Compromises in 2011 affecting less than 10,000
Compromises in 2011 affecting 10,000 or more
Compromises in 2011 affecting an unknown, or undisclosed, number
01/03/2011 EVG Quality Gas
a retail business in Sierra Madre, California 380 accounts compromised
01/05/2011 Taco Bell
a retail business in Grand Rapids, Michigan 50 accounts compromised
01/06/2011 PinnacleHealth System, Gair Medical Transportation Services
a healthcare provider or servicer in Harrisburg, Pennsylvania 1,086 accounts compromised
01/06/2011 Private Dental Practice
a healthcare provider or servicer in Germantown, Maryland 1,000 accounts compromised
01/06/2011 Grant Medical Center, OhioHealth
a healthcare provider or servicer in Columbus, Ohio 501 accounts compromised
01/06/2011 Heraeus Incorporated
a business other than retail in New York, New York 514 accounts compromised
01/06/2011 Pentagon Federal Credit Union (PenFed)
a Financial or Insurance Services firm in Alexandria, Virginia 514 accounts compromised
01/08/2011 Campus Suite Apartments
a business other than retail in West Lafayette, Indiana 30 accounts compromised
01/08/2011 Washington State Employment Security Division
State Government in Olympia, Washington 1,000 accounts compromised
01/08/2011 Race Trac
a retail business in Melbourne, Florida 600 accounts compromised
01/10/2011 Entertainment Software Rating Board (ESRB)
a business other than retail in New York, New York 1,000 accounts compromised
01/13/2011 New Mexico National Guard
Military in Sante Fe, New Mexico 650 accounts compromised
01/13/2011 St. Vincent Hospital
a healthcare provider or servicer in Indianapolis, Indiana 1,800 accounts compromised
01/14/2011 California Therapy Solutions
a healthcare provider or servicer in , California 1,226 accounts compromised
01/14/2011 Blue Cross Blue Shield of Michigan (BCBSM), Tstream Software
a healthcare provider or servicer in Harper Woods, Michigan 2,979 accounts compromised
01/14/2011 Osceola Medical Center, Hils Transcription Service
a healthcare provider or servicer in Osceola, Wisconsin 500 accounts compromised
01/14/2011 International Union of Operating Engineers Health and Welfare Fund, Zenith Administrators, Inc.
a Non-Governmental Organization (includes non-profits) in Baltimore, Maryland 800 accounts compromised
01/14/2011 Azure Acres
a healthcare provider or servicer in New York, New York 699 accounts compromised
01/15/2011 South Carolina State Budget and Control Board Employee Insurance Program
State Government in Columbia, South Carolina 5,600 accounts compromised
01/15/2011 Omaha School Employees Retirement System
an educational institution in Omaha, Nebraska 4,300 accounts compromised
01/18/2011 MIchael’s Rock Hill Grille
a retail business in Rock Hill, South Carolina 30 accounts compromised
01/19/2011 Ingenix
a business other than retail in Eden Prairie, Minnesota 142 accounts compromised
01/20/2011 Chase Bank
a Financial or Insurance Services firm in San Luis Obispo, California 100 accounts compromised
01/24/2011 Wentworth Institute of Technology
an educational institution in Boston, Massachusetts 1,300 accounts compromised
01/24/2011 University of Missouri, Coventry Health Care
an educational institution in Columbia, Missouri 750 accounts compromised
01/26/2011 Warner Pacific College
an educational institution in Portland, Oregon 1,536 accounts compromised
01/26/2011 Universal Technical Institute
an educational institution in Phoenix, Arizona 98 accounts compromised
01/26/2011 Ember Corporation
a business other than retail in Boston, Massachusetts 50 accounts compromised
01/29/2011 Southern Perioperative Services, P.C.
a healthcare provider or servicer in Pelham, Alabama 2,000 accounts compromised
01/29/2011 Dermatology Clinic
a healthcare provider or servicer in Durham, North Carolina 55 accounts compromised
01/29/2011 Friendship Center Dental Office
a healthcare provider or servicer in Ocala, Florida 2,200 accounts compromised
01/29/2011 Franciscan Medical Group
a healthcare provider or servicer in Tacoma, Washington 1,250 accounts compromised
01/29/2011 Veteran’s Affairs Medical Center
Military in White River Junction, Vermont 114 accounts compromised
01/30/2011 The Minnesota Department of Education
State Government in Roseville, Minnesota 20 accounts compromised
02/02/2011 University Book Exchange
a retail business in Greenville, North Carolina 100 accounts compromised
02/03/2011 University of Washington Hospital
an educational institution in Seattle, Washington 17 accounts compromised
02/03/2011 SettlementOne Credit Corporation
Also include Sackett National Holdings Inc., ACRAnet Inc., Fajilan and Associates Inc., Statewide Credit Services and Robert Fajilan, businesses other than retail in multiple states 1,800 accounts compromised
02/05/2011 Human Services Agency of San Francisco
City Government in San Francisco, California 2,400 accounts compromised
02/09/2011 Oregon Department of Corrections
City Government in Madras, Oregon 300 accounts compromised
02/15/2011 Affiliated Computer Services (ACS)
a business other than retail in Columbus, Ohio 8,000 accounts compromised
02/15/2011 Lake Woods Nursing and Rehabilitation Center
a healthcare provider or servicer in Muskegon, Michigan 656 accounts compromised
02/15/2011 Baptist Memorial Hospital
a healthcare provider or servicer in Huntingdon, Tennessee 4,800 accounts compromised
02/15/2011 Baylor Health Care Systems, Baylor Heart and Vascular System, Baylor University Medical Center
a healthcare provider or servicer in Dallas, Texas 8,241 accounts compromised
02/16/2011 Charleston Area Medical Center (CAMC)
a healthcare provider or servicer in Charleston, West Virginia 3,655 accounts compromised
02/17/2011 American Airlines
a business other than retail in San Jose, California 350 accounts compromised
02/22/2011 Integrity Bank Plus, MicroBilt Corp
a Financial or Insurance Services firm in Kennesaw, Georgia 500 accounts compromised
02/22/2011 Emory Healthcare
a healthcare provider or servicer in Atlanta, Georgia 2,400 accounts compromised
02/24/2011 Henry Ford Health Center
a healthcare provider or servicer in Detroit, Michigan 2,777 accounts compromised
02/28/2011 Delray Beach and Oakland Park Fire Fighters and Police Officers
Local Government in Oakland Park, Florida 400 accounts compromised
03/02/2011 Beebe Medical Center
a healthcare provider or servicer in Florida 113 accounts compromised
03/03/2011 Missouri State University
an educational institution in Springfield, Missouri 6,030 accounts compromised
03/05/2011 Rancho Los Amigos National Rehabilitation Center
a healthcare provider or servicer in Downey, California 667 accounts compromised
03/07/2011 Blue Cross Blue Shield Florida
a healthcare provider or servicer in Jacksonville, Florida 7,366 accounts compromised
03/09/2011 Shell, Chevron
a retail business in Mountain View, California 3,600 accounts compromised
03/09/2011 Eastern Michigan University
an educational institution in Ypsilanti, Michigan 45 accounts compromised
03/14/2011 Virginia Polytechnic Institute and Virginia Tech
educational institutions in Blacksburg, Virginia 370 accounts compromised
03/15/2011 Nation’s Giant Hamburgers
a retail business in Vacaville, California 200 accounts compromised
03/16/2011 Jefferson Center for Mental Health
a healthcare provider or servicer in Wheat Ridge, Colorado 546 accounts compromised
03/16/2011 Cancer Care Northwest
in Spokane, Washington 3,150 accounts compromised
03/17/2011 Walnut Township School District
Local Government in Millersport, Ohio 80 accounts compromised
03/18/2011 City of Cleveland, Texas
City Government in Cleveland, Texas 10 accounts compromised
03/21/2011 Portland Veterans Affairs Medical Center
Military in Portland, Oregon 50 accounts compromised
03/22/2011 Bloomfield Hills School District
Local Government in Bloomfield, Michigan 321 accounts compromised
03/26/2011 Portland Center for the Performing Arts (PCPA)
a business other than retail in Portland, Oregon 864 accounts compromised
03/26/2011 Memorial Health Services, MemorialCare Health System
a healthcare provider or servicer in Long Beach, California 2,250 accounts compromised
03/26/2011 Killeen Independent School District (KISD)
an educational institution in Killeen, Texas 58 accounts compromised
03/26/2011 Maryville Academy
in Des Plaines, Illinois 3,897 accounts compromised
03/30/2011 NYU Langone Medical Center
a healthcare provider or servicer in New York, New York 2 accounts compromised
04/06/2011 Hartford Life Insurance Company
a Financial or Insurance Services firm in Hartford, Connecticut 300 accounts compromised
04/07/2011 Town of Barton
City Government in Barton, Vermont 150 accounts compromised
04/08/2011 Maine State Prison
State Government in Warren, Maine 117 accounts compromised
04/08/2011 VA Medical Center
Military in Aiken, South Carolina 2,600 accounts compromised
04/13/2011 Private Medical Practice
a healthcare provider or servicer in San Antonio, Texas 34 accounts compromised
04/13/2011 PNC Automated Teller Machines
a Financial or Insurance Services firm in Pittsburgh, Pennsylvania 211 accounts compromised
04/14/2011 Private Medical Practice
a healthcare provider or servicer in Oklahoma 600 accounts compromised
04/14/2011 Central Brooklyn Medical Group PC, Preferred Health Partners
a healthcare provider or servicer in New York, New York 500 accounts compromised
04/14/2011 Fairview Health Services
a healthcare provider or servicer in Minneapolis, Minnesota 1,200 accounts compromised
04/15/2011 Jade House Restaurant
a retail business in Richmond, Indiana 15 accounts compromised
04/18/2011 Southwest Ambulance
a healthcare provider or servicer in Mesa, Arizona 581 accounts compromised
04/19/2011 Central Ohio Technical College (COTC)
an educational institution in Newark, Ohio 617 accounts compromised
04/20/2011 Institute of Electrical and Electronics Engineers (IEEE)
a Non-Governmental Organization (includes non-profits) in Piscataway, New Jersey 828 accounts compromised
04/20/2011 Texas Health Arlington Memorial Hospital
a healthcare provider or servicer in Arlington, Texas 654 accounts compromised
04/21/2011 Qdoba Mexican Grill
a retail business in Clive, Iowa 12 accounts compromised
04/21/2011 GoGrid LLC.
a business other than retail in San Francisco, California 40 accounts compromised
04/21/2011 ABM Industries
a business other than retail in Atlanta, Georgia 91 accounts compromised
04/22/2011 U.S. District Court for the Middle District of Alabama
Government in Montgomery, Alabama 40 accounts compromised
04/28/2011 DSLReports.com
a business other than retail on the internet 8,000 accounts compromised
04/29/2011 Peace Officers Research Association of California (PORAC)
a business other than retail in Sacramento, California 2,000 accounts compromised
04/29/2011 Omnicare Inc.
a healthcare provider or servicer in Covington, Kentucky 8,845 accounts compromised
05/02/2011 Woman to Woman Healthcare
a healthcare provider or servicer in San Francisco, California 26 accounts compromised
05/03/2011 Speare Memorial Hospital
a healthcare provider or servicer in Gambrills, Maryland 6,000 accounts compromised
05/04/2011 Catholic Social Services
1,700 accounts compromised
05/05/2011 Park Avenue Obstetrics and Gynecology, PC
a healthcare provider or servicer in Atlanta, GA 635 accounts compromised
05/05/2011 Union Security Insurance Company
a Financial or Insurance Services firm in Las Vegas, Nevada 935 accounts compromised
05/07/2011 Office of Dr. Jeffry Barnes
a healthcare provider or servicer in Illinois 60 accounts compromised
05/07/2011 Allina Hospitals and Clinics
a healthcare provider or servicer in Hartford, Connecticut 11 accounts compromised
05/09/2011 Huntington National Bank
a Financial or Insurance Services firm in Bellwood, Illinois 2,000 accounts compromised
05/10/2011 Fox.com
a business other than retail in Winchester, Virginia 363 accounts compromised
05/17/2011 Regions Bank
a Financial or Insurance Services firm in Nashville, TN 149 accounts compromised
05/17/2011 Eye Care Associates of the San Ramon Valley
a healthcare provider or servicer in San Antonio, Texas 611 accounts compromised
05/18/2011 The Securities and Exchange Commission
Federal Government in Denver, Colorado 4,000 accounts compromised
05/20/2011 LaMar’s Donuts
a retail business in Kokomo, Indiana 50 accounts compromised
05/20/2011 HarborOne Credit Union
a Financial or Insurance Services firm serving New England 800 accounts compromised
05/20/2011 Flanigan’s
a retail business in Loma Linda, California 85 accounts compromised
05/21/2011 Methodist Charlton Medical Center
a healthcare provider or servicer in Dallas, Texas 1,500 accounts compromised
05/21/2011 Keith & Fisher, DDS, PA
a healthcare provider or servicer in Greensboro, North Carolina 6,000 accounts compromised
05/21/2011 Office of Dr. Edalji and Dr. Komer
a healthcare provider or servicer in Brookline, Massachusetts 563 accounts compromised
05/21/2011 TRICARE Management Activity
a healthcare provider or servicer in Aurora, Colorado 4,500 accounts compromised
05/25/2011 Bank of America
a Financial or Insurance Services firm in New York, New York 300 accounts compromised
05/27/2011 San Juan Unified School District
an educational institution in Carmichael, California 4,000 accounts compromised
05/27/2011 Valley National Bank
a Financial or Insurance Services firm in New York, New York 348 accounts compromised
05/28/2011 Provena Covenant Medical Center
a healthcare provider or servicer in Urbana, Illinois 100 accounts compromised
06/02/2011 Wake Forest Baptist Medical Center
a healthcare provider or servicer in Winston-Salem, South Carolina 357 accounts compromised
06/03/2011 Trinity Medical Center (Montclair Baptist Medical Center)
a healthcare provider or servicer in Birmingham, Alabama 4,500 accounts compromised
06/03/2011 Trinity Medical Center (Montclair Baptist Medical Center)
a healthcare provider or servicer in Birmingham, Alabama 4,500 accounts compromised
06/03/2011 Indiana Regional Medical Center
a healthcare provider or servicer in Indiana, Pennsylvania 500 accounts compromised
06/04/2011 Infragard
a business other than retail in Atlanta, Georgia 180 accounts compromised
06/05/2011 Casa Grande Justice Court
City Government in Casa Grande, Arizona 200 accounts compromised
06/08/2011 University of Mary Washington (UMW)
an educational institution in Fredericksburg, Virginia 7,566 accounts compromised
06/08/2011 LexisNexis, Onyx Collections and Locators Services Inc.
a business other than retail in Boca Raton, Florida 74 accounts compromised
06/09/2011 Murphy USA
a retail business in Suffolk, Virginia 42 accounts compromised
06/09/2011 The VA Caribbean Healthcare System
a healthcare provider or servicer in San Juan, Puerto Rico 1,691 accounts compromised
06/09/2011 Healthcare Partners
a healthcare provider or servicer in Long Beach, California 16 accounts compromised
06/10/2011 Lafrance Hospitality Corporation
a business other than retail in Westport, Massachusetts 100 accounts compromised
06/10/2011 Ravenel Elementary School
an educational institution in Seneca, South Carolina 15 accounts compromised
06/10/2011 Lafrance Hospitality Corporation
a business other than retail in Westport, Massachusetts 100 accounts compromised
06/10/2011 Texas Department of Assistive and Rehabilitative Services
State Government in Austin, Texas 4,900 accounts compromised
06/13/2011 Jackson Memorial Hospital, Jackson Health System
a healthcare provider or servicer in Miami, Florida 1,800 accounts compromised
06/17/2011 Boulder Community Hospital
a healthcare provider or servicer in Boulder, Colorado 74 accounts compromised
06/17/2011 Platte Valley Medical Center (PVMC), Centura Health
a healthcare provider or servicer in Brighton, Colorado 265 accounts compromised
06/20/2011 Associated Credit Union
a Financial or Insurance Services firm in Norcross, Georgia 100 accounts compromised
06/21/2011 Foothills Nephrology Associates
a healthcare provider or servicer in Spartanburg, South Carolina 1,280 accounts compromised
06/24/2011 California Department of Public Health (CDPH)
State Government in Sacramento, California 9,000 accounts compromised
06/30/2011 Blue Cross and Blue Shield of Florida (BCBSF)
a healthcare provider or servicer in Jacksonville, Florida 3,500 accounts compromised
07/01/2011 Colorado Department of Health Care Policy and Financing (HCPF)
State Government in Denver, Colorado 3,590 accounts compromised
07/01/2011 Concord Hospital
a healthcare provider or servicer in Concord, New Hampshire 13 accounts compromised
07/03/2011 Navos Mental Health Solutions
a healthcare provider or servicer in Seattle, Washington 2,700 accounts compromised
07/03/2011 Tuba City Regional Health Care Corporation
a healthcare provider or servicer in Tuba City, Arizona 2,000 accounts compromised
07/05/2011 Sutter Gould Medical Foundation (SGMF)
a healthcare provider or servicer in Stockton, California 1,200 accounts compromised
07/07/2011 Clark College
an educational institution in Vancouver, Washington 9 accounts compromised
07/07/2011 Troy Regional Medical Center (TRMC), Southern Records Management Inc.
a healthcare provider or servicer in Troy, Alabama 880 accounts compromised
07/07/2011 The Tech
a business other than retail in San Jose, California 800 accounts compromised
07/07/2011 Hurley Medical Center
a healthcare provider or servicer in Flint, Michigan 1,938 accounts compromised
07/12/2011 Colorado Springs Hospital – Memorial Health System
a healthcare provider or servicer in Colorado Springs, Colorado 2,500 accounts compromised
07/12/2011 Toshiba, Toshiba America Information Systems, Inc. (TAIS)
a retail business in Irvine, California 7,971 accounts compromised
07/14/2011 Sky Harbor PHX
a business other than retail in Phoenix, Arizona 10 accounts compromised
07/15/2011 Psychiatric Times
a business other than retail in Minneapolis, Minnesota 1,400 accounts compromised
07/16/2011 DeKalb Medical – Hillandale
a healthcare provider or servicer in Hillandale, Georgia 7,500 accounts compromised
07/16/2011 College Choice, UPromise Investments
a Financial or Insurance Services firm in Indianapolis, Indiana 300 accounts compromised
07/18/2011 Beth Israel Deaconess Medical Center
a healthcare provider or servicer in Boston, Massachusetts 2,012 accounts compromised
07/21/2011 StudentCity.com
a retail business in Peabody, Massachusetts 266 accounts compromised
07/26/2011 Lincoln National Life Insurance Company, Lincoln Life & Annuity Company of New York
a Financial or Insurance Services firm in New York, New York 705 accounts compromised
07/26/2011 University of Nevada – Las Vegas (UNLV)
an educational institution in Las Vegas, Nevada 2,000 accounts compromised
07/30/2011 Nyack Hospital
a healthcare provider or servicer in Nyack, New York 1,400 accounts compromised
07/30/2011 Chase Bank
a Financial or Insurance Services firm in Rancho Peñasquitos, California 950 accounts compromised
08/01/2011 Mills-Peninsula Medical Center
a healthcare provider or servicer in Burlingame, California 1,438 accounts compromised
08/01/2011 City of Pittsburgh
City Government in Pittsburgh, Pennsylvania 29 accounts compromised
08/01/2011 University of North Carolina – Chapel Hill
an educational institution in Chapel Hill, North Carolina 30 accounts compromised
08/02/2011 New River Health Association
a healthcare provider or servicer in , West Virginia 950 accounts compromised
08/02/2011 SilverPop
a business other than retail in Atlanta, Georgia 884 accounts compromised
08/05/2011 The Brigham, Women’s/Faulkner Hospital
a healthcare provider or servicer in Boston, Massachusetts 638 accounts compromised
08/09/2011 McDonald’s
a retail business in Norfolk, Virginia 185 accounts compromised
08/09/2011 McDonald’s
a retail business in Norfolk, Virginia 185 accounts compromised
08/10/2011 Cal Poly Pomona
an educational institution in Pomona, California 38 accounts compromised
08/10/2011 Department of Social and Health Services – Washington
Local Government in Seattle, Washington 3,950 accounts compromised
08/11/2011 Energy Federation, Inc.
a business other than retail in Westborough, Massachusetts 20 accounts compromised
08/11/2011 Country Corner Market
a retail business in Amherst, Virginia 125 accounts compromised
08/11/2011 TGI Fridays
a retail business in Laurel, Maryland 73 accounts compromised
08/13/2011 University of Hawaii – Kapi’olani Community College
an educational institution in Honolulu, Hawaii 2,000 accounts compromised
08/13/2011 St. Francis Hospital
a healthcare provider or servicer in Wilmington, Delaware 474 accounts compromised
08/14/2011 Bay Area Rapid Transit (BART)
Government or Military in San Francisco, California 2,450 accounts compromised
08/15/2011 Multiple North Carolina schools
Including North Carolina State University (NCSU), Gardners Elementary School, Wells Elementary School, Ashley Chapel Elementary School, all educational institutions in Raleigh, North Carolina 1,800 accounts compromised
08/16/2011 Purdue University
an educational institution in West Lafayette, Indiana 7,093 accounts compromised
08/17/2011 Bay Area Rapid Transit (BART)
Local Government in San Francisco, California 100 accounts compromised
08/18/2011 Fort Dodge Correctional Facility
in Vinton, Iowa 23 accounts compromised
08/19/2011 The Health Plan of San Mateo (HPSM)
a healthcare provider or servicer in San Mateo, California 694 accounts compromised
08/19/2011 University of Missouri Health Care
a healthcare provider or servicer in Columbia, Missouri 1,288 accounts compromised
08/19/2011 University of Missouri Health Care
a healthcare provider or servicer in Columbia, Missouri 1,288 accounts compromised
08/19/2011 Mount Sinai Multispecialty Physicians Practice
a healthcare provider or servicer in New York City, New York 720 accounts compromised
08/20/2011 Thirty-One Gifts, LLC
a retail business in Johnstown, Ohio had two breaches on the same day. 55 accounts compromised in total
08/23/2011 Northwestern Counseling and Support Services
a healthcare provider or servicer in St. Albans, Vermont 12 accounts compromised
08/26/2011 Fidelity National Information Services, Inc. (FIS)
a Financial or Insurance Services firm in Jacksonville, Florida 22 accounts compromised
08/27/2011 The Lexington VA Medical Center
a healthcare provider or servicer in Lexington, Kentucky 1,900 accounts compromised
08/27/2011 Avalon Centers
a healthcare provider or servicer in Depew, New York 172 accounts compromised
08/27/2011 Living Healthy Clinic, University of Wisconsin – Oshkosh College of Nursing
a healthcare provider or servicer in Oshkosh, Wisconsin 3,000 accounts compromised
09/02/2011 Pacific Retina Specialists
a healthcare provider or servicer in Seattle, Washington 60 accounts compromised
09/03/2011 New Horizons General Partnership
a healthcare provider or servicer in Granbury, Texas 12 accounts compromised
09/07/2011 North Bay Regional Health Centre
a healthcare provider or servicer in Napa, California 5,800 accounts compromised
09/08/2011 Austin Center for Therapy and Assessment
a healthcare provider or servicer in Austin, Texas 1,870 accounts compromised
09/08/2011 Treatment Services Northwest
a healthcare provider or servicer in Portland, Oregon 1,200 accounts compromised
09/09/2011 Indiana University School of Medicine
an educational institution in Indianapolis, Indiana 178 accounts compromised
09/13/2011 Bonney Lake Medical Center
a healthcare provider or servicer in Bonney Lake, Washington 2,370 accounts compromised
09/15/2011 Montgomery County Department of Job and Family Services
County Government in Dayton, Ohio 1,200 accounts compromised
09/15/2011 Brandywyne Healthcare Center
a healthcare provider or servicer in Winter Haven, Florida 83 accounts compromised
09/16/2011 Veterans Administration Medical Center
Federal Government in Biloxi, Mississippi 1,814 accounts compromised
09/16/2011 Guilford County Tax Department
County Government in Greensboro, North Carolina 1,000 accounts compromised
09/17/2011 Legislative Data Center
Government in Sacramento, California 50 accounts compromised
09/19/2011 New York University Langone Medical Center Hospital for Join Diseases (HJD)
a healthcare provider or servicer in New York, New York 2,600 accounts compromised
09/19/2011 Medassets Inc., Saint Barnabas Health Care System, Cook County Health and Hospitals (CCHHS)
a business other than retail in Alpharetta, Georgia 3,500 accounts compromised
09/20/2011 Ashley Industrial Molding, Inc., AssureCare Risk Management (ARM)
a retail business in Ashley, Indiana 506 accounts compromised
09/20/2011 ProMedica
a healthcare provider or servicer in Toledo, Ohio 14 accounts compromised
09/23/2011 University of Texas San Antonio (UTSA)
an educational institution in San Antonio, Texas 688 accounts compromised
09/23/2011 United States Steel and Carnegie Pension Fund, Benefits Administration Services
a business other than retail in New York, New York 4,000 accounts compromised
09/23/2011 Veterans Affairs Illiana Health Care System
a healthcare provider or servicer in Illiana, Illinois 518 accounts compromised
09/24/2011 Electronic Data Systems, Hewlett-Packard Enterprise Services, Alabama Department of Corrections
a Financial or Insurance Services firm in Montgomery, Alabama 250 accounts compromised
09/25/2011 Two Georges’ Restaurant
a retail business in Corpus Christi, Texas 16 accounts compromised
09/28/2011 Summit Medical Group, Emory Family Practice, Fountain City Family Physicians, Office of Dr. Kenneth Reese
a healthcare provider or servicer in Knoxville, Tennessee 750 accounts compromised
09/30/2011 First Priority Life Insurance Company, Blue Cross of Northeastern Pennsylvania, Penn Foster
a healthcare provider or servicer in Scranton, Pennsylvania 500 accounts compromised
10/10/2011 Israeli Defense Industry
including at least these three companies
Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defense Systems
According to Cyber Engineering Services Inc. of Columbia, Maryland, (CyberESI), attackers thought to be operating out of China breached these firms between between October 10, 2011 and August 13, 2012. CyberESI tapped the hacker’s secret communications infrastructure and determined that intellectual property transferred pertained to Arrow III missiles, Unmanned Aerial Vehicles (UAVs), ballistic rockets, and more.
On 9/22/2014 Google searches for each company name using a custom date range of 10/10/2011 to 8/13/2012 and the word “breach” found nothing except one company had breached a financial covenant. It appears that the breaches didn’t make the news anyplace Google indexes. The information was revealed by security researcher Brian Krebs (KrebsonSecurity) in an article on 7/28/2014, more than two years after the breach.
In that article he reported:
Neither Elisra nor Rafael responded to requests for comment about the apparent security breaches. A spokesperson for Israel Aerospace Industries brushed off CyberESI’s finding, calling it “old news.” When pressed to provide links to any media coverage of such a breach, IAI was unable to locate or point to specific stories. The company declined to say whether it had alerted any of its U.S. industry partners about the breach, and it refused to answer any direct questions regarding the incident.
“At the time, the issue was treated as required by the applicable rules and procedures,” IAI Spokeswoman Eliana Fishler wrote in an email to KrebsOnSecurity. “The information was reported to the appropriate authorities. IAI undertook corrective actions in order to prevent such incidents in the future.”
Drissel said many of the documents that were stolen from the defense contractors are designated with markings indicating that their access and sharing is restricted by International Traffic in Arms Regulations (ITAR) — U.S. State Department controls that regulate the defense industry. For example, Drissel said, among the data that hackers stole from IAI is a 900-page document that provides detailed schematics and specifications for the Arrow 3 missile.
“Most of the technology in the Arrow 3 wasn’t designed by Israel, but by Boeing and other U.S. defense contractors,” Drissel said. “We transferred this technology to them, and they coughed it all up. In the process, they essentially gave up a bunch of stuff that’s probably being used in our systems as well.” [ highlighting theirs -ed ]
This policy of keeping quiet isn’t quite serving the best needs of cyber security. Keeping quiet after patching your own security leak may be closing the barn after the horse has departed and allowing your neighbor’s horse to take an unintended trip.
In July 2014 Richard Danzig, a former Secretary of the Navy, wrote Surviving on a Diet of Poisoned Fruit: Reducing the National Security Risks of America’s Cyber Dependencies (64 page PDF) with insights about how to improve policymaking on U.S. national security policymaking to address cyber insecurity. He examines existing information technology security weaknesses and provides nine specific recommendations for the U.S. government and others to cope with these insecurities. The table of contents alone and these quotes are just the beginning for an interesting read.
III. Why Information Systems Are Vulnerable
This quote that has proven to be quote accurate. “We are staking our future on a resource that we have not yet learned to protect.” George Tenet, Director of the Central Intelligence Agency, April 6, 1998. (from page numbered 8)
“Information technologies offer a Faustian bargain: The capabilities that make these systems attractive make them risky.” (from page numbered 9)
“One of the rewards, but one of the risks, of present information systems is that they tear down gates and eliminate gatekeepers.” (from page numbered 10)
“Verizon calculates that in two out of three cases of data breach, the loss took “months or more to discover.” Similarly, in 7 out of 10 cases victims only learned about their loss from third parties. (from page numbered 11) [ highlighting ours -ed ]
IV. Cyberdefense and Its Limits
“The deficiencies in the existing methods of cyberdefense have been increasingly exposed as state-sponsored and state-run attacks have become more frequent and use more sophisticated and extensive resources.” (from page numbered 14)
V. Three Other Causes of Cyber Insecurity
“Cyberspace is adversarial, contested and crowded territory. Our adversaries (criminals, malevolent groups, numerous opposing states) co-evolve with us.” (from page numbered 17)
“The Internet, a complex emergent communication system that has never been “a static thing,” grew from some 16 million users in 1995, to 880 million in 2005, to 2.7 billion in the spring of 2013. Its communicative capability has penetrated financial, military, industrial and social systems, increasing their cyber dependency at an unprecedented rate.” (from page numbered 18)
VI. Creating a Minimal Shared Cybersecurity
“The United States cannot allow the insecurity of our cyber systems to reach a point where weaknesses in those systems would likely render the United States unwilling to make a decision or unable to act on a decision fundamental to our national security.” (from page number 20)
“The federal bureaucratic organism is strongly muscular on one side (its military and intelligence functions) and malformed and malnourished on the other (its civilian side). Accordingly, it should be no surprise that it walks with a limp and often stumbles.” (from page numbered 33)
“Facing this technological flood, it feels as though the United States is working ever faster to plug holes in its dikes. Since the odds are against this response, it is tempting to try to drain the ocean. But the problems posed by these technologies cannot be addressed by adopting Luddite positions. Pondering a mid-20th century antecedent of this class – nuclear weapons – the physicist Freeman Dyson observed that once we develop them, along with their blessings we are cursed by having them forever. Nor can the United States deal with these challenges simply by associating them with a particular adversary. The weapons they provide can be used by anyone for any purpose.” (from page numbered 36)
The paper was published by Center for a New American Security (CNAS), a 501(c)3 non-profit organization with the mission to develop strong, pragmatic and principled national security and defense policies. The report is available in PDF, Kindle and Tablet formats from here.
10/11/2011 Indiana University School of Optometry
a healthcare provider or servicer in Bloomington, Indiana 757 accounts compromised
10/11/2011 St. Joseph Medical Center, Baxter, Baker, Sidle, Conn & Jones
a business other than retail in Towson, Maryland 161 accounts compromised
10/12/2011 United Healthcare Inc., Futurity First Insurance Group
a healthcare provider or servicer in Minnetonka, Minnesota 7,602 accounts compromised
10/13/2011 Texas Health and Human Services
State Government in Austin, Texas 1,696 accounts compromised
10/14/2011 Health Research Institute, Inc., Pfeiffer Treatment Center
a healthcare provider or servicer in , Illinois 2,000 accounts compromised
10/14/2011 Scott County Memorial Hospital
a healthcare provider or servicer in Scottsburg, Indiana 2,059 accounts compromised
10/14/2011 NEA Baptist Clinic
a healthcare provider or servicer in Jonesboro, Arkansas 3,116 accounts compromised
10/14/2011 Freda J. Bowman MD, PA
a healthcare provider or servicer in Texas 1,300 accounts compromised
10/14/2011 Diversified Resources Inc.
a business other than retail in Waycross, Georgia 863 accounts compromised
10/15/2011 San Antonio Independent School District (SAISD)
Government in San Antonio, Texas 70 accounts compromised
10/19/2011 Iowa Correctional Institute for Women
State Government in Mitchellville, Iowa 48 accounts compromised
10/20/2011 College of the Holy Cross
an educational institution in Worcester, Massachusetts 493 accounts compromised
10/23/2011 Onehitplay.com
a business other than retail in Brea, California 1,008 accounts compromised
10/24/2011 Pan American Games
a retail business 1,400 accounts compromised
10/27/2011 Ocala Police Department
City Government in Ocala, Florida 149 accounts compromised
10/27/2011 US Department of Education
Federal Government in Washington, DC 5,000 accounts compromised
10/28/2011 Mama’s Boy Italian Ristorante
a retail business in Durango, Colorado 100 accounts compromised
10/28/2011 Muir Orthopaedic Specialists
a healthcare provider or servicer in Oakland, California 1,800 accounts compromised
10/28/2011 Henry Ford Health System
a healthcare provider or servicer in Troy, Michigan 520 accounts compromised
11/01/2011 High Point Regional Health System, Premier Imaging LLC
a healthcare provider or servicer in High Point, North Carolina 47 accounts compromised
11/02/2011 Aaron’s
a retail business in Fresno, California 1,008 accounts compromised
11/02/2011 MetroLux, Metropolitan Theatres
a business other than retail in Loveland, Colorado 1,180 accounts compromised
11/02/2011 Maloney Properties, Inc.
a business other than retail in Wellesley, Massachusetts 621 accounts compromised
11/02/2011 Avia Dental Plan, Inc.
a Non-Governmental Organization (includes non-profits) in Wheeling, West Virginia 2,500 accounts compromised
11/03/2011 Top of the Line Marketing
a business other than retail in Rockville, Maryland 1,200 accounts compromised
11/03/2011 Kunz Opera House
a healthcare provider or servicer in Pinckneyville, Illinois 4,200 accounts compromised
11/04/2011 Thomas Jefferson University Hospitals
a healthcare provider or servicer in Philadelphia, Pennsylvania 3,150 accounts compromised
11/04/2011 Amsterdam Hospitality Group
a business other than retail in New York, New York 237 accounts compromised
11/04/2011 www.podiatry.com, PRESENT e-Learning Systems
a business other than retail in Boca Raton, Florida 382 accounts compromised
11/05/2011 St. Joseph Medical Center
a healthcare provider or servicer in Twoson, Maryland 5,000 accounts compromised
11/06/2011 Sam’s Club
a retail business in Apple Valley, Minnesota 98 accounts compromised
11/06/2011 Jackson Hewitt
a Financial or Insurance Services firm in San Francisco, California 100 accounts compromised
11/08/2011 IQCR
a business other than retail in Rock Hill, South Carolina 100 accounts compromised
11/09/2011 Columbia-St. Mary’s Ozaukee Hospital
a healthcare provider or servicer in Mequon, Wisconsin 30 accounts compromised
11/09/2011 Behavioral Health Services of Pickens County
a healthcare provider or servicer in Pickens, South Carolina 200 accounts compromised
11/09/2011 Habitat for Humanity Delaware County ReStore
a Non-Governmental Organization (includes non-profits) in Delaware, Ohio 444 accounts compromised
11/09/2011 ValueOptions, National Elevator Industry
a business other than retail in Newtown Square, Pennsylvania 7,019 accounts compromised
11/10/2011 TRC
TRC Operating Company, Inc. is an oil production firm based in Taft, California
One account was exposed during a cyberheist that moved $3.5M to Ukraine.
See Who Loses for what happened then.
11/10/2011 Wakulla County School Board
an educational institution in Crawfordville, Florida 2,400 accounts compromised
11/12/2011 United States Postal Service (USPS)
Federal Government in Washington, District Of Columbia 5,400 accounts compromised
11/14/2011 Smokers Choice
a retail business in New York, New York 200 accounts compromised
11/14/2011 Santa Clara University
an educational institution in Santa Clara, California 60 accounts compromised
11/15/2011 The Public School Employees’ Retirement System
Government in Harrisburg, Pennsylvania 2,000 accounts compromised
11/16/2011 McDonald’s
a retail business in Oak Park, Michigan 100 accounts compromised
11/17/2011 Medcenter One
a healthcare provider or servicer in Bismarck, North Dakota 650 accounts compromised
11/18/2011 Smith and Wollensky, Capital Grille, Wolfgang’s Steakhouse, JoJo, Morton’s, The Bicycle Club
retail businesses in New York, New York 50 accounts compromised
11/18/2011 Parkland Memorial Hospital
a healthcare provider or servicer in Dallas, Texas 232 accounts compromised
11/18/2011 Honolulu Asia-Pacific Economic Cooperation (APEC), East West Center
a business other than retail in Honolulu, Hawaii 40 accounts compromised
11/18/2011 McDonald’s
a retail business in Olympia, Washington 16 accounts compromised
11/20/2011 Morris Heights Health Center
a healthcare provider or servicer in New York, New York 927 accounts compromised
11/23/2011 Sitka Wellness Center, EMR4Doctors.com
a healthcare provider or servicer in Sitka, Alaska 566 accounts compromised
11/23/2011 University of Kentucky HealthCare
a healthcare provider or servicer in Lexington, Kentucky 878 accounts compromised
11/27/2011 Cabarjal Realty, Inc.
a business other than retail in Waco, Texas 625 accounts compromised
11/28/2011 Jewish Community Services of South Florida
a Non-Governmental Organization (includes non-profits) in Miami, Florida 30 accounts compromised
11/29/2011 University of California Riverside (UCR)
an educational institution in Riverside, California 5,000 accounts compromised
12/03/2011 State of Tennessee Sponsored Group Health Plan
State Government in Nashville, TN 1,770 accounts compromised
12/03/2011 Pulaski County Special School District
State Government in Little Rock, Arkansas 1,100 accounts compromised
12/06/2011 Massachusetts eHealth Collaborative
a business other than retail in Waltham, Massachusetts 222 accounts compromised
12/07/2011 Veterans Administration Medical Center
a healthcare provider or servicer in Miami, Florida 22 accounts compromised
12/07/2011 Jeanne D’Arc Credit Union
a Financial or Insurance Services firm in Lowell, Massachusetts 327 accounts compromised
12/08/2011 Los Angeles Police Department (LAPD)
City Government in Los Angeles, California 24 accounts compromised
12/09/2011 Centro de Ortodancia
a healthcare provider or servicer in Aguadilla, Puerto Rico 2,000 accounts compromised
12/09/2011 Julie A. Kennedy, D.M.D.
a healthcare provider or servicer in West Palm Beach, Florida 2,900 accounts compromised
12/09/2011 InStep Foot Clinic
a healthcare provider or servicer in Edina, Minnesota 2,600 accounts compromised
12/09/2011 Amerigroup Community Care of New Mexico, Inc.
a healthcare provider or servicer in Albuquerque, New Mexico 1,537 accounts compromised
12/09/2011 Stone Oak Urgent Care and Family Practice
a healthcare provider or servicer in San Antonio, Texas 3,079 accounts compromised
12/09/2011 Capron Rescue Squad District
a healthcare provider or servicer in Capron, Illinois 815 accounts compromised
12/09/2011 Knox Community Hospital
a healthcare provider or servicer in Mount Vernon, Ohio 500 accounts compromised
12/09/2011 Health Care Service Corporation (HCSC)
a healthcare provider or servicer in Chicago, Illinois 501 accounts compromised
12/09/2011 Silverpop Systems, Inc. Health and Welfare Plan
a healthcare provider or servicer in Atlanta, Georgia 884 accounts compromised
12/09/2011 Conway Regional Medical Center
a healthcare provider or servicer in Conway, Arizona 1,472 accounts compromised
12/09/2011 Gail Gillespie and Associates, LLC
a healthcare provider or servicer in Texas 2,334 accounts compromised
12/09/2011 Stone Oak Urgent Care and Family Practice
a healthcare provider or servicer in San Antonio, Texas 3,079 accounts compromised
12/10/2011 Office of Gene S. J. Liaw, MD.
a healthcare provider or servicer in Seattle, Washington 1,105 accounts compromised
12/11/2011 Coalition of Law Enforcement and Retail (CLEAR)
a Non-Governmental Organization (includes non-profits) in Deerfield Beach, Florida 2,400 accounts compromised
12/12/2011 Metabasis Therapeutics
a business other than retail in La Jolla, California 90 accounts compromised
12/12/2011 Florida Family Association (FFA)
a Non-Governmental Organization (includes non-profits) in Florida 22 accounts compromised
12/15/2011 Jefferson County Public Schools
an educational institution in Louisville, Kentucky 6,500 accounts compromised
12/16/2011 Peoples Gas, North Shore
a business other than retail in Chicago, Illinois 100 accounts compromised
12/20/2011 University of Mississippi Medical Center and Mississippi State Department of Health
a healthcare provider or servicer in Jackson, Mississippi 1,475 accounts compromised
12/21/2011 St. Charles Bend and Redmond
a healthcare provider or servicer in Bend, Oregon 140 accounts compromised
12/22/2011 Department of Human Services (DHS) Gateway Center
Government in Springfield, Oregon 3,000 accounts compromised
12/23/2011 Provo School District
City Government in Provo, Utah 3,200 accounts compromised
12/23/2011 Virginia Department of General Services
State Government in Richmond, Virginia 639 accounts compromised
12/28/2011 Aegis Science Corporation
a business other than retail in Atlanta, Georgia 2,184 accounts compromised
12/28/2011 Guide Publishing Group, GuideYou.com
a business other than retail in San Francisco, California 11 accounts compromised
12/28/2011 Loma Linda Medical University
a healthcare provider or servicer in Loma Linda, California 1,336 accounts compromised
12/30/2011 United Airlines
a business other than retail in Chicago, Illinois 20 accounts compromised
In addition to sources cited above the Chronology of Data Base Breaches maintained by the Privacy Rights Clearinghouse was used. Their website is a valuable resource for those seeking information on basic privacy, identity theft, medical privacy and much more. They are highly recommended.
View the 2011 summary
Return to References page
Return to Year links page
Links above were active at the time they were gathered.
