2011-under10k

Compromises in 2011 affecting less than 10,000

Compromises in 2011 affecting 10,000 or more
Compromises in 2011 affecting an unknown, or undisclosed, number

01/03/2011 EVG Quality Gas

a retail business in Sierra Madre, California  380 accounts compromised

01/05/2011 Taco Bell

a retail business in Grand Rapids, Michigan  50 accounts compromised

01/06/2011 PinnacleHealth System, Gair Medical Transportation Services

a healthcare provider or servicer in Harrisburg, Pennsylvania  1,086 accounts compromised

01/06/2011 Private Dental Practice

a healthcare provider or servicer in Germantown, Maryland  1,000 accounts compromised

01/06/2011 Grant Medical Center, OhioHealth

a healthcare provider or servicer in Columbus, Ohio  501 accounts compromised

01/06/2011 Heraeus Incorporated

a business other than retail in New York, New York  514 accounts compromised

01/06/2011 Pentagon Federal Credit Union (PenFed)

a Financial or Insurance Services firm in Alexandria, Virginia  514 accounts compromised

01/08/2011 Campus Suite Apartments

a business other than retail in West Lafayette, Indiana  30 accounts compromised

01/08/2011 Washington State Employment Security Division

State Government in Olympia, Washington  1,000 accounts compromised

01/08/2011 Race Trac

a retail business in Melbourne, Florida  600 accounts compromised

01/10/2011 Entertainment Software Rating Board (ESRB)

a business other than retail in New York, New York  1,000 accounts compromised

01/13/2011 New Mexico National Guard

Military in Sante Fe, New Mexico  650 accounts compromised

01/13/2011 St. Vincent Hospital

a healthcare provider or servicer in Indianapolis, Indiana  1,800 accounts compromised

01/14/2011 California Therapy Solutions

a healthcare provider or servicer in , California  1,226 accounts compromised

01/14/2011 Blue Cross Blue Shield of Michigan (BCBSM), Tstream Software

a healthcare provider or servicer in Harper Woods, Michigan  2,979 accounts compromised

01/14/2011 Osceola Medical Center, Hils Transcription Service

a healthcare provider or servicer in Osceola, Wisconsin  500 accounts compromised

01/14/2011 International Union of Operating Engineers Health and Welfare Fund, Zenith Administrators, Inc.

a Non-Governmental Organization (includes non-profits) in Baltimore, Maryland  800 accounts compromised

01/14/2011 Azure Acres

a healthcare provider or servicer in New York, New York  699 accounts compromised

01/15/2011 South Carolina State Budget and Control Board Employee Insurance Program

State Government in Columbia, South Carolina  5,600 accounts compromised

01/15/2011 Omaha School Employees Retirement System

an educational institution in Omaha, Nebraska  4,300 accounts compromised

01/18/2011 MIchael’s Rock Hill Grille

a retail business in Rock Hill, South Carolina  30 accounts compromised

01/19/2011 Ingenix

a business other than retail in Eden Prairie, Minnesota  142 accounts compromised

01/20/2011 Chase Bank

a Financial or Insurance Services firm in San Luis Obispo, California  100 accounts compromised

01/24/2011 Wentworth Institute of Technology

an educational institution in Boston, Massachusetts  1,300 accounts compromised

01/24/2011 University of Missouri, Coventry Health Care

an educational institution in Columbia, Missouri  750 accounts compromised

01/26/2011 Warner Pacific College

an educational institution in Portland, Oregon  1,536 accounts compromised

01/26/2011 Universal Technical Institute

an educational institution in Phoenix, Arizona  98 accounts compromised

01/26/2011 Ember Corporation

a business other than retail in Boston, Massachusetts  50 accounts compromised

01/29/2011 Southern Perioperative Services, P.C.

a healthcare provider or servicer in Pelham, Alabama  2,000 accounts compromised

01/29/2011 Dermatology Clinic

a healthcare provider or servicer in Durham, North Carolina  55 accounts compromised

01/29/2011 Friendship Center Dental Office

a healthcare provider or servicer in Ocala, Florida  2,200 accounts compromised

01/29/2011 Franciscan Medical Group

a healthcare provider or servicer in Tacoma, Washington  1,250 accounts compromised

01/29/2011 Veteran’s Affairs Medical Center

Military in White River Junction, Vermont  114 accounts compromised

01/30/2011 The Minnesota Department of Education

State Government in Roseville, Minnesota  20 accounts compromised

02/02/2011 University Book Exchange

a retail business in Greenville, North Carolina  100 accounts compromised

02/03/2011 University of Washington Hospital

an educational institution in Seattle, Washington  17 accounts compromised

02/03/2011 SettlementOne Credit Corporation

Also include Sackett National Holdings Inc., ACRAnet Inc., Fajilan and Associates Inc., Statewide Credit Services and Robert Fajilan, businesses other than retail in multiple states  1,800 accounts compromised

02/05/2011 Human Services Agency of San Francisco

City Government in San Francisco, California  2,400 accounts compromised

02/09/2011 Oregon Department of Corrections

City Government in Madras, Oregon  300 accounts compromised

02/15/2011 Affiliated Computer Services (ACS)

a business other than retail in Columbus, Ohio  8,000 accounts compromised

02/15/2011 Lake Woods Nursing and Rehabilitation Center

a healthcare provider or servicer in Muskegon, Michigan  656 accounts compromised

02/15/2011 Baptist Memorial Hospital

a healthcare provider or servicer in Huntingdon, Tennessee  4,800 accounts compromised

02/15/2011 Baylor Health Care Systems, Baylor Heart and Vascular System, Baylor University Medical Center

a healthcare provider or servicer in Dallas, Texas  8,241 accounts compromised

02/16/2011 Charleston Area Medical Center (CAMC)

a healthcare provider or servicer in Charleston, West Virginia  3,655 accounts compromised

02/17/2011 American Airlines

a business other than retail in San Jose, California  350 accounts compromised

02/22/2011 Integrity Bank Plus, MicroBilt Corp

a Financial or Insurance Services firm in Kennesaw, Georgia  500 accounts compromised

02/22/2011 Emory Healthcare

a healthcare provider or servicer in Atlanta, Georgia  2,400 accounts compromised

02/24/2011 Henry Ford Health Center

a healthcare provider or servicer in Detroit, Michigan  2,777 accounts compromised

02/28/2011 Delray Beach and Oakland Park Fire Fighters and Police Officers

Local Government in Oakland Park, Florida  400 accounts compromised

03/02/2011 Beebe Medical Center

a healthcare provider or servicer in Florida  113 accounts compromised

03/03/2011 Missouri State University

an educational institution in Springfield, Missouri  6,030 accounts compromised

03/05/2011 Rancho Los Amigos National Rehabilitation Center

a healthcare provider or servicer in Downey, California  667 accounts compromised

03/07/2011 Blue Cross Blue Shield Florida

a healthcare provider or servicer in Jacksonville, Florida  7,366 accounts compromised

03/09/2011 Shell, Chevron

a retail business in Mountain View, California  3,600 accounts compromised

03/09/2011 Eastern Michigan University

an educational institution in Ypsilanti, Michigan  45 accounts compromised

03/14/2011 Virginia Polytechnic Institute and Virginia Tech

educational institutions in Blacksburg, Virginia  370 accounts compromised

03/15/2011 Nation’s Giant Hamburgers

a retail business in Vacaville, California  200 accounts compromised

03/16/2011 Jefferson Center for Mental Health

a healthcare provider or servicer in Wheat Ridge, Colorado  546 accounts compromised

03/16/2011 Cancer Care Northwest

in Spokane, Washington  3,150 accounts compromised

03/17/2011 Walnut Township School District

Local Government in Millersport, Ohio  80 accounts compromised

03/18/2011 City of Cleveland, Texas

City Government in Cleveland, Texas  10 accounts compromised

03/21/2011 Portland Veterans Affairs Medical Center

Military in Portland, Oregon  50 accounts compromised

03/22/2011 Bloomfield Hills School District

Local Government in Bloomfield, Michigan  321 accounts compromised

03/26/2011 Portland Center for the Performing Arts (PCPA)

a business other than retail in Portland, Oregon  864 accounts compromised

03/26/2011 Memorial Health Services, MemorialCare Health System

a healthcare provider or servicer in Long Beach, California  2,250 accounts compromised

03/26/2011 Killeen Independent School District (KISD)

an educational institution in Killeen, Texas  58 accounts compromised

03/26/2011 Maryville Academy

in Des Plaines, Illinois  3,897 accounts compromised

03/30/2011 NYU Langone Medical Center

a healthcare provider or servicer in New York, New York  2 accounts compromised

04/06/2011 Hartford Life Insurance Company

a Financial or Insurance Services firm in Hartford, Connecticut  300 accounts compromised

04/07/2011 Town of Barton

City Government in Barton, Vermont  150 accounts compromised

04/08/2011 Maine State Prison

State Government in Warren, Maine  117 accounts compromised

04/08/2011 VA Medical Center

Military in Aiken, South Carolina  2,600 accounts compromised

04/13/2011 Private Medical Practice

a healthcare provider or servicer in San Antonio, Texas  34 accounts compromised

04/13/2011 PNC Automated Teller Machines

a Financial or Insurance Services firm in Pittsburgh, Pennsylvania  211 accounts compromised

04/14/2011 Private Medical Practice

a healthcare provider or servicer in Oklahoma  600 accounts compromised

04/14/2011 Central Brooklyn Medical Group PC, Preferred Health Partners

a healthcare provider or servicer in New York, New York  500 accounts compromised

04/14/2011 Fairview Health Services

a healthcare provider or servicer in Minneapolis, Minnesota  1,200 accounts compromised

04/15/2011 Jade House Restaurant

a retail business in Richmond, Indiana  15 accounts compromised

04/18/2011 Southwest Ambulance

a healthcare provider or servicer in Mesa, Arizona  581 accounts compromised

04/19/2011 Central Ohio Technical College (COTC)

an educational institution in Newark, Ohio  617 accounts compromised

04/20/2011 Institute of Electrical and Electronics Engineers (IEEE)

a Non-Governmental Organization (includes non-profits) in Piscataway, New Jersey  828 accounts compromised

04/20/2011 Texas Health Arlington Memorial Hospital

a healthcare provider or servicer in Arlington, Texas  654 accounts compromised

04/21/2011 Qdoba Mexican Grill

a retail business in Clive, Iowa  12 accounts compromised

04/21/2011 GoGrid LLC.

a business other than retail in San Francisco, California  40 accounts compromised

04/21/2011 ABM Industries

a business other than retail in Atlanta, Georgia  91 accounts compromised

04/22/2011 U.S. District Court for the Middle District of Alabama

Government in Montgomery, Alabama  40 accounts compromised

04/28/2011 DSLReports.com

a business other than retail on the internet   8,000 accounts compromised

04/29/2011 Peace Officers Research Association of California (PORAC)

a business other than retail in Sacramento, California  2,000 accounts compromised

04/29/2011 Omnicare Inc.

a healthcare provider or servicer in Covington, Kentucky  8,845 accounts compromised

05/02/2011 Woman to Woman Healthcare

a healthcare provider or servicer in San Francisco, California  26 accounts compromised

05/03/2011 Speare Memorial Hospital

a healthcare provider or servicer in Gambrills, Maryland  6,000 accounts compromised

05/04/2011 Catholic Social Services

1,700 accounts compromised

05/05/2011 Park Avenue Obstetrics and Gynecology, PC

a healthcare provider or servicer in Atlanta, GA  635 accounts compromised

05/05/2011 Union Security Insurance Company

a Financial or Insurance Services firm in Las Vegas, Nevada  935 accounts compromised

05/07/2011 Office of Dr. Jeffry Barnes

a healthcare provider or servicer in Illinois  60 accounts compromised

05/07/2011 Allina Hospitals and Clinics

a healthcare provider or servicer in Hartford, Connecticut  11 accounts compromised

05/09/2011 Huntington National Bank

a Financial or Insurance Services firm in Bellwood, Illinois  2,000 accounts compromised

05/10/2011 Fox.com

a business other than retail in Winchester, Virginia  363 accounts compromised

05/17/2011 Regions Bank

a Financial or Insurance Services firm in Nashville, TN  149 accounts compromised

05/17/2011 Eye Care Associates of the San Ramon Valley

a healthcare provider or servicer in San Antonio, Texas  611 accounts compromised

05/18/2011 The Securities and Exchange Commission

Federal Government in Denver, Colorado  4,000 accounts compromised

05/20/2011 LaMar’s Donuts

a retail business in Kokomo, Indiana  50 accounts compromised

05/20/2011 HarborOne Credit Union

a Financial or Insurance Services firm serving New England  800 accounts compromised

05/20/2011 Flanigan’s

a retail business in Loma Linda, California  85 accounts compromised

05/21/2011 Methodist Charlton Medical Center

a healthcare provider or servicer in Dallas, Texas  1,500 accounts compromised

05/21/2011 Keith & Fisher, DDS, PA

a healthcare provider or servicer in Greensboro, North Carolina  6,000 accounts compromised

05/21/2011 Office of Dr. Edalji and Dr. Komer

a healthcare provider or servicer in Brookline, Massachusetts  563 accounts compromised

05/21/2011 TRICARE Management Activity

a healthcare provider or servicer in Aurora, Colorado  4,500 accounts compromised

05/25/2011 Bank of America

a Financial or Insurance Services firm in New York, New York  300 accounts compromised

05/27/2011 San Juan Unified School District

an educational institution in Carmichael, California  4,000 accounts compromised

05/27/2011 Valley National Bank

a Financial or Insurance Services firm in New York, New York  348 accounts compromised

05/28/2011 Provena Covenant Medical Center

a healthcare provider or servicer in Urbana, Illinois  100 accounts compromised

06/02/2011 Wake Forest Baptist Medical Center

a healthcare provider or servicer in Winston-Salem, South Carolina  357 accounts compromised

06/03/2011 Trinity Medical Center (Montclair Baptist Medical Center)

a healthcare provider or servicer in Birmingham, Alabama  4,500 accounts compromised

06/03/2011 Trinity Medical Center (Montclair Baptist Medical Center)

a healthcare provider or servicer in Birmingham, Alabama  4,500 accounts compromised

06/03/2011 Indiana Regional Medical Center

a healthcare provider or servicer in Indiana, Pennsylvania  500 accounts compromised

06/04/2011 Infragard

a business other than retail in Atlanta, Georgia  180 accounts compromised

06/05/2011 Casa Grande Justice Court

City Government in Casa Grande, Arizona  200 accounts compromised

06/08/2011 University of Mary Washington (UMW)

an educational institution in Fredericksburg, Virginia  7,566 accounts compromised

06/08/2011 LexisNexis, Onyx Collections and Locators Services Inc.

a business other than retail in Boca Raton, Florida  74 accounts compromised

06/09/2011 Murphy USA

a retail business in Suffolk, Virginia  42 accounts compromised

06/09/2011 The VA Caribbean Healthcare System

a healthcare provider or servicer in San Juan, Puerto Rico  1,691 accounts compromised

06/09/2011 Healthcare Partners

a healthcare provider or servicer in Long Beach, California  16 accounts compromised

06/10/2011 Lafrance Hospitality Corporation

a business other than retail in Westport, Massachusetts  100 accounts compromised

06/10/2011 Ravenel Elementary School

an educational institution in Seneca, South Carolina  15 accounts compromised

06/10/2011 Lafrance Hospitality Corporation

a business other than retail in Westport, Massachusetts  100 accounts compromised

06/10/2011 Texas Department of Assistive and Rehabilitative Services

State Government in Austin, Texas  4,900 accounts compromised

06/13/2011 Jackson Memorial Hospital, Jackson Health System

a healthcare provider or servicer in Miami, Florida  1,800 accounts compromised

06/17/2011 Boulder Community Hospital

a healthcare provider or servicer in Boulder, Colorado  74 accounts compromised

06/17/2011 Platte Valley Medical Center (PVMC), Centura Health

a healthcare provider or servicer in Brighton, Colorado  265 accounts compromised

06/20/2011 Associated Credit Union

a Financial or Insurance Services firm in Norcross, Georgia  100 accounts compromised

06/21/2011 Foothills Nephrology Associates

a healthcare provider or servicer in Spartanburg, South Carolina  1,280 accounts compromised

06/24/2011 California Department of Public Health (CDPH)

State Government in Sacramento, California  9,000 accounts compromised

06/30/2011 Blue Cross and Blue Shield of Florida (BCBSF)

a healthcare provider or servicer in Jacksonville, Florida  3,500 accounts compromised

07/01/2011 Colorado Department of Health Care Policy and Financing (HCPF)

State Government in Denver, Colorado  3,590 accounts compromised

07/01/2011 Concord Hospital

a healthcare provider or servicer in Concord, New Hampshire  13 accounts compromised

07/03/2011 Navos Mental Health Solutions

a healthcare provider or servicer in Seattle, Washington  2,700 accounts compromised

07/03/2011 Tuba City Regional Health Care Corporation

a healthcare provider or servicer in Tuba City, Arizona  2,000 accounts compromised

07/05/2011 Sutter Gould Medical Foundation (SGMF)

a healthcare provider or servicer in Stockton, California  1,200 accounts compromised

07/07/2011 Clark College

an educational institution in Vancouver, Washington  9 accounts compromised

07/07/2011 Troy Regional Medical Center (TRMC), Southern Records Management Inc.

a healthcare provider or servicer in Troy, Alabama  880 accounts compromised

07/07/2011 The Tech

a business other than retail in San Jose, California  800 accounts compromised

07/07/2011 Hurley Medical Center

a healthcare provider or servicer in Flint, Michigan  1,938 accounts compromised

07/12/2011 Colorado Springs Hospital – Memorial Health System

a healthcare provider or servicer in Colorado Springs, Colorado  2,500 accounts compromised

07/12/2011 Toshiba, Toshiba America Information Systems, Inc. (TAIS)

a retail business in Irvine, California  7,971 accounts compromised

07/14/2011 Sky Harbor PHX

a business other than retail in Phoenix, Arizona  10 accounts compromised

07/15/2011 Psychiatric Times

a business other than retail in Minneapolis, Minnesota  1,400 accounts compromised

07/16/2011 DeKalb Medical – Hillandale

a healthcare provider or servicer in Hillandale, Georgia  7,500 accounts compromised

07/16/2011 College Choice, UPromise Investments

a Financial or Insurance Services firm in Indianapolis, Indiana  300 accounts compromised

07/18/2011 Beth Israel Deaconess Medical Center

a healthcare provider or servicer in Boston, Massachusetts  2,012 accounts compromised

07/21/2011 StudentCity.com

a retail business in Peabody, Massachusetts  266 accounts compromised

07/26/2011 Lincoln National Life Insurance Company, Lincoln Life & Annuity Company of New York

a Financial or Insurance Services firm in New York, New York  705 accounts compromised

07/26/2011 University of Nevada – Las Vegas (UNLV)

an educational institution in Las Vegas, Nevada  2,000 accounts compromised

07/30/2011 Nyack Hospital

a healthcare provider or servicer in Nyack, New York  1,400 accounts compromised

07/30/2011 Chase Bank

a Financial or Insurance Services firm in Rancho Peñasquitos, California  950 accounts compromised

08/01/2011 Mills-Peninsula Medical Center

a healthcare provider or servicer in Burlingame, California  1,438 accounts compromised

08/01/2011 City of Pittsburgh

City Government in Pittsburgh, Pennsylvania  29 accounts compromised

08/01/2011 University of North Carolina – Chapel Hill

an educational institution in Chapel Hill, North Carolina  30 accounts compromised

08/02/2011 New River Health Association

a healthcare provider or servicer in , West Virginia  950 accounts compromised

08/02/2011 SilverPop

a business other than retail in Atlanta, Georgia  884 accounts compromised

08/05/2011 The Brigham, Women’s/Faulkner Hospital

a healthcare provider or servicer in Boston, Massachusetts  638 accounts compromised

08/09/2011 McDonald’s

a retail business in Norfolk, Virginia  185 accounts compromised

08/09/2011 McDonald’s

a retail business in Norfolk, Virginia  185 accounts compromised

08/10/2011 Cal Poly Pomona

an educational institution in Pomona, California  38 accounts compromised

08/10/2011 Department of Social and Health Services – Washington

Local Government in Seattle, Washington  3,950 accounts compromised

08/11/2011 Energy Federation, Inc.

a business other than retail in Westborough, Massachusetts  20 accounts compromised

08/11/2011 Country Corner Market

a retail business in Amherst, Virginia  125 accounts compromised

08/11/2011 TGI Fridays

a retail business in Laurel, Maryland  73 accounts compromised

08/13/2011 University of Hawaii – Kapi’olani Community College

an educational institution in Honolulu, Hawaii  2,000 accounts compromised

08/13/2011 St. Francis Hospital

a healthcare provider or servicer in Wilmington, Delaware  474 accounts compromised

08/14/2011 Bay Area Rapid Transit (BART)

Government or Military in San Francisco, California  2,450 accounts compromised

08/15/2011 Multiple North Carolina schools

Including North Carolina State University (NCSU), Gardners Elementary School, Wells Elementary School, Ashley Chapel Elementary School, all educational institutions in Raleigh, North Carolina  1,800 accounts compromised

08/16/2011 Purdue University

an educational institution in West Lafayette, Indiana  7,093 accounts compromised

08/17/2011 Bay Area Rapid Transit (BART)

Local Government in San Francisco, California  100 accounts compromised

08/18/2011 Fort Dodge Correctional Facility

in Vinton, Iowa  23 accounts compromised

08/19/2011 The Health Plan of San Mateo (HPSM)

a healthcare provider or servicer in San Mateo, California  694 accounts compromised

08/19/2011 University of Missouri Health Care

a healthcare provider or servicer in Columbia, Missouri  1,288 accounts compromised

08/19/2011 University of Missouri Health Care

a healthcare provider or servicer in Columbia, Missouri  1,288 accounts compromised

08/19/2011 Mount Sinai Multispecialty Physicians Practice

a healthcare provider or servicer in New York City, New York  720 accounts compromised

08/20/2011 Thirty-One Gifts, LLC

a retail business in Johnstown, Ohio had two breaches on the same day.  55 accounts compromised in total

08/23/2011 Northwestern Counseling and Support Services

a healthcare provider or servicer in St. Albans, Vermont  12 accounts compromised

08/26/2011 Fidelity National Information Services, Inc. (FIS)

a Financial or Insurance Services firm in Jacksonville, Florida  22 accounts compromised

08/27/2011 The Lexington VA Medical Center

a healthcare provider or servicer in Lexington, Kentucky  1,900 accounts compromised

08/27/2011 Avalon Centers

a healthcare provider or servicer in Depew, New York  172 accounts compromised

08/27/2011 Living Healthy Clinic, University of Wisconsin – Oshkosh College of Nursing

a healthcare provider or servicer in Oshkosh, Wisconsin  3,000 accounts compromised

09/02/2011 Pacific Retina Specialists

a healthcare provider or servicer in Seattle, Washington  60 accounts compromised

09/03/2011 New Horizons General Partnership

a healthcare provider or servicer in Granbury, Texas  12 accounts compromised

09/07/2011 North Bay Regional Health Centre

a healthcare provider or servicer in Napa, California  5,800 accounts compromised

09/08/2011 Austin Center for Therapy and Assessment

a healthcare provider or servicer in Austin, Texas  1,870 accounts compromised

09/08/2011 Treatment Services Northwest

a healthcare provider or servicer in Portland, Oregon  1,200 accounts compromised

09/09/2011 Indiana University School of Medicine

an educational institution in Indianapolis, Indiana  178 accounts compromised

09/13/2011 Bonney Lake Medical Center

a healthcare provider or servicer in Bonney Lake, Washington  2,370 accounts compromised

09/15/2011 Montgomery County Department of Job and Family Services

County Government in Dayton, Ohio  1,200 accounts compromised

09/15/2011 Brandywyne Healthcare Center

a healthcare provider or servicer in Winter Haven, Florida  83 accounts compromised

09/16/2011 Veterans Administration Medical Center

Federal Government in Biloxi, Mississippi  1,814 accounts compromised

09/16/2011 Guilford County Tax Department

County Government in Greensboro, North Carolina  1,000 accounts compromised

09/17/2011 Legislative Data Center

Government in Sacramento, California  50 accounts compromised

09/19/2011 New York University Langone Medical Center Hospital for Join Diseases (HJD)

a healthcare provider or servicer in New York, New York  2,600 accounts compromised

09/19/2011 Medassets Inc., Saint Barnabas Health Care System, Cook County Health and Hospitals (CCHHS)

a business other than retail in Alpharetta, Georgia  3,500 accounts compromised

09/20/2011 Ashley Industrial Molding, Inc., AssureCare Risk Management (ARM)

a retail business in Ashley, Indiana  506 accounts compromised

09/20/2011 ProMedica

a healthcare provider or servicer in Toledo, Ohio  14 accounts compromised

09/23/2011 University of Texas San Antonio (UTSA)

an educational institution in San Antonio, Texas  688 accounts compromised

09/23/2011 United States Steel and Carnegie Pension Fund, Benefits Administration Services

a business other than retail in New York, New York  4,000 accounts compromised

09/23/2011 Veterans Affairs Illiana Health Care System

a healthcare provider or servicer in Illiana, Illinois  518 accounts compromised

09/24/2011 Electronic Data Systems, Hewlett-Packard Enterprise Services, Alabama Department of Corrections

a Financial or Insurance Services firm in Montgomery, Alabama  250 accounts compromised

09/25/2011 Two Georges’ Restaurant

a retail business in Corpus Christi, Texas  16 accounts compromised

09/28/2011 Summit Medical Group, Emory Family Practice, Fountain City Family Physicians, Office of Dr. Kenneth Reese

a healthcare provider or servicer in Knoxville, Tennessee  750 accounts compromised

09/30/2011 First Priority Life Insurance Company, Blue Cross of Northeastern Pennsylvania, Penn Foster

a healthcare provider or servicer in Scranton, Pennsylvania  500 accounts compromised

10/10/2011 Israeli Defense Industry

including at least these three companies
   Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defense Systems

According to Cyber Engineering Services Inc. of Columbia, Maryland, (CyberESI), attackers thought to be operating out of China breached these firms between between October 10, 2011 and August 13, 2012. CyberESI tapped the hacker’s secret communications infrastructure and determined that intellectual property transferred pertained to Arrow III missiles, Unmanned Aerial Vehicles (UAVs), ballistic rockets, and more.

On 9/22/2014 Google searches for each company name using a custom date range of 10/10/2011 to 8/13/2012 and the word “breach” found nothing except one company had breached a financial covenant. It appears that the breaches didn’t make the news anyplace Google indexes. The information was revealed by security researcher Brian Krebs (KrebsonSecurity) in an article on 7/28/2014, more than two years after the breach.

In that article he reported:

Neither Elisra nor Rafael responded to requests for comment about the apparent security breaches. A spokesperson for Israel Aerospace Industries brushed off CyberESI’s finding, calling it “old news.” When pressed to provide links to any media coverage of such a breach, IAI was unable to locate or point to specific stories. The company declined to say whether it had alerted any of its U.S. industry partners about the breach, and it refused to answer any direct questions regarding the incident.

“At the time, the issue was treated as required by the applicable rules and procedures,” IAI Spokeswoman Eliana Fishler wrote in an email to KrebsOnSecurity. “The information was reported to the appropriate authorities. IAI undertook corrective actions in order to prevent such incidents in the future.”

Drissel said many of the documents that were stolen from the defense contractors are designated with markings indicating that their access and sharing is restricted by International Traffic in Arms Regulations (ITAR) — U.S. State Department controls that regulate the defense industry. For example, Drissel said, among the data that hackers stole from IAI is a 900-page document that provides detailed schematics and specifications for the Arrow 3 missile.

“Most of the technology in the Arrow 3 wasn’t designed by Israel, but by Boeing and other U.S. defense contractors,” Drissel said. “We transferred this technology to them, and they coughed it all up. In the process, they essentially gave up a bunch of stuff that’s probably being used in our systems as well.” [ highlighting theirs -ed ]

This policy of keeping quiet isn’t quite serving the best needs of cyber security. Keeping quiet after patching your own security leak may be closing the barn after the horse has departed and allowing your neighbor’s horse to take an unintended trip.

In July 2014 Richard Danzig, a former Secretary of the Navy, wrote Surviving on a Diet of Poisoned Fruit: Reducing the National Security Risks of America’s Cyber Dependencies (64 page PDF) with insights about how to improve policymaking on U.S. national security policymaking to address cyber insecurity. He examines existing information technology security weaknesses and provides nine specific recommendations for the U.S. government and others to cope with these insecurities. The table of contents alone and these quotes are just the beginning for an interesting read.

III. Why Information Systems Are Vulnerable

This quote that has proven to be quote accurate. “We are staking our future on a resource that we have not yet learned to protect.” George Tenet, Director of the Central Intelligence Agency, April 6, 1998. (from page numbered 8)
 
“Information technologies offer a Faustian bargain: The capabilities that make these systems attractive make them risky.” (from page numbered 9)
 
“One of the rewards, but one of the risks, of present information systems is that they tear down gates and eliminate gatekeepers.” (from page numbered 10)
 
“Verizon calculates that in two out of three cases of data breach, the loss took “months or more to discover.” Similarly, in 7 out of 10 cases victims only learned about their loss from third parties. (from page numbered 11) [ highlighting ours -ed ]

 
IV. Cyberdefense and Its Limits

“The deficiencies in the existing methods of cyberdefense have been increasingly exposed as state-sponsored and state-run attacks have become more frequent and use more sophisticated and extensive resources.” (from page numbered 14)

 
V. Three Other Causes of Cyber Insecurity

“Cyberspace is adversarial, contested and crowded territory. Our adversaries (criminals, malevolent groups, numerous opposing states) co-evolve with us.” (from page numbered 17)
 
“The Internet, a complex emergent communication system that has never been “a static thing,” grew from some 16 million users in 1995, to 880 million in 2005, to 2.7 billion in the spring of 2013. Its communicative capability has penetrated financial, military, industrial and social systems, increasing their cyber dependency at an unprecedented rate.” (from page numbered 18)

 
VI. Creating a Minimal Shared Cybersecurity

“The United States cannot allow the insecurity of our cyber systems to reach a point where weaknesses in those systems would likely render the United States unwilling to make a decision or unable to act on a decision fundamental to our national security.” (from page number 20)
 
“The federal bureaucratic organism is strongly muscular on one side (its military and intelligence functions) and malformed and malnourished on the other (its civilian side). Accordingly, it should be no surprise that it walks with a limp and often stumbles.” (from page numbered 33)
 
“Facing this technological flood, it feels as though the United States is working ever faster to plug holes in its dikes. Since the odds are against this response, it is tempting to try to drain the ocean. But the problems posed by these technologies cannot be addressed by adopting Luddite positions. Pondering a mid-20th century antecedent of this class – nuclear weapons – the physicist Freeman Dyson observed that once we develop them, along with their blessings we are cursed by having them forever. Nor can the United States deal with these challenges simply by associating them with a particular adversary. The weapons they provide can be used by anyone for any purpose.” (from page numbered 36)

The paper was published by Center for a New American Security (CNAS), a 501(c)3 non-profit organization with the mission to develop strong, pragmatic and principled national security and defense policies. The report is available in PDF, Kindle and Tablet formats from here.

10/11/2011 Indiana University School of Optometry

a healthcare provider or servicer in Bloomington, Indiana  757 accounts compromised

10/11/2011 St. Joseph Medical Center, Baxter, Baker, Sidle, Conn & Jones

a business other than retail in Towson, Maryland  161 accounts compromised

10/12/2011 United Healthcare Inc., Futurity First Insurance Group

a healthcare provider or servicer in Minnetonka, Minnesota  7,602 accounts compromised

10/13/2011 Texas Health and Human Services

State Government in Austin, Texas  1,696 accounts compromised

10/14/2011 Health Research Institute, Inc., Pfeiffer Treatment Center

a healthcare provider or servicer in , Illinois  2,000 accounts compromised

10/14/2011 Scott County Memorial Hospital

a healthcare provider or servicer in Scottsburg, Indiana  2,059 accounts compromised

10/14/2011 NEA Baptist Clinic

a healthcare provider or servicer in Jonesboro, Arkansas  3,116 accounts compromised

10/14/2011 Freda J. Bowman MD, PA

a healthcare provider or servicer in Texas  1,300 accounts compromised

10/14/2011 Diversified Resources Inc.

a business other than retail in Waycross, Georgia  863 accounts compromised

10/15/2011 San Antonio Independent School District (SAISD)

Government in San Antonio, Texas  70 accounts compromised

10/19/2011 Iowa Correctional Institute for Women

State Government in Mitchellville, Iowa  48 accounts compromised

10/20/2011 College of the Holy Cross

an educational institution in Worcester, Massachusetts  493 accounts compromised

10/23/2011 Onehitplay.com

a business other than retail in Brea, California  1,008 accounts compromised

10/24/2011 Pan American Games

a retail business  1,400 accounts compromised

10/27/2011 Ocala Police Department

City Government in Ocala, Florida  149 accounts compromised

10/27/2011 US Department of Education

Federal Government in Washington, DC   5,000 accounts compromised

10/28/2011 Mama’s Boy Italian Ristorante

a retail business in Durango, Colorado  100 accounts compromised

10/28/2011 Muir Orthopaedic Specialists

a healthcare provider or servicer in Oakland, California  1,800 accounts compromised

10/28/2011 Henry Ford Health System

a healthcare provider or servicer in Troy, Michigan  520 accounts compromised

11/01/2011 High Point Regional Health System, Premier Imaging LLC

a healthcare provider or servicer in High Point, North Carolina  47 accounts compromised

11/02/2011 Aaron’s

a retail business in Fresno, California  1,008 accounts compromised

11/02/2011 MetroLux, Metropolitan Theatres

a business other than retail in Loveland, Colorado  1,180 accounts compromised

11/02/2011 Maloney Properties, Inc.

a business other than retail in Wellesley, Massachusetts  621 accounts compromised

11/02/2011 Avia Dental Plan, Inc.

a Non-Governmental Organization (includes non-profits) in Wheeling, West Virginia  2,500 accounts compromised

11/03/2011 Top of the Line Marketing

a business other than retail in Rockville, Maryland  1,200 accounts compromised

11/03/2011 Kunz Opera House

a healthcare provider or servicer in Pinckneyville, Illinois  4,200 accounts compromised

11/04/2011 Thomas Jefferson University Hospitals

a healthcare provider or servicer in Philadelphia, Pennsylvania  3,150 accounts compromised

11/04/2011 Amsterdam Hospitality Group

a business other than retail in New York, New York  237 accounts compromised

11/04/2011 www.podiatry.com, PRESENT e-Learning Systems

a business other than retail in Boca Raton, Florida  382 accounts compromised

11/05/2011 St. Joseph Medical Center

a healthcare provider or servicer in Twoson, Maryland  5,000 accounts compromised

11/06/2011 Sam’s Club

a retail business in Apple Valley, Minnesota  98 accounts compromised

11/06/2011 Jackson Hewitt

a Financial or Insurance Services firm in San Francisco, California  100 accounts compromised

11/08/2011 IQCR

a business other than retail in Rock Hill, South Carolina  100 accounts compromised

11/09/2011 Columbia-St. Mary’s Ozaukee Hospital

a healthcare provider or servicer in Mequon, Wisconsin  30 accounts compromised

11/09/2011 Behavioral Health Services of Pickens County

a healthcare provider or servicer in Pickens, South Carolina  200 accounts compromised

11/09/2011 Habitat for Humanity Delaware County ReStore

a Non-Governmental Organization (includes non-profits) in Delaware, Ohio  444 accounts compromised

11/09/2011 ValueOptions, National Elevator Industry

a business other than retail in Newtown Square, Pennsylvania  7,019 accounts compromised

11/10/2011 TRC

TRC Operating Company, Inc. is an oil production firm based in Taft, California
One account was exposed during a cyberheist that moved $3.5M to Ukraine.
See Who Loses for what happened then.

11/10/2011 Wakulla County School Board

an educational institution in Crawfordville, Florida  2,400 accounts compromised

11/12/2011 United States Postal Service (USPS)

Federal Government in Washington, District Of Columbia  5,400 accounts compromised

11/14/2011 Smokers Choice

a retail business in New York, New York  200 accounts compromised

11/14/2011 Santa Clara University

an educational institution in Santa Clara, California  60 accounts compromised

11/15/2011 The Public School Employees’ Retirement System

Government in Harrisburg, Pennsylvania  2,000 accounts compromised

11/16/2011 McDonald’s

a retail business in Oak Park, Michigan  100 accounts compromised

11/17/2011 Medcenter One

a healthcare provider or servicer in Bismarck, North Dakota  650 accounts compromised

11/18/2011 Smith and Wollensky, Capital Grille, Wolfgang’s Steakhouse, JoJo, Morton’s, The Bicycle Club

retail businesses in New York, New York  50 accounts compromised

11/18/2011 Parkland Memorial Hospital

a healthcare provider or servicer in Dallas, Texas  232 accounts compromised

11/18/2011 Honolulu Asia-Pacific Economic Cooperation (APEC), East West Center

a business other than retail in Honolulu, Hawaii  40 accounts compromised

11/18/2011 McDonald’s

a retail business in Olympia, Washington  16 accounts compromised

11/20/2011 Morris Heights Health Center

a healthcare provider or servicer in New York, New York  927 accounts compromised

11/23/2011 Sitka Wellness Center, EMR4Doctors.com

a healthcare provider or servicer in Sitka, Alaska  566 accounts compromised

11/23/2011 University of Kentucky HealthCare

a healthcare provider or servicer in Lexington, Kentucky  878 accounts compromised

11/27/2011 Cabarjal Realty, Inc.

a business other than retail in Waco, Texas  625 accounts compromised

11/28/2011 Jewish Community Services of South Florida

a Non-Governmental Organization (includes non-profits) in Miami, Florida  30 accounts compromised

11/29/2011 University of California Riverside (UCR)

an educational institution in Riverside, California  5,000 accounts compromised

12/03/2011 State of Tennessee Sponsored Group Health Plan

State Government in Nashville, TN   1,770 accounts compromised

12/03/2011 Pulaski County Special School District

State Government in Little Rock, Arkansas  1,100 accounts compromised

12/06/2011 Massachusetts eHealth Collaborative

a business other than retail in Waltham, Massachusetts  222 accounts compromised

12/07/2011 Veterans Administration Medical Center

a healthcare provider or servicer in Miami, Florida  22 accounts compromised

12/07/2011 Jeanne D’Arc Credit Union

a Financial or Insurance Services firm in Lowell, Massachusetts  327 accounts compromised

12/08/2011 Los Angeles Police Department (LAPD)

City Government in Los Angeles, California  24 accounts compromised

12/09/2011 Centro de Ortodancia

a healthcare provider or servicer in Aguadilla, Puerto Rico  2,000 accounts compromised

12/09/2011 Julie A. Kennedy, D.M.D.

a healthcare provider or servicer in West Palm Beach, Florida  2,900 accounts compromised

12/09/2011 InStep Foot Clinic

a healthcare provider or servicer in Edina, Minnesota  2,600 accounts compromised

12/09/2011 Amerigroup Community Care of New Mexico, Inc.

a healthcare provider or servicer in Albuquerque, New Mexico  1,537 accounts compromised

12/09/2011 Stone Oak Urgent Care and Family Practice

a healthcare provider or servicer in San Antonio, Texas   3,079 accounts compromised

12/09/2011 Capron Rescue Squad District

a healthcare provider or servicer in Capron, Illinois  815 accounts compromised

12/09/2011 Knox Community Hospital

a healthcare provider or servicer in Mount Vernon, Ohio  500 accounts compromised

12/09/2011 Health Care Service Corporation (HCSC)

a healthcare provider or servicer in Chicago, Illinois  501 accounts compromised

12/09/2011 Silverpop Systems, Inc. Health and Welfare Plan

a healthcare provider or servicer in Atlanta, Georgia  884 accounts compromised

12/09/2011 Conway Regional Medical Center

a healthcare provider or servicer in Conway, Arizona  1,472 accounts compromised

12/09/2011 Gail Gillespie and Associates, LLC

a healthcare provider or servicer in Texas  2,334 accounts compromised

12/09/2011 Stone Oak Urgent Care and Family Practice

a healthcare provider or servicer in San Antonio, Texas  3,079 accounts compromised

12/10/2011 Office of Gene S. J. Liaw, MD.

a healthcare provider or servicer in Seattle, Washington  1,105 accounts compromised

12/11/2011 Coalition of Law Enforcement and Retail (CLEAR)

a Non-Governmental Organization (includes non-profits) in Deerfield Beach, Florida  2,400 accounts compromised

12/12/2011 Metabasis Therapeutics

a business other than retail in La Jolla, California  90 accounts compromised

12/12/2011 Florida Family Association (FFA)

a Non-Governmental Organization (includes non-profits) in Florida  22 accounts compromised

12/15/2011 Jefferson County Public Schools

an educational institution in Louisville, Kentucky  6,500 accounts compromised

12/16/2011 Peoples Gas, North Shore

a business other than retail in Chicago, Illinois  100 accounts compromised

12/20/2011 University of Mississippi Medical Center and Mississippi State Department of Health

a healthcare provider or servicer in Jackson, Mississippi  1,475 accounts compromised

12/21/2011 St. Charles Bend and Redmond

a healthcare provider or servicer in Bend, Oregon  140 accounts compromised

12/22/2011 Department of Human Services (DHS) Gateway Center

Government in Springfield, Oregon  3,000 accounts compromised

12/23/2011 Provo School District

City Government in Provo, Utah  3,200 accounts compromised

12/23/2011 Virginia Department of General Services

State Government in Richmond, Virginia  639 accounts compromised

12/28/2011 Aegis Science Corporation

a business other than retail in Atlanta, Georgia  2,184 accounts compromised

12/28/2011 Guide Publishing Group, GuideYou.com

a business other than retail in San Francisco, California  11 accounts compromised

12/28/2011 Loma Linda Medical University

a healthcare provider or servicer in Loma Linda, California  1,336 accounts compromised

12/30/2011 United Airlines

a business other than retail in Chicago, Illinois  20 accounts compromised

 
 

In addition to sources cited above the Chronology of Data Base Breaches maintained by the Privacy Rights Clearinghouse was used. Their website is a valuable resource for those seeking information on basic privacy, identity theft, medical privacy and much more. They are highly recommended.

 
 

View the 2011 summary
Return to References page
Return to Year links page

Links above were active at the time they were gathered.