth, Social Security numbers, addresses, dates of employment. According to officials, all postal service employees were affected and they are not yet clear why their information was of interest to these hackers. They are not seeing any evidence of customer information being compromised. The investigators are calling the hackers \"sophisticated actors\". More information will be posted as additional information comes out with the investigation. [source]

  

Vertex Wireless had a data breach in 2017, in Illinois. The information was breached via Paper/Films. [source]

  

Vesta Property Services had a data breach in 2015, in Florida. [source]

  

Walker Advertising, LLC had a data breach in 2018, in California. The information was breached via Electronic Medical Record. [source]

  

Watermark Retirement Communities had a data breach in 2014, in Arizona. Information was saved to a drive that was capable of being access through the internet. [source]

  

Wells Fargo via unnamed auditor had a data breach in 2006, in California. In a letter dated Aug. 28, the company notified its employees that a laptop and data disk were stolen from the locked trunk of an unnamed auditor, hired to audit the employees health plan. Data included names, SSNs, and information about drug claim cost and dates from 2005, but no prescription information said the company. [source]

  

Westminster Ingleside King Farm Presbyterian Retirement Communities, Inc.(Rockville, MD) had a data breach in 2017, in Maryland. Name, address, birthdate, SSN, financial account information & protected health information for 12 Maine citizens were breached. [source]

  

Wolters Kluwer had a data breach in 2006, in California. A laptop with Social Security numbers, addresses, and some health plan information for current and former employees was stolen from a docking station at a private office on or around May 29. The laptop may have also included bank account information for 600 employees who had joined the company during 2006. Employees were notified in July. [source]

  

Wounded Warrior Project had a data breach in 2012, in Florida. A July 25 office burglary resulted in the theft of at least 33 laptops and iPads. The personal information of an unspecified number of former employees may have been affected.UPDATE(11/28/2012): The laptops contained employee names, Social Security numbers, addresses, dates of birth, passport numbers, credit card information, bank account numbers, and possibly life insurance dependent information. The IT department remotely locked access to the devices after discovering they had been stolen earlier in the same day. [source]

  

YMCA of San Diego had a data breach in 2014, in California. On or about June 14, 2017, the YMCA became aware that an Excel spreadsheet containing personal information of certain YMCA employees was inadvertently sent over email to certain YMCA employees. Upon learning of the event, the YMCA immediately launched an investigation to determine its nature and scope, including remediating the incident with the assistance of the YMCA IT department. [source]

  

(return to health DataMap)



Copyright © 2012-2016 President and Fellows Harvard University.