2014-under10k

Compromises in 2014 affecting less than 10,000

Compromises in 2014 affecting 10,000 or more
Compromises in 2014 affecting an unknown, or undisclosed, number

01/02/2014 Eye Surgery Education Council

a healthcare provider or servicer at 4000 Legato Road Fairfax, Virginia  4,748 accounts compromised.

01/07/2014 Edgepark Medical Supplies (RGH Enterprises)

a healthcare provider or servicer in Ohio
4,230 financial accounts compromised
 

01/07/2014 Riverside Health System

a healthcare provider or servicer in Virginia
919 financial accounts compromised
 

01/07/2014 Spirit Home Health Care

a healthcare provider or servicer in Florida
603 financial accounts compromised
 

01/09/2014 Easton-Bell

a retail business at 7855 Haskell Avenue #200 Van Nuys, California
6,000+ financial accounts compromised
 
Easton-Bell Sports is owned by private equity firm Fenway Partners and produces sporting equipment including helmets for football, biking, bats, under several names including Easton, Bell, Riddell, Giro, Blackburn and Easton Cycling. Servers for e-commerce were accessed since at least December 2013. 6,000+ accounts were compromised. Data may have included personal information, such as name, address, telephone number, email, and credit card number along with the CVV security code. Statements by the company, the offer of credit monitoring, the size & scope of the compromise and more see more details on the Easton-Bell compromise.

01/10/2014 Alamance County Department of Social Services

County Government at 319 N. Graham-Hopedale Road, Suite C Burlington, North Carolina  33 accounts compromised

01/14/2014 North East King County Regional Public Safety Communication Agency

County Government in Bellevue, Washington  6,000 financial accounts compromised
 

01/15/2014 South Carolina Department of Employment and Workforce

Government at 1550 Gadsden Street, PO Box 995  Columbia, South Carolina
4,658 accounts compromised

01/14/2014 Southwest General Health Center

a healthcare provider or servicer at 18697 Bagley Road Middleburg Heights, Ohio  480 accounts compromised

01/15/2014 South Carolina Department of Employment and Workforce

State Government at 1550 Gadsden Street, PO Box 995 Columbia, South Carolina  4,658 accounts compromised

01/21/2014 Department of Employment and Workforce

State Government in South Carolina
4,658 financial accounts compromised
 

01/21/2014 Maryland Health Benefit Exchange

a healthcare provider or servicer in Maryland
1,078 financial accounts compromised
 

01/21/2014 Southwest General Health Center

a healthcare provider or servicer in Ohio
953 financial accounts compromised
 

01/21/2014 University of Minnesota

an educational institution in Minnesota
300 financial accounts compromised
 

01/22/2014 Inspira Medical Center Vineland

a healthcare provider or servicer in New Jersey
1,411 financial accounts compromised
 

01/24/2014 CaroMont Regional Medical Center

a healthcare provider or servicer in North Carolina
190 financial accounts compromised
 

01/24/2014 City of Norwood

State Government in Ohio
9,577 financial accounts compromised
 

01/24/2014 Department of Public Health

State Government in Washington
750 financial accounts compromised
 

01/24/2014 Geo Care, LLC

a healthcare provider or servicer in Florida
710 financial accounts compromised
 

01/24/2014 Integrity Oncology

a healthcare provider or servicer in Tennessee
539 financial accounts compromised
 

01/24/2014 Women’s Health Enterprise

a healthcare provider or servicer in Georgia
3,000 financial accounts compromised
 

01/27/2014 Culver’s

a retail business in Illinois
80 financial accounts compromised
 

01/27/2014 St. Francis Hospital and Medical Center

a healthcare provider or servicer in Connecticut
858 financial accounts compromised
 

01/27/2014 Suretegrity

a retail business in Florida
1,010 financial accounts compromised
 

01/28/2014 Blue Cross Blue Shield / North Carolina

a healthcare provider or servicer in North Carolina
687 financial accounts compromised
 

01/28/2014 Cardiovascular Consultants of North Texas

a healthcare provider or servicer in Texas
2,462 financial accounts compromised
 

01/28/2014 City of Joliet

State Government in Illinois
1,573 financial accounts compromised
 

01/28/2014 Jones Chiropractic and Maximum Health

a healthcare provider or servicer in Indiana
1,500 financial accounts compromised
 

01/28/2014 Medical Mutual of Ohio

a healthcare provider or servicer in Ohio
1,420 financial accounts compromised
 

01/28/2014 Metcare of Florida

a healthcare provider or servicer in Florida
2,557 financial accounts compromised
 

01/28/2014 Molina Healthcare of Texas

a healthcare provider or servicer in Texas
2,826 financial accounts compromised
 

01/28/2014 Office of Ronald Schubert MD

a healthcare provider or servicer in Washington
950 financial accounts compromised
 

01/28/2014 Pee Dee Regional Transportation

a retail business in South Carolina
50 financial accounts compromised
 

01/28/2014 UC Davis Health System

a healthcare provider or servicer in California
2,269 financial accounts compromised
 

01/31/2014 Associated Urologists of North Carolina

a healthcare provider or servicer in North Carolina
7,300 financial accounts compromised
 

01/31/2014 Good Samaritan Health Center

a healthcare provider or servicer in Georgia
5,000 financial accounts compromised
 

01/31/2014 Kemmet Dental Design of North Dakota

a healthcare provider or servicer in North Dakota
2,000 financial accounts compromised
 

01/31/2014 Northside Hospital, Inc.

a healthcare provider or servicer in Georgia
4,879 financial accounts compromised
 

02/04/2014 Complete Medical Homecare

a healthcare provider or servicer in Kansas
1,700 financial accounts compromised
 

02/04/2014 Health Help, Inc.

a healthcare provider or servicer in Kentucky
535 financial accounts compromised
 

02/04/2014 Mosaic

a healthcare provider or servicer in Nebraska
3,857 financial accounts compromised
 

02/04/2014 University of California Davis Health System

a healthcare provider or servicer in California
2,269 financial accounts compromised
 

02/05/2014 K. Min Yi, MD, Inc.

a healthcare provider or servicer at 2066 Clarmar Way, Suite B San Jose, California   4,676 accounts compromised

02/06/2014 Olmstead Medical Center

a healthcare provider or servicer in Minnesota
1,000 financial accounts compromised
 

02/18/2014 University of Pennsylvania Health System

a healthcare provider or servicer in Pennsylvania
3,000 financial accounts compromised
 

02/19/2014 101 Family Medical Group

a healthcare provider or servicer in California
2,500 financial accounts compromised
 

02/19/2014 Health Dimensions

a healthcare provider or servicer in Michigan
5,370 financial accounts compromised
 

02/19/2014 Network Pharmacy Knoxville

a healthcare provider or servicer in Tennessee
9,602 financial accounts compromised
 

02/19/2014 Tri-Lakes Medical Center

a healthcare provider or servicer in Mississippi
1,489 financial accounts compromised
 

02/19/2014 University of Texas / Anderson Cancer Center

a healthcare provider or servicer in Texas
3,598 financial accounts compromised
 

02/26/2014 McKenna Long & Aldridge

a business other than retail in Albany, New York  441 accounts compromised

02/27/2014 Eastern Alliance Insurance Group

a business other than retail at 100 Brookwood Place Birmingham, Alabama  23 accounts compromised

02/28/2014 80’s Tees

a retail business at 230 Westec Drive Mt. Pleasant, Pennsylvania  3,503 accounts compromised

03/03/2014 Various Taxi Cab Companies in Chicago

multiple businesses in Chicago, Illinois  466 accounts compromised

In a public statement First American Bank in Illinois wrote:

“We are advising you not to use your First American Bank debit cards (or any other cards) in local taxis. We have become aware of a data breach that occurs when a card is used in Chicago taxis, including American United, Checker, Yellow, and Blue Diamond and others that utilize Taxi Affiliation Services and Dispatch Taxi to process card transactions. We have reported the breach to MasterCard® and have kept them apprised of details as they’ve developed. We have also made repeated attempts to deal directly with Banc of America Merchant Services and Bank of America, the payment processors for the taxis, to discontinue payment processing for the companies suffering this compromise until its source is discovered and remediated. These companies have not shared information about their actions and appear to not have stopped the breach.” [ whole notice from First American  more information from Krebs highlighting ours -ed ]

03/03/2014 City of Detroit

City Government in Detroit, Michigan  1,700 accounts compromised

03/03/2014 St. Vincent Health

a healthcare provider or servicer in Indiana
1,142 financial accounts compromised
 

03/03/2014 BOM vs Cardiac Patient

The Bank of Montreal (BOM) is headquartered in the city of Montreal, province of Québec, Canada. Just one account was affected.

This isn’t a breach where someone physically or electronically broke in to the bank, this was social engineering and lack of adherence to established security procedures. What is of interest are the bank’s actions, or inactions, subsequent to the event that affected just one person. That person could be you.

The Situation

Mr. Bruce Taylor is a Canadian engineer who was working and living in Texas. While he was in a Houston hospital having open heart surgery BOM depleted his account by $87,555, funds from half a century of his parent’s earnings that was left to him and his sister. The inheritance was in term deposits (certificates of deposit) at BMO until July 2012. At maturity the funds were deposited into a savings account that Mr. Taylor had decided was for emergencies only.

The Crime

In August 2012, someone emailed Mr. Taylor’s BMO investment adviser, using Taylor’s email address, saying he needed the money wired to his cousin, immediately. Those emails had significant spelling and grammatical errors. Transfer requests (with more spelling errors) were faxed to Taylor’s BMO branch with his account number and an electronic copy of his signature. A bank staffer replied to the emails asking for a phone number for verification. A telephone number in California (not Texas) was provided, but that didn’t trigger any alarms.

BMO wire transfer confirmations read “confirmed by phone” and the staffer did indeed call the impostor, but didn’t ask any him security questions. (ex: first pet, favorite author, mother’s maiden name, etc). Reason provided? It was a poor connection. Two wire transfers ($47,500 and $40,000) were approved and transmitted four days apart in September 2012. Where was the real Mr. Taylor? In the hospital having having open heart surgery.

The Investigation

The Royal Canadian Mounted Police (RCMP) investigated and informed BOM that Mr. Taylor was the victim of fraud. The RCMP also determined that the funds were wired to the Toronto Dominion Bank (TD) account of another victim in the city of Calgary, province of Alberta, Canada. She met the actual fraudster via online dating. She thought the funds were properly belonging to the fraudster, withdrew the funds from her TD account and wired them via Western Union to Malaysia. The money went overseas, but who did it was still unknown.

Taylor vs BMO

Instead of promptly replacing the stolen funds of the victim, BMO placed layers of managers and lawyers in the way for many months. This while Mr. Taylor needed those “emergency funds” for cancer treatment and medication during 2013.

Sometimes BMO was “too busy” to investigate. Ralph Marranca, BMO head of corporate media relations, wrote “I was tied up with the work around announcing our quarterly earnings and will try to take a look at this today,”

When Go Public (an investigative news segment on CBC-TV, radio and the web) followed up his reply was, “BMO has robust measures in place to prevent unauthorized access to our customers’ accounts. We regularly review and upgrade these measures to protect our customers.” Which is rather odd considering the RCMP had clearly stated that unauthorized access was NOT prevented.

Taylor Wins

After a year of cancer hell while battling bureaucracy, with the help of CBC Go Public, writing to BMO’s CEO Bill Downe and threatening to go public, did the bank offer to replace his money and did so sometime in late February or early March 2014.

See CBC story and video. See also Yahoo in Canada.

03/05/2014 Eureka Internal Medicine

a healthcare provider or servicer in California
3,534 financial accounts compromised
 

03/05/2014 Point Park University

an educational institution at 201 Wood Street Pittsburgh, Pennsylvania  1,800 accounts compromised

03/07/2014 John Hopkins University

an educational institution in Baltimore, Maryland  1,307 accounts compromised

03/10/2014 Department of Human Services

State Government in Iowa
2,042 financial accounts compromised
 

03/11/2014 Cornerstone Health Care

a healthcare provider or servicer at 1814 Westchester Drive Hight Point, North Carolina   accounts compromised

03/11/2014 Emory Dialysis Center, part of Emory Clinic

a healthcare provider or servicer in Atlanta, Georgia   accounts compromised

03/11/2014 Timken Company

a Financial or Insurance Services firm in Ohio
4,987 financial accounts compromised
 

03/12/2014 Department of Human Services

State Government in New Jersey
9,642 financial accounts compromised
 

03/12/2014 UCSF Family Medicine Center at Lakeshore

a healthcare provider or servicer at 1569 Sloat Boulevard San Francisco, California  125 accounts compromised

03/12/2014 Reimbursement Technologies

a healthcare provider or servicer in Pennsylvania
2,300 financial accounts compromised
 

03/12/2014 Shiloh Medical Clinic

a healthcare provider or servicer in Montana
1,900 financial accounts compromised
 

03/12/2014 Tranquility Counseling Services

a healthcare provider or servicer in North Carolina
1,683 financial accounts compromised
 

03/12/2014 UCSF Family Medicine Center at Lakeshore

a healthcare provider or servicer at 1569 Sloat Boulevard  San Francisco, California
125 accounts compromised

03/13/2014 Detroit Medical Center-Harper University Hospital

a healthcare provider or servicer in Detroit, Michigan  1,087 accounts compromised

03/14/2014 Health Source of Ohio

a healthcare provider or servicer at 5400 DuPont Circle, Suite A Milford, Ohio  8,800 accounts compromised

03/17/2014 Service Coordination Inc.

a healthcare provider or servicer in Frederick, Maryland  9,700 accounts compromised

03/18/2014 City of Syracuse

Local Government in New York
300 financial accounts compromised
 

03/18/2014 Hickory Grove Gas Station

a retail business in Vincent, Ohio  100 accounts compromised

03/19/2014 University of California San Francisco

a healthcare provider or servicer in California
9,861 financial accounts compromised
 

03/21/2014 AccentCare Home Health of California

a healthcare provider or servicer in California
1,000 financial accounts compromised
 

03/21/2014 Baptist Health System

a healthcare provider or servicer in Alabama
1,655 financial accounts compromised
 

03/21/2014 Baptist Health System

a healthcare provider or servicer in Texas
678 financial accounts compromised
 

03/21/2014 Brooklyn Hospital Center

a healthcare provider or servicer in New York
2,172 financial accounts compromised
 

03/21/2014 CenterLight Healthcare

a healthcare provider or servicer in New York
642 financial accounts compromised
 

03/21/2014 Clorox Company Group Insurance Plan (Staywell Healt

a healthcare provider or servicer in California
520 financial accounts compromised
 

03/21/2014 Coastal Home Respiratory, LLP

a healthcare provider or servicer in Georgia
3,440 financial accounts compromised
 

03/21/2014 Columbia University Medical Center / New York Presbyterian

a healthcare provider or servicer in New York
4,929 financial accounts compromised
 

03/21/2014 Delta Dental of Pennsylvania

a healthcare provider or servicer in Pennsylvania
1,674 financial accounts compromised
 

03/21/2014 Department of Health

State Government in Florida
2,354 financial accounts compromised
 

03/21/2014 Department of Public Health

State Government in California
1,370 financial accounts compromised
 

03/21/2014 Florida Healthy Kids Corporation / DentaQuest

a healthcare provider or servicer in Florida
3,667 financial accounts compromised
 

03/21/2014 Health Care Solutions-at-Home Inc.

a healthcare provider or servicer in Ohio
1,139 financial accounts compromised
 

03/21/2014 Health Texas Provider Network

a healthcare provider or servicer in Texas
1,259 financial accounts compromised
 

03/21/2014 HealthSource of Ohio

a healthcare provider or servicer in Ohio
8,845 financial accounts compromised
 

03/21/2014 Lahey Clinic Hospital

a healthcare provider or servicer in Massachusetts
599 financial accounts compromised
 

03/21/2014 Miami Beach Healthcare Group LTD (Aventura)

a healthcare provider or servicer in Florida
2,560 financial accounts compromised
 

03/21/2014 Molalla Family Dental

a healthcare provider or servicer in Oregon
4,354 financial accounts compromised
 

03/21/2014 Nissan North America (StayWell Health Management)

a retail business in Tennessee
1,511 financial accounts compromised
 

03/21/2014 Office of Jeff Spiegel

a healthcare provider or servicer in Massachusetts
832 financial accounts compromised
 

03/21/2014 Office of John T. Melvin, M.D.

a healthcare provider or servicer in Texas
2,541 financial accounts compromised
 

03/21/2014 Original Medicine Acupuncture & Wellness LLC

a healthcare provider or servicer in New Mexico
540 financial accounts compromised
 

03/21/2014 Pousson Family Dentistry

a healthcare provider or servicer in Louisiana
1,400 financial accounts compromised
 

03/21/2014 Presbyterian Healthcare Services

a healthcare provider or servicer in New Mexico
7,000 financial accounts compromised
 

03/21/2014 Sleep HealthCenters LLC

a healthcare provider or servicer in Massachusetts
2,988 financial accounts compromised
 

03/21/2014 Speare Memorial Hospital

a healthcare provider or servicer in New Hampshire
5,960 financial accounts compromised
 

03/21/2014 St. Mary’s Hospital (Hospitalists of Arizona)

a healthcare provider or servicer in Arizona
1,706 financial accounts compromised
 

03/21/2014 St. Mary’s Hospital for Children

a healthcare provider or servicer in New York
550 financial accounts compromised
 

03/21/2014 University of Nevada School of Medicine

a healthcare provider or servicer in Nevada
1,483 financial accounts compromised
 

03/21/2014 University of New Mexico Health Sciences Center

a healthcare provider or servicer in New Mexico
2,365 financial accounts compromised
 

03/21/2014 Valley View Hospital

a healthcare provider or servicer in Colorado
5,415 financial accounts compromised
 

03/21/2014 Visiting Nurses of Iowa

a healthcare provider or servicer in Iowa
1,298 financial accounts compromised
 

03/25/2014 Sorenson Communications / CaptionCall Group Health

a healthcare provider or servicer in Utah
9,800 financial accounts compromised
 

03/25/2014 University of Kentucky HealthCare/Talyst

a healthcare provider or servicer at 900 South Limestone, 317 Wethington Building Lexington, Kentucky  1,079 accounts compromised

03/27/2014 El Agave Mexican Restaurant

a retail business in Minnesota
200 financial accounts compromised
 

03/27/2014 Loyola Law School

an educational institution in California
395 financial accounts compromised
 

03/27/2014 Orlando Health’s Arnold Palmer Medical Center

a healthcare provider or servicer in Orlando, Florida  586 accounts compromised

03/27/2014 University of Kentucky HealthCare

a healthcare provider or servicer in Kentucky
1,079 financial accounts compromised
 

03/28/2014 Palomar Health

a healthcare provider or servicer in Escondido, California  5,000 accounts compromised

04/02/2014 Franciscan Medical Group / Catholic Health Initiatives

a healthcare provider or servicer in Washington
8,300 financial accounts compromised
 

04/02/2014 PracMan

a healthcare provider or servicer in Alabama
3,100 financial accounts compromised
 

04/02/2014 Kaiser Permanente Northern California Division of Research

a healthcare provider or servicer in Oakland, California  5,100 accounts compromised

04/04/2014 Department of Community Health

State Government in Michigan
2,595 financial accounts compromised
 

04/07/2014 Midwest Orthopaedics-at-Rush

a healthcare provider or servicer in Illinois
1,256 financial accounts compromised
 

04/08/2014 EveryChild, Inc.

a retail business in Texas
2,934 financial accounts compromised
 

04/08/2014 LewisGale Regional Health System

a healthcare provider or servicer in Virginia
400 financial accounts compromised
 

04/08/2014 Office of Joseph Michael Benson, MD

a healthcare provider or servicer in Texas
7,500 financial accounts compromised
 

04/08/2014 Office of Todd Burton, M.D.

a healthcare provider or servicer in Texas
5,000 financial accounts compromised
 

04/11/2014 University Urology, P.C.

a healthcare provider or servicer at 1928 Alcoa Hwy Knoxville, Tennessee  1,144 accounts compromised

04/15/2014 Amerigroup

a healthcare provider or servicer in Florida
183 financial accounts compromised
 

04/15/2014 Clinical Reference Laboratory / Nationwide Mutual Ins

a healthcare provider or servicer in Kansas
979 financial accounts compromised
 

04/15/2014 Little Caesars Pizza

a retail business in Oregon
98 financial accounts compromised
 

04/15/2014 Lubbock Cardiology Clinic

a healthcare provider or servicer in Texas
1,400 financial accounts compromised
 

04/22/2014 Blue Cross Blue Shield / Kansas City

a healthcare provider or servicer in Missouri
2,546 financial accounts compromised
 

04/22/2014 Florida Healthy Kid / Policy Studies, Inc. – Postal Center

a healthcare provider or servicer in Florida
580 financial accounts compromised
 

04/22/2014 Jewish Hospital

a healthcare provider or servicer in Kentucky
2,992 financial accounts compromised
 

04/22/2014 KentuckyOne Health (part of Franciscan Health System

a healthcare provider or servicer in Kentucky
3,500 financial accounts compromised
 

04/22/2014 McBroom Clinic

a healthcare provider or servicer in Texas
2,260 financial accounts compromised
 

04/22/2014 Mission City Community Network

a healthcare provider or servicer in California
7,800 financial accounts compromised
 

04/22/2014 Nova Chiropractic & Rehab Center

a healthcare provider or servicer in Virginia
5,534 financial accounts compromised
 

04/22/2014 QBE Holdings Inc. (StayWell Health Management)

a retail business in New York
1,746 financial accounts compromised
 

04/22/2014 Sims and Associates Podiatry

a healthcare provider or servicer in New York
6,475 financial accounts compromised
 

04/22/2014 Snelling Staffing

a retail business in Texas
9,757 financial accounts compromised
 

04/22/2014 Soldiers and Sailors Memorial Hospital / Susquehanna

a healthcare provider or servicer in Pennsylvania
657 financial accounts compromised
 

04/28/2014 Seton Northwest Hospital

a healthcare provider or servicer at 11113 Research Boulevard Austin, Texas  180 accounts compromised

04/28/2014 Johns Hopkins University

an educational institution in Maryland
2,100 financial accounts compromised
 

04/29/2014 Coordinated Health

a healthcare provider or servicer in Pennsylvania
733 financial accounts compromised
 

04/29/2014 Tufts Health Plan

a healthcare provider or servicer in Massachusetts
8,830 financial accounts compromised
 

04/29/2014 Willis North America Inc. Medical Expense Benefit Pla

a healthcare provider or servicer in Tennessee
4,830 financial accounts compromised
 

05/05/2014 UMASS Memorial Medical Center (UMMMC)

a healthcare provider or servicer in Worcester, Massachusetts  2,400 accounts compromised

05/06/2014 Flowers Hospital

a healthcare provider or servicer in Alabama
629 financial accounts compromised
 

05/06/2014 University of Massachusetts Memorial Medical Center

a healthcare provider or servicer in Massachusetts
2,400 financial accounts compromised
 

05/06/2014 Molina Healthcare

a healthcare provider or servicer at 200 Oceangate, Suite 100 Long Beach, California  5,000 accounts compromised

05/08/2014 Boulder Community Health

a healthcare provider or servicer in Boulder, Colorado  16 accounts compromised

05/09/2014 Baylor Regional Medical Center

a healthcare provider or servicer at 3500 Gaston Avenue Dallas, Texas  1,981 accounts compromised

05/13/2014 City of Crossville

State Government in Tennessee
2,100 financial accounts compromised
 

05/13/2014 Larsen Dental Care

a healthcare provider or servicer in Idaho
6,900 financial accounts compromised
 

05/13/2014 Los Robles Hospital and Medical Center

a healthcare provider or servicer in California
2,523 financial accounts compromised
 

05/13/2014 Mid Atlantic Professionals, Inc. DBA SSI

a retail business in Maryland
521 financial accounts compromised
 

05/13/2014 Seattle University

an educational institution in Washington
628 financial accounts compromised
 

05/16/2014 University of California Irvine Student Health Center

a healthcare provider or servicer in California
1,813 financial accounts compromised
 

05/19/2014 Baylor All Saints Medical Center

a healthcare provider or servicer in Texas
940 financial accounts compromised
 

05/19/2014 Baylor Regional Medical Center / Plano

a healthcare provider or servicer in Texas
1,981 financial accounts compromised
 

05/20/2014 City of Cincinnati

State Government in Ohio
5,696 financial accounts compromised
 

05/20/2014 Greenwood Leflore Hospital

a healthcare provider or servicer in Mississippi
3,750 financial accounts compromised
 

05/20/2014 Midwest Women’s Healthcare

a healthcare provider or servicer in Missouri
1,376 financial accounts compromised
 

05/21/2014 Hanover Foods Corporation

a business other than retail at P.O. Box 334 Hanover, Pennsylvania  5,867 accounts compromised

05/22/2014 Alabama Department of Public Health

State Government at 201 Monroe Street Montgomery, Alabama  7,000 accounts compromised

05/23/2014 Humana

a healthcare provider or servicer in Atlanta, Georgia  2,962 accounts compromised

05/23/2014 Placemark Investments

a Financial or Insurance Services firm at 16633 Dallas Pkwy Addison, Texas  11 accounts compromised

05/27/2014 American Dental Association

a healthcare provider or servicer in Illinois
26 financial accounts compromised
 

05/27/2014 American Institutes for Research

a retail business in Washington
6,500 financial accounts compromised
 

05/27/2014 DeKalb Health

a healthcare provider or servicer in Indiana
1,361 financial accounts compromised
 

05/27/2014 Elliot Hospital

a healthcare provider or servicer in New Hampshire
1,208 financial accounts compromised
 

05/27/2014 Highlands Regional Medical Center

a healthcare provider or servicer in Florida
400 financial accounts compromised
 

05/27/2014 Maschino, Hudelson & Associates

a retail business in Oklahoma
5,500 financial accounts compromised
 

05/28/2014 Hospital for Veterans Affairs, Denver

a Financial or Insurance Services firm at 1055 Clermont Street Denver, Colorado  248 accounts compromised

05/28/2014 Promedica Bay Park Hospital

a healthcare provider or servicer at 2801 Bay Park Dr Oregon, Ohio  500 accounts compromised

05/30/2014 Monsanto

a retail business in Missouri
1,300 financial accounts compromised
 

06/03/2014 City of Henderson

State Government in Kentucky
1,008 financial accounts compromised
 

06/03/2014 Hurley Medical Center

a healthcare provider or servicer in Michigan
2,289 financial accounts compromised
 

06/03/2014 Ladies First Choice, Inc.

a healthcare provider or servicer in Florida
2,365 financial accounts compromised
 

06/03/2014 Office of Howard Weinstein, DPM

a healthcare provider or servicer in Texas
1,000 financial accounts compromised
 

06/03/2014 ProMedica Bay Park Hospital

a healthcare provider or servicer in Ohio
594 financial accounts compromised
 

06/03/2014 Shaker Clinic

a healthcare provider or servicer in Ohio
617 financial accounts compromised
 

06/03/2014 VGM Homelink

a healthcare provider or servicer in Iowa
1,400 financial accounts compromised
 

06/05/2014 Highmark

a Financial or Insurance Services firm in Pittsburgh, Pennsylvania  3,675 accounts compromised

06/06/2014 Penn State Milton S. Hershey Medical Center

a healthcare provider or servicer in Hershey, Pennsylvania  1,801 accounts compromised

May/June Car Wash POS

Car washes in and around Massachusetts and Connecticut   about 40 POS compromised

The United States Secret Service (USSS) was able to determine that about 40 car washes had their point of sale (POS) systems compromised. The POS had remote access capability for maintenance and updates, but that capability had been configured by the provider of the POS system and was identical, and unchanged, over some installations. Making things worse was that one remote access software itself had been compromised. In general POS systems should not have remote access running all the time (only as needed), have strong passwords, and perhaps one-time authentication. Crooks re-imprinted purchased gift cards with the stolen card information. The total number of compromised cards is unknown. Money laundering perhaps, or as Brian Krebs called it card washing.

06/09/2014 College of the Desert

an educational institution at 43-500 Monterey Avenue Palm Desert, California  1,900 accounts compromised

06/10/2014 St. Francis Hospital

a healthcare provider or servicer at 2122 Manchester Expwy Columbus, Georgia   1,175 accounts compromised

06/10/2014 Access Health CT

a Financial or Insurance Services firm in Hartford, Connecticut  413 accounts compromised

06/10/2014 Penn State Milton S Hershey Medical Center

a healthcare provider or servicer in Pennsylvania
1,801 financial accounts compromised
 

06/10/2014 St. Francis Hospital

a healthcare provider or servicer at 2122 Manchester Expwy  Columbus, Georgia
1,175 accounts compromised

06/10/2014 Walgreen Co.

a healthcare provider or servicer in Illinois
540 financial accounts compromised
 

06/16/2014 Developmental Disabilities Administration

State Government in Maryland
2,200 financial accounts compromised
 

06/16/2014 University of Virginia

an educational institution in Virginia
155 financial accounts compromised
 

06/17/2014 Service Alternatives

a business other than retail at P.O Box 595 Coupeville, Washington  550 accounts compromised

06/19/2014 Metropolitan Companies, Inc.

a retail business in Georgia
8,423 financial accounts compromised
 

06/20/2014 Rady’s Children Hospital #2

a healthcare provider or servicer in California
6,307 financial accounts compromised
 

06/23/2014 Silk Road/U.S Marshals Service

Federal Government in Washington, DC  40 accounts compromised

06/24/2014 Advanced Care Hospitalists (Hospitalists of Brando

a healthcare provider or servicer in Florida
9,255 financial accounts compromised
 

06/24/2014 Colorado Neurodiagnostics

a healthcare provider or servicer in Colorado
750 financial accounts compromised
 

06/24/2014 Healthy Connections

a healthcare provider or servicer in California
793 financial accounts compromised
 

06/24/2014 Iowa Medicaid Enterprise / Department of Human Servi

State Government in Iowa
862 financial accounts compromised
 

06/23/2014 Salina Family Healthcare Center

a healthcare provider or servicer at 651 East Prescott Road, Salina, KS 67401  9,640 accounts compromised

06/26/2014 Riverside County Regional Medical Center (RCRMC)

a healthcare provider or servicer in California
563 financial accounts compromised
 

06/30/2014 San Antonio Metropolitan Health District

a healthcare provider or servicer in San Antonio, Texas  300 accounts compromised

07/01/2014 Department of Public Health

State Government in Alabama
1,200 financial accounts compromised
 

07/01/2014 Metropolitan Health District (Vaccines for Children)

a healthcare provider or servicer in Texas
300 financial accounts compromised
 

07/02/2014 Milford Schools

an educational institution in Milford, Massachusetts  25 accounts compromised

07/02/2014 Multi-State Billing Services

a Financial or Insurance Services firm at 97 High Street Somersworth, New Hampshire  3,000 accounts compromised

07/08/2014 Baylor Medical Center-at-Carrollton

a healthcare provider or servicer in Texas
2,874 financial accounts compromised
 

07/08/2014 Baylor Medical Center-at-Irving

a healthcare provider or servicer in Texas
2,308 financial accounts compromised
 

07/08/2014 Baylor Medical Center-at-McKinney

a healthcare provider or servicer in Texas
1,253 financial accounts compromised
 

07/08/2014 Blue Cross Blue Shield / Michigan / Blue Care Network

a healthcare provider or servicer in Michigan
502 financial accounts compromised
 

07/08/2014 Office of Abraham Tekola, MD

a healthcare provider or servicer in California
5,471 financial accounts compromised
 

07/08/2014 Open Cities Health Center

a healthcare provider or servicer in Minnesota
1,304 financial accounts compromised
 

07/10/2014 University Development and Alumni Relations

  at the Penn State College of Medicine
an educational institution in Philadelphia, Pennsylvania  1,176 accounts compromised

07/14/2014 AEColorado

a retail business in Georgia
1,892 financial accounts compromised
 

07/15/2014 New York University / Langone Medical Center

a healthcare provider or servicer in New Hampshire
872 financial accounts compromised
 

07/15/2014 Penn State College of Medicine

an educational institution in Pennsylvania
1,176 financial accounts compromised
 

07/16/2014 Apple Valley Christian Care Center

a healthcare provider or servicer at 11959 Apple Valley Road  Apple Valley, California
500 accounts compromised

07/16/2014 Bay Area Pain Medical Associates

a healthcare provider or servicer at 3 Harbor Drive, Suite 115 Sausalito, California  2,780 accounts compromised

07/16/2014 Apple Valley Christian Care Center

a healthcare provider or servicer at 11959 Apple Valley Road Apple Valley, California  500 accounts compromised

07/16/2014 Central City Concern

a Non-Governmental Organization (includes non-profits) at 232 NW 6th Avenue Portland, Oregon  15 accounts compromised

07/18/2014 City of Encinitas

State Government in California
615 financial accounts compromised
 

07/18/2014 Penn Medicine Rittenhouse

a healthcare provider or servicer in Philadelphia, Pennsylvania  661 accounts compromised

07/21/2014 Dominion Resources Inc. / Onsite Health Diagnostics

a business other than retail at 6th FL P.O. Box 26532 Richmond, Virginia  1,700 accounts compromised

07/24/2014 TFA w/OTP defeated – Operation Emmental

As of mid 2014 this attack is targeting users in Austria, Switzerland, Sweden, and Japan defeating their Two Factor Authentication with One Time Passwords. More detail ….

7/28/2014 Israeli Defense Industry

A 2011-2012 breach was exposed which included at least these three companies
   Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defense Systems

According to Cyber Engineering Services Inc. of Columbia, Maryland, (CyberESI), attackers breached these firms between between October 10, 2011 and August 13, 2012. CyberESI tapped the hacker’s secret communications infrastructure and determined that information transferred pertained to Arrow III missiles, Unmanned Aerial Vehicles (UAVs), ballistic rockets, and more.

It appears that in 2011 and 2012 the breaches didn’t make the news anyplace Google indexes. The information was revealed by security researcher Brian Krebs (KrebsonSecurity) in an article on 7/28/2014, more than two years after the breach.

Want to know more?

07/28/2014 StubHub

a retail business in California
1,000 financial accounts compromised
 

07/29/2014 Baltimore School of Massage

an educational institution in Maryland
683 financial accounts compromised
 

07/29/2014 Beverly Hospital

a healthcare provider or servicer in California
54 financial accounts compromised
 

07/29/2014 Blue Cross Blue Shield / Michigan / Blue Care Network

a healthcare provider or servicer in Michigan
300 financial accounts compromised
 

07/29/2014 Buncombe County Schools

an educational institution in North Carolina
170 financial accounts compromised
 

07/29/2014 Essentia Health

a healthcare provider or servicer in North Dakota
430 financial accounts compromised
 

07/29/2014 Haley Chiropractic of Tacoma

a healthcare provider or servicer in Washington
6,000 financial accounts compromised
 

07/29/2014 Indian Health Service/Rosebud Service Unit

a healthcare provider or servicer in South Dakota
620 financial accounts compromised
 

07/29/2014 Lyster Army Health Clinic

Military in Alabama
2,300 financial accounts compromised
 

07/29/2014 MobilexUSA

a retail business in Ohio
605 financial accounts compromised
 

07/29/2014 Sloane Stecker Physical Therapy PC

a healthcare provider or servicer in New York
2,000 financial accounts compromised
 

07/29/2014 Specialized Eye Care

a healthcare provider or servicer in Maryland
50 financial accounts compromised
 

07/29/2014 Veteran’s Administration Medical Center / San Antonio

Military in Texas
161 financial accounts compromised
 

07/30/2014 CVS/Caremark

a retail business in Atlanta, Georgia  350 accounts compromised

07/30/2014 Rite Aid Pharmacy

a retail business at 900 East Meridian Milton, Washington  521 accounts compromised

07/30/2014 Indian Health Service / Maryland

a healthcare provider or servicer in Maryland
5,000 financial accounts compromised
 

08/05/2014 Cancer Specialists of Tidewater (Riverside Health Syst

a healthcare provider or servicer in Virginia
2,318 financial accounts compromised
 

08/05/2014 Delaware Restaurant Association

a retail business in Delaware
1,900 financial accounts compromised
 

08/05/2014 Urological Associates of Southern Arizona

a healthcare provider or servicer in Arizona
3,529 financial accounts compromised
 

08/07/2014 Weber State University

an educational institution in Utah
1,200 financial accounts compromised
 

08/08/2014 24-ON Physicians

a healthcare provider or servicer in Georgia
570 financial accounts compromised
 

08/12/2014 Acxiom Insight

a retail business in Arkansas
944 financial accounts compromised
 

08/12/2014 Minneapolis VetAdmin reports Shakopee clinic breach

Military in Minnesota
500 financial accounts compromised
 

08/12/2014 Office of Alexander J Tikhtman MD

a healthcare provider or servicer in Kentucky
2,376 financial accounts compromised
 

08/12/2014 Office of Dr. Paul Perron

a healthcare provider or servicer in California
4,000 financial accounts compromised
 

08/12/2014 San Mateo Medical Center

a healthcare provider or servicer in California
1,000 financial accounts compromised
 

08/12/2014 University of Pennsylvania Health System

a healthcare provider or servicer in Pennsylvania
661 financial accounts compromised
 

08/12/2014 VA Long Beach Healthcare System

Military in California
592 financial accounts compromised
 

08/19/2014 Children’s Mercy Hospital / Onsite Health Diagnositcs

a healthcare provider or servicer in Missouri
4,067 financial accounts compromised
 

08/19/2014 Sun Trust Bank

a Financial or Insurance Services firm in Georgia
225 financial accounts compromised
 

08/19/2014 Veterans Administration / South Carolina

Military in South Carolina
2,670 financial accounts compromised
 

08/22/2014 Cedars-Sinai Medical Center, Los Angeles

a healthcare provider or servicer in Los Angeles, California  500 accounts compromised

08/25/2014 New Mexico State University

an educational institution in New Mexico
170 financial accounts compromised
 

08/25/2014 BioReference Laboratories, Inc./CareEvolve, Inc.

a healthcare provider or servicer at 320 Miller Avenue, Suite 195 Ann Arbor, Michigan  3,334 accounts compromised

08/26/2014 Milpitas Knights PAL Youth Football

a business other than retail in Milpitas, California  80 accounts compromised

08/26/2014 D & J Optical

a healthcare provider or servicer in Alabama
1,100 financial accounts compromised
 

08/26/2014 Ledgewood Farm / Wharton Farm Market

a retail business in New Jersey
100 financial accounts compromised
 

08/26/2014 Midwest Urological Group

a healthcare provider or servicer in Illinois
982 financial accounts compromised
 

08/26/2014 Mizado Cocina

a retail business in Louisiana
8,000 financial accounts compromised
 

08/26/2014 OTTO Pizzeria

a retail business in Maine
900 financial accounts compromised
 

08/26/2014 Tri-City Medical Center

a healthcare provider or servicer in California
6,500 financial accounts compromised
 

09/02/2014 AltaMed Health Services Corporation

a healthcare provider or servicer in Georgia
3,206 financial accounts compromised
 

09/02/2014 Beachwood-Lakewood Plastic Surgery

a healthcare provider or servicer in Ohio
6,141 financial accounts compromised
 

09/02/2014 Huntington Bancshares Inc. Group Health Care Plan /

a healthcare provider or servicer in Ohio
4,487 financial accounts compromised
 

09/02/2014 Metro Public Health Department / Children Special Services

a healthcare provider or servicer in Tennessee
1,717 financial accounts compromised
 

09/02/2014 Summit County Fair

a retail business in Utah
951 financial accounts compromised
 

09/03/2014 Sentara Healthcare

a healthcare provider or servicer in Virginia
3,861 financial accounts compromised
 

9/08/2014 Hydra et. al. Faux Payday Loans

More than 1,300 complaints so far. The total number affected is not yet public.
In brief: Check your banking statements and notice if odd transactions appear.

In this case the “et. al.” refers to a long list of companies (see below). Since 2011 or so all were involved in what are called “payday loans” high cost, short-term, unsecured loans, often made to consumers to provide funds in anticipation of an upcoming paycheck. Consumers submitted personal identification, including social security number and bank information to “lead generators” would would see if they were eligible to receive such loans and to match the applicant to a lender. Up to this point all appears to be legal.

The lead generators would then sell the list of applicants to unauthorized persons who would make deposits into those accounts. This is unauthorized use of consumer supplied financial information. Some consumers did not approve, or otherwise, authorize these loan. Funds started being withdrawn and classified as fees (not principal).

Consumers complained to their bank and the lenders provided falsified information indicating a loan had been made. The banks accepted the bogus information. Even when the account was closed the lenders placed the bogus loans with collection agencies. In the end the consumers wound up paying much more in funds withdrawn improperly and contesting debt that had never been authorized.

The terms of unauthorized loan were often astronomical. One had an 995.45% APR (see pages 13 and 14 of the complaint, see reference following). On 9/08/2014 the Consumer Financial Protection Bureau filed a complaint (38 page PDF from source A or B) against three individuals and these companies:
 
  CLS SERVICES, INC.;
  CORVUS COMPANY, LLC,
  DJR GROUP, LLC; BCD GROUP, LLC;
  FSR SERVICES, INC.;
  HYDRA FINANCIAL LIMITED FUND I;
  HYDRA FINANCIAL LIMITED FUND II;
  HYDRA FINANCIAL LIMITED FUND III;
  HYDRA FINANCIAL LIMITED FUND IV;
  OSL MARKETING, INC., a/k/a OSL GROUP, INC.;
  PCKS SERVICES, LLC;
  PCMO SERVICES, LLC;
  PDC VENTURES, LLC;
  PIGGYCASH ONLINE HOLDINGS, LLC;
  RIVER ELK SERVICES, LLC;
  RM PARTNERS, LLC;
  ROCKY OAK SERVICES, LLC;
  SJ PARTNERS, LLC;
  SSM GROUP, LLC;
  CMG GROUP, LLC
 
in United States District Court, Western District of Missouri, Western Division. Some of those firms listed above were shell companies incorporated in Nevis, New Zealand and Saint Kitts.

The Federal Trade Commission also filed a complaint in the same jurisdiction against some of the above defendants and more (23 page PDF) alleging the defendants issued approximately $28 million in faux loans to consumers during an 11-month period in 2012-13 and extracted more than $46.5 million from consumer bank accounts.

More on the story from USA Today  and NY Times.

[ We question the number of affected persons based on the numbers in the FTC complaint. If the average loan was $300 and $28M was loaned, given no one did this twice, then there were ($28,000,000 / ($300/person) over 90,000 persons affected. Even if the average loan was $1,000 then there would be over 28,000 affected. Both numbers are much larger than 1,300 complainants -ed ]

09/08/2014 California State University / East Bay

an educational institution in California
6,036 financial accounts compromised
 

09/08/2014 City of Beloit

State Government in Wisconsin
843 financial accounts compromised
 

09/08/2014 Hydra

a Financial or Insurance Services firm in
1,300 accounts compromised

09/09/2014 George Mason University

an educational institution in Virginia
4,400 financial accounts compromised
 

09/09/2014 Veteran’s Administration Medical Center / William Jennings Bryan Dorn

Military in South Carolina
3,637 financial accounts compromised
 

09/16/2014 Midwest Orthapaedic Center (Missouri) / McKesson

a healthcare provider or servicer in Illinois
680 financial accounts compromised
 

09/16/2014 SantaFe Family Health Center (Medical Group)

a healthcare provider or servicer in New Mexico
843 financial accounts compromised
 

09/16/2014 Specialty Clinics of Georgia / Orthopaedics

a healthcare provider or servicer in Georgia
2,350 financial accounts compromised
 

09/16/2014 St. John’s Episcopal Hospital

a healthcare provider or servicer in New York
566 financial accounts compromised
 

09/16/2014 Tampa General Hospital

a healthcare provider or servicer in Florida
675 financial accounts compromised
 

09/16/2014 WellPoint Affiliated Covered Entities

a healthcare provider or servicer in Indiana
1,464 financial accounts compromised
 

09/16/2014 Williamson Medical Center / 24-ON Physicians

a healthcare provider or servicer in Tennessee
520 financial accounts compromised
 

9/17/2014 Cook Country Hospital

A hospital serving Chicago, Illinois metropolitan area  767 affected
The exposure occurred in July 2014 when an email from an authorized person to another authorized person containing health study information was transmitted without mandated encryption. The exposure was made public in mid-September 2014. Scope The information contained patient names, date of birth, race, ethnicity, gender, zip code, medical record number, date of service, place of service, type of lab test performed and lab test results. The information did not contain patient addresses or social security numbers. Source As of 9/27/2014 the event has already evaporated from the hospital web site and press release page.

09/22/2014 Diatherix / Diamond Computing Company

a healthcare provider or servicer in Alabama
7,016 financial accounts compromised
 

09/22/2014 Temple University Physicians

a healthcare provider or servicer in Pennsylvania
3,780 financial accounts compromised
 

09/22/2014 Veteran’s Administration Medical Center / Maryland

Military in Maryland
165 financial accounts compromised
 

9/23/2014 Owensboro Medical Practice

A medical practice in Owensboro Kentucky reporting the theft of about 3,000 patient records three years ago.

Timothy Hillard, Director of Research, believes former employees stole a spreadsheet with information to contact patients to join them in their new practice. Scope The spreadsheet contained patient names, addresses, telephone numbers, dates of birth, Social Security numbers and health condition or conditions. Scale The 3,000+/- are about 10% of the total patent records of OMP and its associate Research Integrity, LLC.

The breach report at PHIPrivacy and OMP. The story from WFIE television via their www.14News.com website.

09/23/2014 Apple Valley Care Center

a healthcare provider or servicer in California
1,251 financial accounts compromised
 

09/23/2014 Aventura Hospital and Medical Center

a healthcare provider or servicer in Florida
948 financial accounts compromised
 

09/23/2014 Emblem Health (Group Health Incorporated)

a healthcare provider or servicer in New York
802 financial accounts compromised
 

09/23/2014 ENT Partners of Texas

a healthcare provider or servicer in Texas
789 financial accounts compromised
 

09/23/2014 Hand Care Center/Shoulder and Elbow Institute

a healthcare provider or servicer in California
1,674 financial accounts compromised
 

09/23/2014 Kmart Corporation

a retail business in Illinois
1,866 financial accounts compromised
 

09/23/2014 Longstreet Clinic

a healthcare provider or servicer in Georgia
720 financial accounts compromised
 

09/23/2014 Motorola Mobility / StayWell Health Management

a retail business in Illinois
940 financial accounts compromised
 

09/23/2014 St. Elizabeth’s Medical Center

a healthcare provider or servicer in Massachusetts
595 financial accounts compromised
 

09/23/2014 Staples / StayWell Health Management

a retail business in Massachusetts
3,470 financial accounts compromised
 

9/26/2014 American Family Care (AFC)

Started in 1982 and based in Birmingham, Alabama, AFC is a network of urgent care clinics in Alabama, Florida, Georgia, and Tennessee.

What Two laptop computers containing patient data were stolen from an employee’s vehicle in Marietta, Georgia. The laptops were used in worker’s compensation and occupational medicine division of AFC and were password protected, but the data was not encrypted. When The theft occurred in July 18, 2014. AFC made email notifications on September 26, 2014 more than three months later. The notification was posted on the AFC web site on 9/30/2014. Scope The laptops may have contained patient names, addresses, dates of birth, phone numbers, medical record numbers, Social Security numbers, medical information, insurance information, driver’s license numbers and dates of service related to work-related injuries, physicals, immunizations, or drug screens. Scale Estimated exposed patients about 2,588.

American Family Care patients with questions may call the company’s at 800-258-7535 x2588 or e-mail ComplianceOfficer@AmericanFamilyCare.com

9/30/2014 US Army & Microsoft

Four persons were indicted on counts of stealing proprietary software used to train Apache helicopter pilots, source code and technical specifications related to the Microsoft Xbox One gaming console and games. The information was obtained by malicious code injection and compromise of employee user names and passwords. Two have already pleaded guilty to conspiracy to commit computer fraud and copyright infringement and should be sentenced in January 2015 to terms of up to five years. According to the FBI the unauthorized access ran from January 2011 until March 2014. That is more than three years before detection. Here is the Department of Justice press release and an article from Reuters.

09/30/2014 Bexar County Sheriff’s Office

State Government in Texas
100 financial accounts compromised
 

09/30/2014 Cox Communications

a retail business in Georgia
52 financial accounts compromised
 

10/01/2014 Sausalito Yacht Club

A private yacht club just north of San Francisco, California

What A club roster was hacked. Scale Information for about 500 members was exposed. Scope Exposed information contained names, contact information, member numbers, and amounts charged to members’ accounts. If an account was in arrears some member financial information was also exposed. (2 page PDF Announcement)
http://oag.ca.gov/system/files/SYC%20Private%20Member%20Information_0.pdf?

10/07/2014 Community Technology Alliance

a retail business in California
1,177 financial accounts compromised
 

10/07/2014 Fort Hays State University

an educational institution in Kansas
138 financial accounts compromised
 

10/07/2014 Provo City School District

an educational institution in Utah
1,400 financial accounts compromised
 

10/07/2014 U.S. Health Holdings, Ltd. o/b/o Macomb County,

a healthcare provider or servicer in Michigan
6,302 financial accounts compromised
 

10/12/2014 UC Davis Health System

UCDHS is part of the University of California Health Systems, UC Davis Health System is a teaching hospital including UC Davis Medical Center, UC Davis School of Medicine, The Betty Irene Moore School of Nursing at UC Davis, and UC Davis Medical Group. 2315 Stockton Blvd, Sacramento, CA 95817. 1,326 non-financial accounts were compromised.

What One email account for a physician was hacked. Scale Information for 1,326 patients was compromised. Scope What was compromised was not disclosed. What was not compromised were Social Security numbers or financial information. (source)

10/13/2014 Dr. Barry Snyder, MD

4,500 non-financial records for patients in Pennsylvania may have been compromised

What: Penn Highlands Brookville (PHB), a healthcare service learned of unauthorized access to patient records of Dr. Barry J. Snyder, MD. When: PHB discovered the potential access on August 14, 2014. That information was made public today, two months later. Scale: Approximately 4,500 patients may have been affected. Scope: Exposed information included the patient name, address or multiple addresses, date of birth, driver’s license numbers, Social Security numbers, telephone numbers, insurance information, medical information, and gender. Notice by PHB [ https://www.phhealthcare.org/penn-highlands-brookville/penn-highlands-brookville-provides-public-notice-of-data-security-incident/page.aspx?id=2038 ] and PHI Privacy Net report

10/14/2014 Albertina Kerr’s (Crisis Psychiatric Care Facility)

a healthcare provider or servicer in Oregon
1,320 financial accounts compromised
 

10/14/2014 Cone Health Medical Group / Southeastern Heart and

a healthcare provider or servicer in North Carolina
1,872 financial accounts compromised
 

10/14/2014 Penn Highlands Brookville / Barry J Snyder, M.D.

a healthcare provider or servicer in Pennsylvania
4,500 financial accounts compromised
 

10/14/2014 Region Six of the Georgia Department of Behavioral Health

State Government in Georgia
3,397 financial accounts compromised
 

10/14/2014 South Texas Veterans Health Care System

State Government in Texas
4,000 financial accounts compromised
 

10/14/2014 University of California Davis Health System

a healthcare provider or servicer in California
1,326 financial accounts compromised
 

10/20/2014 Christiana Care Health System

a healthcare provider or servicer in Delaware
1,667 financial accounts compromised
 

10/20/2014 City of Dallas / Dallas Fire-Rescue

State Government in Texas
1,000 financial accounts compromised
 

10/20/2014 Future Is Now

a retail business in Louisiana
210 financial accounts compromised
 

10/20/2014 Graybill Medical Group

a healthcare provider or servicer in California
1,863 financial accounts compromised
 

10/20/2014 Office of Thomas Cristello, District of Columbia

a healthcare provider or servicer in New York
914 financial accounts compromised

10/23/2014 Sourcebooks

A publisher headquartered in Naperville, Illinois
5,100 financial accounts were compromised

What: A vulnerability in the the electronic shopping cart at Sourcebooks web sites allowed unauthorized parties to access customer charge card information. When: The exposure occurred between April 16, 2014 and June 19, 2014. Disclosure was made last week, or four months after the breach. Scope: Cardholder first and last name, the card number, expiration date, card verification value (CVV2), email address, telephone number and address. In some cases the shipping information. To the company’s knowledge at the time the breach did not expose personal identification (PIN) numbers, card track data or card verification data (CVD).Scale: About 5,100 people were affected according to Krebs on Security who broke the story today. Sample letter from Sourcebooks to affected consumers

10/27/2014 Compassionate Care Hospice of Central Louisiana

a healthcare provider or servicer in Louisiana
707 financial accounts compromised
 

10/27/2014 Office of Dr. Vonica Chau

a healthcare provider or servicer in Texas
810 financial accounts compromised
 

10/27/2014 Oklahoma City Indian Clinic

a healthcare provider or servicer in Oklahoma
6,000 financial accounts compromised
 

10/28/2014 Chicago Housing Authority

State Government in Illinois
795 financial accounts compromised
 

11/03/2014 Lewisburg Area School District

an educational institution in Pennsylvania
1,968 financial accounts compromised
 

11/07/2014 Jessica Trice Community Health Center

a healthcare provider or servicer in Florida
7,888 financial accounts compromised
 

11/10/2014 Madison Street Provider Network

a healthcare provider or servicer in Colorado
523 financial accounts compromised
 

11/10/2014 New YorkU Urology Associates

a healthcare provider or servicer in New York
835 financial accounts compromised
 

11/10/2014 Veteran’s Administration Medical Center / Portland

Military in Oregon
1,740 financial accounts compromised
 

11/12/2014 Alexandria Fire Department / ADP

State Government in Virginia
1,669 financial accounts compromised
 

11/12/2014 Bon Secours Kentucky

a healthcare provider or servicer in Kentucky
697 financial accounts compromised
 

11/12/2014 Burlington Northern Sante Fe Group Benefits Plan

a healthcare provider or servicer in Texas
507 financial accounts compromised
 

11/12/2014 Heard County EMA

State Government in Georgia
672 financial accounts compromised
 

11/12/2014 Orange County MRI

a healthcare provider or servicer in New Jersey
585 financial accounts compromised
 

11/12/2014 Service Employee International Union National Benefit

a healthcare provider or servicer in New York
800 financial accounts compromised
 

11/12/2014 Seven Counties Services, Inc.

a healthcare provider or servicer in Kentucky
727 financial accounts compromised
 

11/12/2014 Southwest Virginia Physicians for Women

a healthcare provider or servicer in Virginia
568 financial accounts compromised
 

11/17/2014 Seattle Public Schools

an educational institution in Washington
8,000 financial accounts compromised
 

11/18/2014 Brigham and Women’s Hospital

a healthcare provider or servicer in Massachusetts
999 financial accounts compromised
 

11/18/2014 Grand Casino Mille Lacs

a retail business in Minnesota
1,600 financial accounts compromised
 

11/21/2014 Coulee Medical Center

a healthcare provider or servicer in Washington
2,500 financial accounts compromised
 

11/21/2014 PruittHealth Pharmacy Services

a healthcare provider or servicer in Georgia
841 financial accounts compromised
 

11/25/2014 BHCare, Inc.

a healthcare provider or servicer in Connecticut
5,827 financial accounts compromised
 

11/25/2014 Bon Secours Mary Immaculate Hospital

a healthcare provider or servicer in Virginia
5,764 financial accounts compromised
 

11/25/2014 Department of Labor

a healthcare provider or servicer in Connecticut
64 financial accounts compromised
 

11/25/2014 Green Energy Training Academy

a retail business in Pennsylvania
53 financial accounts compromised
 

11/25/2014 Moolah Payments (MemberClicks, Inc.)

a retail business in Georgia
250 financial accounts compromised
 

11/25/2014 Northfield Hospital & Clinics

a healthcare provider or servicer in Minnesota
1,778 financial accounts compromised
 

11/25/2014 Southern Perioperative Services, P.C.

a healthcare provider or servicer in Alabama
2,046 financial accounts compromised
 

11/25/2014 State of South Carolina Budget and Control Board

State Government in South Carolina
5,596 financial accounts compromised
 

11/25/2014 University Health

a healthcare provider or servicer in Louisiana
6,073 financial accounts compromised
 

12/02/2014 Baptist Primary Care

a healthcare provider or servicer in Florida
1,449 financial accounts compromised
 

12/02/2014 Henry Ford West Bloomfield Hospital / DMC Harper

a healthcare provider or servicer in Michigan
1,400 financial accounts compromised
 

12/02/2014 University Hospitals

a healthcare provider or servicer in Ohio
692 financial accounts compromised
 

12/08/2014 WellCare Health Plans

a healthcare provider or servicer in Florida
4,469 financial accounts compromised
 

12/09/2014 Department for Children and Families

State Government in Vermont
66 financial accounts compromised
 

12/09/2014 New Hampshire Employment Security

State Government in New Hampshire
2,700 financial accounts compromised
 

12/11/2014 Colorado River Indian Tribes

State Government in Arizona
1,296 financial accounts compromised
 

12/16/2014 County of Fairfax, VA

State Government in Virginia
595 financial accounts compromised
 

12/16/2014 Family Central / Early Learning Coalition

a retail business in Florida
100 financial accounts compromised
 

12/16/2014 Kirkbride Center

a healthcare provider or servicer in Pennsylvania
860 financial accounts compromised
 

12/16/2014 Memorial Healthcare

a healthcare provider or servicer in Florida
1,782 financial accounts compromised
 

12/16/2014 Multilingual Psychotherapy Centers, Inc.

a healthcare provider or servicer in Florida
3,500 financial accounts compromised
 

12/16/2014 Riverside Medical Clinic

a healthcare provider or servicer in California
2,691 financial accounts compromised
 

12/16/2014 True Vision Eyecare

a healthcare provider or servicer in Ohio
542 financial accounts compromised
 

12/16/2014 Union First Market Bank

a Financial or Insurance Services firm in Virginia
3,000 financial accounts compromised
 

12/16/2014 University of California Berkeley

an educational institution in California
1,600 financial accounts compromised
 

12/16/2014 Weill Cornell Medical College

a healthcare provider or servicer in New York
3,936 financial accounts compromised
 

12/22/2014 Group Health Incorporated

a healthcare provider or servicer in New York
802 financial accounts compromised
 

12/22/2014 Northwestern Memorial Healthcare

a healthcare provider or servicer in Illinois
2,800 financial accounts compromised
 

12/22/2014 St. Francis Hospital

a healthcare provider or servicer in Delaware
948 financial accounts compromised
 

12/23/2014 James Madison University

an educational institution in Virginia
2,800 financial accounts compromised
 

12/30/2014 VA Healthcare

Military in District of Columbia
7,000 financial accounts compromised
 

12/31/2014 Department of Health

State Government in Florida
2,477 financial accounts compromised
 

12/31/2014 District Medical Group

a healthcare provider or servicer in Arizona
616 financial accounts compromised
 

12/31/2014 North Big Horn Hospital

a healthcare provider or servicer in West Virginia
1,607 financial accounts compromised
 

12/31/2014 ReachOut Home Care

a healthcare provider or servicer in Kentucky
4,500 financial accounts compromised
 

12/31/2014 St. Mary Mercy Hospital

a healthcare provider or servicer in Michigan
1,488 financial accounts compromised
 

12/31/2014 The Hearing Zone

a healthcare provider or servicer in Utah
623 financial accounts compromised
 

 
 

In addition to sources cited above the Chronology of Data Base Breaches maintained by the Privacy Rights Clearinghouse was used. Their website is a valuable resource for those seeking information on basic privacy, identity theft, medical privacy and much more. They are highly recommended. We also recommend The Identity Theft Resource Center (ITRC).

 
 

View the 2014 summary
Return to References page
Return to Year links page

Links above were active at the time they were gathered. Links shown in non-hypertext (not clickable) are known to be no longer supported on their hosts.

Visit Us On FacebookVisit Us On Twitter