theDataMap

Documenting all the places
personal data goes.

healthDataMap


Legend: with your name, without your name.
Click on a circle above for names of organizations and details of data shared.


Lawyers involved in litigation, such as malpractice cases, can subpoena patient information from healthcare providers, even patients not in the lawsuit.

Examples

Akerman Senterfitt, Llp purchases statewide personal hospital discharge data from at least FL [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Law Office of Ashley Bell, Department of Family and Children Services, Court Appointed Special Advocates (CASA) had a data breach in 2011, in Florida. Sensitive client files were found in a newspaper recycling bin at The Gainesville Times. The files were related to the physical and sexual abuse of juveniles and client Social Security and phone numbers were exposed. The breach may have been caused by a college intern who disposed of the files inappropriately. Some files were as recent as 2009, but all cases were closed. [source].

  

Adobe had a data breach in 2017, in California. Adobe has earned mockery after accidentally posting its private PGP key on the firm's official security blog.Last week, Adobe's product security incident response team (PSIRT) accidentally published the private PGP key on the PSIRT blog on Friday, a lesson in what you should never reveal unless you want others to impersonate you. [source]

  

Beef O'Brady's Restaurants had a data breach in 2014, in Florida. [source]

  

Berks & Beyond Employment Services had a data breach in 2016, in Pennsylvania. [source]

  

Charles Komar & Sons, Inc. had a data breach in 2017, in New Jersey. [source]

  

CitiStorage had a data breach in 2015, in New York. A fire at the CitiStorage warehouse in Brooklyn, inadvertently put individual's privacy at risk. This warehouse stored thousands of records for law firms, medical practices, government agencies, financial companies and other businesses.Amongst the charred paperwork were visible Social Security numbers, medical information, bank checks, lawyers' letters, court transcripts and more. Much of the paperwork was strewn out for blocks with clearly visible personal information making it very easy to steal someone's identity. "New York City sent disaster recovery contractors, equipped with nets, shovels and protective boots, to try to collect the debris. But still, beachcombers sifted freely through the trove of documents, picking their way through remnants of the days when many records were on paper and the city government was one of the few takers for north Brooklyn’s waterfront land." [source]

  

Corovan/Corodata/Klinger Moving had a data breach in 2017, in California. [source]

  

Equals3 had a data breach in 2017, in Minnesota. A cache of voter records on over a half-million Americans has been found online.The records, totaling 593,328 individual sets of records, appear to contain every registered voter in the state of Alaska, according to security researchers at the Kromtech Security Research Center, who found the database.The records were stored in a misconfigured CouchDB database, which was accessible to anyone with a web browser -- no password needed -- until Monday when the data was secured and subsequently pulled offline. [source]

  

Gas and Shop had a data breach in 2016, in California. [source]

  

Google Android had a data breach in 2016, in California. Hackers have in a matter of months compromised more than 1 million Google accounts as part of a lucrative fraudulent advertising scheme involving malicious app downloads, according to a new report by Check Point Software Technologies , an Israeli cybersecurity firm.People’s devices became infected after they installed innocent-looking, albeit booby-trapped software from app stores outside Google’s authorized Play store. The malware took complete control of their devices at the root, or deepest level, stealing tokens that Google cloud services—such as Gmail, Google Photos, and Google Docs—use to authenticate users. [source]

  

Google Docs had a data breach in 2017, in California. [source]

  

Grand Sierra Resort and Casino had a data breach in 2016, in Nevada. [source]

  

Heritage Foundation had a data breach in 2015, in District Of Columbia. The Heritage Foundation was the victim of a data breach when hackers infiltrated an external server that contained personal information of private donors. "We experienced a malicious, unauthorized data breach of six-year-old documents on an external server that appear to contain personal information of private donors, who we are notifying," said spokesman Wesley Denton.[source]

  

K Partners Hotel Management had a data breach in 2016, in Texas. [source]

  

Keller Williams Realty had a data breach in 2017, in Texas. [source]

  

Law Office of Ashley Bell, Department of Family and Children Services, Court Appointed Special Advocates (CASA) had a data breach in 2011, in Florida. Sensitive client files were found in a newspaper recycling bin at The Gainesville Times. The files were related to the physical and sexual abuse of juveniles and client Social Security and phone numbers were exposed. The breach may have been caused by a college intern who disposed of the files inappropriately. Some files were as recent as 2009, but all cases were closed. [source]

  

Mandarin Oriental Hotel Group had a data breach in 2015, in New York. The hotel chain Mandarin Oriental has announced that their point-of-sale systems were hacked and infected with malware that stole customer credit card data. The hacking, according to the hotel chain, is limited to hotels in the U.S and Europe.The company has not communicated exactly how many of the hotels locations were compromised only stating that "Mandarin Oriental can confirm that the credit card systems in an isolated number of our hotels in the US and Europe have been accessed without authorization and in violation of both civil and criminal law. The Group has identified and removed the malware and is coordinating with credit card agencies, law enforcement authorities and forensic specialists to ensure that all necessary steps are taken to fully protect our guests and our systems across our portfolio. Unfortunately incidents of this nature are increasingly becoming an industry-wide concern. The Group takes the protection of customer information very seriously and is coordinating with credit card agencies and the necessary forensic specialists to ensure our guests are protected.”According to Krebs on Security, "banking industry sources say the breach almost certainly impacted most if not all Mandarin hotels in the United States, including locations in Boston, Florida, Las Vegas, Miami, New York, and Washington D.C. Sources also say the compromise likely dates back to just before Christmas 2014." [source]

  

McFadden had a data breach in 2016, in Arizona. People who ate at McFadden's received phone calls about fraudulent charges made to their credit card. The victims were told by their banks, the charges were made using a fake credit card. ABC15 found even more victims when we searched on Yelp. One writes, the manager told them they were aware of the problem, suggesting a problem with the bank. [source]

  

Mid-Atlantic Carpenters' Training Center had a data breach in 2017, in Maryland. Name or other personal identifire in combination with SSN, Driver's license number or non-driver ID number for 9 Maine citizens breached. [source]

  

Multi-Color Corporation had a data breach in 2016, in Ohio. An East Coast law firm representing Multi-Color in litigation. As part of that representation, the law firm collected data from Multi-Color's systems, which included HR recrods and information on all current US employees as of April 13, 2016; certain former employees and some employees of a predecessor company; and applicants. The data was saved to an external hard drive and password protected. The hard drive was delivered to the law firm and the password was separately emailed to the law firm.On May 16, 2016, the law firm informed Multi-Color that someone broke into the law firm's law officees on eithr May 14 or May 15 and stole several items, including the hard drive containing Multi-Color's data and the password.The information compromised included all current US employees as of April 13, 2016, former employees and employees of a predecessor company all of which may have included names, Social Security numbers, addresses as well as dependent information. [source]

  

PIP Printing Company had a data breach in 2017, in Illinois. An online security breach at a national printing chain leaked thousands of sensitive documents — from labor filings involving NFL players to lawsuits against Hollywood studios to personal immigration-related papers — raising the possibility that private information could end up in the wrong hands. The leak at PIP printing, which has more than 400 locations in 13 countries, went on for four months before it was repaired Tuesday, cybersecurity experts involved in investigating the breach told NBC News. But there's no evidence that any hackers may have stumbled upon the files to use them for malicious purposes, they add. The documents, which NBC News examined, ranges from emails revealing credit card and social security numbers to legal filings such as depositions, subpoenas and labor lawsuits. Extensive medical records belonging to high-profile athletes were also at risk.PIP owner Michael Bluestein told NBC News that the breach appeared to stem from a third-party IT firm that accidentally misconfigured the backup protocols — essentially leaving a back door open in the system. [source]

  

Pratt Industries, Inc. had a data breach in 2017, in Georgia. [source]

  

Public Architecture/theonepercent.org had a data breach in 2014, in California. On December 8th, 2014 Public Architecture, theonepercent.org, was breached when a hacker broker through the sites security protocols and firewalls to put up a brag page touting his success in hacking. The hacker deleted files that affected the operation of the site, and possibly stole usernames, passwords, and contact information. [source]

  

Southern Environmental Law Center had a data breach in 2012, in Virginia. Sensitive information from Southern Environmental Law Center was placed online. Credit card, medical, and donor information such as addresses, phone numbers, and client files were exposed. The data was accessible via Google search for an unspecified amount of time. Southern Environmental Law Center is warning people not to open emails about the security failure or click on any links in emails that appear to be from Southern Environmental Law Center. [source]

  

Staminus Communications Inc. had a data breach in 2016, in California. On March 10, 2016 Staminus Communications was the victim of an unauthorized intrusion into its network. The information compromised included names, credit card numbers, as well as usernames, passwords, and contact information [source]

  

The World Anti-Doping Agency (WADA) had a data breach in 2016, in Quebec. The information was breached via Portable Electronic Device. [source]

  

Viacom had a data breach in 2017, in California. A mishandling of Viacom's master AWS key has left the credentials of hundreds of digital properties, including Comedy Central, Paramount, MTV and other entertainment companies, exposed.On Aug. 30, 2017 UpGuard Director of Cyber Risk Research Chris Vickery spotted a publicly downloadable Amazon Web Services S3 cloud storage bucket containing what appeared to be nothing less than either the primary or backup configuration of Viacom's IT infrastructure.The servers contained the passwords and manifests for Viacom's servers as well as data needed to maintain and expand the IT infrastructure in addition to the access key and secret key for the corporations AWS account, according to a Sept. 19 blog post. [source]

  

Walz and Associates Law Firm had a data breach in 2013, in New Mexico. A concerned citizen found hundreds of documents in a recycling center and notified a local news team. The documents included criminal histories, depositions, medical records, personal phone numbers, and addresses. Most were from the 1990s. Most or all of the information did not need to be shredded because it was considered public record. The local news team contacted a director from the solid waste division and the documents were removed for shredding. [source]

  

Weber Law Firm had a data breach in 2008, in Texas. Name, payment card info, address were breached. [source]

  
  

(return to health DataMap)



Copyright © 2012-2016 President and Fellows Harvard University.