GRC Certification GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
GRC Certification
Request PDF Excel

ISO 27001 Integration with PCI Compliance research paper


 2014 Security Breach Matrix - For Educational Purposes Only
  
Request PDF Excel
GRC Certification
PUBLIC NOTIFIED ON
ORGANIZATION AND LOCATION
TYPE OF BREACH
NUMBER OF PERSONALLY IDENTIFIABLE INFORMATION (PII) POTENTIALLY EXPOSED
REGULATORY IMPACT
ISO/IEC 27001 MITIGATING CONTROLS
December 31, 2014 PHP B2B User accounts with user names, email addresses, and encrypted passwords dumped on the internet 128 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 31, 2014 PHP B2B User accounts with user names, email addresses, and encrypted passwords dumped on the internet 128 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 31, 2014 HostPapa, Inc. User accounts with user names and clear text passwords dumped on the internet 1,563 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 30, 2014 OneStopParking LLC An unknown amount of customer credit and debit card information possibly stolen by hackers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 30, 2014 CFA Properties, Inc. (Chick-fil-A, Inc.) An unknown amount of customer credit and debit card information possibly stolen by hackers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 30, 2014 BobrGames.com Ltd Email addresses and clear text passwords dumped on the internet 68 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 27, 2014 Classical Singer, Inc. User accounts with email addresses and clear text passwords dumped on the internet 68,962 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 26, 2014 Independence Blue Cross, AmeriHealth New Jersey PII, health care plans contained in four boxes of records disposed of by maintenance workers 12,500 California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
December 26, 2014 Physicians Skin and Weight Centers PII, credit card and bank account numbers held on password-protected laptop and hard drive stolen from employee vehicle Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
December 25, 2014 Mabua Harley-Davidson Email addresses and clear text passwords dumped on the internet 72 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 23, 2014 Unknown Organization, LEAPlab, Sitesearch Corp. PII, banking details, and employer names sold to identity theft services 2,200,000 California SB-1386 & other State derivatives A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
December 22, 2014 South Western School District An undisclosed number of Social Security numbers held in student database accessed by hackers Unknown California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 22, 2014 Visa Handling Services (Belgium) User accounts with user names and clear text passwords dumped on the internet 81 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 22, 2014 Visa Handling Services (France) User accounts with user names and clear text passwords dumped on the internet 755 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 22, 2014 Visa Handling Services (Austria) User accounts with user names and clear text passwords dumped on the internet 59 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 22, 2014 Invisa Fiduciary Services (Denmark) User accounts with user names and clear text passwords dumped on the internet 26 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 22, 2014 Invisa Logistic Services (USA) User accounts with user names and clear text passwords dumped on the internet 5 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 22, 2014 Visa Handling Services (Czech Republic) User accounts with user names and clear text passwords dumped on the internet 30 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 22, 2014 Visa Handling Services (Portugal) User accounts with user names and clear text passwords dumped on the internet 30 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 22, 2014 Visa Handling Services (Switzerland) User accounts with user names and clear text passwords dumped on the internet 76 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 22, 2014 Visa Handling Services (Germany) User accounts with user names and clear text passwords dumped on the internet 84 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 22, 2014 DutchWear An undisclosed number of customer names, addresses, phone numbers, and credit card details stolen by a hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 22, 2014 Shanquie Morris LPN An unknown amount of banking and credit card information stolen by a home health aide and used to commit fraud Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
December 19, 2014 Northwestern Memorial Hospital, Norhtwestern Lake Forest Hospital, Northwestern Medical Group Patient PII and medical details held on unencrypted laptop stolen from an employee vehicle 2,800 California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
December 24, 2014 Unknown Organization, U.S. Department of Veterans Affairs PII and patient identification numbers exposed due to a security flaw in a database managed by a home telehealth services vendor 7,054 California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 18, 2014 Unknown Organization, U.S. Office of Personnel Management, KeyPoint Government Solutions, Inc. Personal details of undisclosed type belonging to federal workers possibly exposed by hackers 48,439 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 17, 2014 NVIDIA Corporation Over 500 employee usernames and passwords possibly accessed by hackers 500 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 16, 2014 Park N Fly An unknown number of customer names, addresses, phone numbers, passwords, and full credit card details possibly stolen by hackers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 16, 2014 Sex Suchmaschine (Sex Search Engine) Email addresses and clear text passwords dumped on the internet 2,263 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 16, 2014 Fulton County Superior Court An unknown number of names and Social Security numbers stolen by an employee and used to file fraudulent tax returns Unknown California SB-1386 & other State derivatives A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
December 16, 2014 ICANN (The Internet Corporation for Assigned Names and Numbers) PII stored as salted cryptographic hashes accessed by hackers following spear phishing attack on employees Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 15, 2014 Amedisys Patient names, identification numbers, and medical details held on unshredded documents found along side of road 17 California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
December 15, 2014 Clay County Hospital Patient PII stolen and emailed to the hospital in an extortion attempt 12,621 California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 15, 2014 Virginia Commonwealth University Medical Center Patient PII, medical record numbers, clinical and insurance details held on compact discs donated for children's art projects Unknown California SB-1386 & other State derivatives, FERPA and HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
December 15, 2014 University of California Berkeley PII and 300 credit card numbers held on servers compromised by hackers 1,600 California SB-1386 & other State derivatives, FERPA, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 15, 2014 MetroPlus PII held in an email sent by an employee to their personal email account 31,980 California SB-1386 & other State derivatives A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
December 12, 2014 Family Central, Inc., Early Learning Coalition of Palm Beach County Personal details held in database accessed by unauthorized employee 177 California SB-1386 & other State derivatives A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
December 12, 2014 Tobasco Pii, bank account numbers and other personal details stolen and published online by hackers known as Rex Mundi 2,800 California SB-1386 & other State derivatives, GLBA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 11, 2014 EMCOR Group, Inc An undisclosed number of names, addresses, dates of birth, Social Security numbers and other personal details held on stolen laptop unknown  California SB-1386 & other State derivatives A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
December 11, 2014 DataPark, St. Louis Parking Company An unknown amount of customer debit and credit card information stolen by hackers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 10, 2014 Point Loma Nazarene University PII, credit card details, user names and passwords compromised by unauthorized access to employee email accounts unknown  California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 10, 2014 Lakewood Ranch Medical Center 20 names and credit card numbers stolen and used to make fraudulent purchases 20 California SB-1386 & other State derivatives, HIPAA Security, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 09, 2014 Charge Anywhere Customer names and credit card numbers with expiration dates and verification codes stolen by hackers employing malware Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 08, 2014 University of Oklahoma Health Sciences Center An unknown number of student names, addresses, dates of birth, and Social Security numbers possibly accessed by hackers Unknown California SB-1386 & other State derivatives, HIPAA Security, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 06, 2014 WellCare, AdminisTEP PII held on letters mailed to unauthorized members due to third-party coding error 4,469 California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 04, 2014 Bebe Stores Inc Customer debit and credit card information stolen by malware planted on the company's point of sale system by hackers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
December 02, 2014 American Residuals and Talent Inc. (ART Payroll), Screen Actors Guild - American Federation of Television and Radio Artists (SAG-AFTRA) PII, including user IDs, and passwords possibly accessed by hackers Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 30, 2014 Unknown Organization, New Beginning Names, addresses, financial details, and numbers of children per household accidentally sent to a third party business 1,500 California SB-1386 & other State derivatives A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
November 28, 2014 Unknown Organization, SP Plus An unknown number of names, credit card numbers,stolen in a compromise of the payment system. Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 28, 2014 University Hospitals Patient PII, medical details, and debit or credit card numbers stolen by an employee 692 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
November 27, 2014 Lakeridge Health Patient medical records inappropriately accessed by staff members 578 California SB-1386 & other State derivatives, HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
November 26, 2014 Traditionalist American Knights of the Ku Klux Klan An unknown number of member PII, credit card numbers, banking details released by Anonymous Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 26, 2014 Simms Fishing Products LLC An unknown number of customer names, addresses, and credit or debit card details stolen by hackers employing malware Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 26, 2014 Godiva Chocolatier, Inc. An unknown number of employee PII and medical details stored on unencrypted, password-protected laptop stolen from a rental car Unknown California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
November 26, 2014 True Vision An unknown number of patient names and spectacle lens orders held on stolen laptop Unknown California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
November 26, 2014 Baptist Health Primary Care Patient names, dates of birth, and Social Security numbers stolen by an employee and used to commit identity theft 13 California SB-1386 & other State derivatives, HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
November 26, 2014 Vancouver Island Health Authority Patient names and medical details held in electronic files accessed without authorization by two employees 112 Canada PIPA & PIPEDA A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
November 25, 2014 California State Compensation Insurance Fund, Lucy Gomez Blanking Interpreting Inc An unknown number of PII compensation claim numbers stolen during a server breach Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 25, 2014 Canada Revenue Agency Hundreds of celebrity names, addresses, and tax details contained in spreadsheet accidentally provided to a reporter Unknown Canada PIPA & PIPEDA A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
November 25, 2014 CTF365 User accounts with email addresses and clear text passwords dumped on the internet 20,544 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 24, 2014 Sony Pictures, Deloitte & Touche An undetermined amount of data including PII, health savings account details, company financial records, and unreleased films stolen by hackers Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 22, 2014 Blackberry An unknown number of company names, Client Access License details, and bank keys exposed to other users Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions                
November 21, 2014 AXA Wealth An unknown number of client names, addresses, account numbers, and financial details emailed to the wrong recipient Unknown California SB-1386 & other State derivatives, GLBA A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training A.13.2.3 - Electronic Messaging
November 21, 2014 Northfield Hospital & Clinics Patient PII, credit card numbers, and medical details held on documents discarded in unsecured dumpster 1,778 California SB-1386 & other State derivatives, HIPAA Security, PCI/Visa CISP A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
November 21, 2014 Prince George's County Public Schools Employee PII accidentally included in a report that was emailed outside of the school system 10,400 California SB-1386 & other State derivatives, FERPA A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training A.13.2.3 - Electronic Messaging
November 21, 2014 Regional Transportation District An unknown number of customer debit and credit card details captured by skimming device Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 21, 2014 Malwarebytes Corporation An unknown number of forum passwords accessed by hackers expoliting a server vulnerability Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 19, 2014 TD Bank An unknown amount of client banking information stolen by employee who left to work for a competitor Unknown California SB-1386 & other State derivatives, GLBA A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
November 19, 2014 Unknown Organization, Goldman Sachs & Co., Federal Reserve Bank of New York An unknown amount of financial information provided to a former employee for use at another firm Unknown California SB-1386 & other State derivatives, GLBA A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
November 17, 2014 Brigham And Women's Hospital Patient names, ages, and medical details held on a laptop and cell phone stolen from a physician in an armed robbery 999 California SB-1386 & other State derivatives, HIPAA Security A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
November 14, 2014 Unknown Organization An unknown amount of credit card information stolen by man using a skimming device Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 13, 2014 Unknown Organization Name, email addresses, usernames, and clear text passwords dumped on the internet 50 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 12, 2014 Health Service Executive Unknown number of names, addresses, phone numbers, and other personal details held on laptop stolen from employee's vehicle Unknown California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
November 12, 2014 HSBC Bank A.S, Turkey Customer names, debit or credit card numbers with expiration dates, and linked account numbers stolen by hackers 2,700,000 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 11, 2014 The Eastern Iowa Airport An unknown amount of customer debit and credit card information stolen by hackers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 11, 2014 Waitemata District Health Board North Shore Hospital Names, ages, national health insurance numbers and private medical details held on documents found in residential driveway 11 California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
November 10, 2014 United States Postal Service Employee and retiree PII as well as customer names, addresses, phone numbers, and email addresses stolen by hackers 3,650,000 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 10, 2014 Visionworks of America, Inc. Partially unencrypted patient health details and an unknown amount of encrypted credit card information held on database server accidentally sent to a local landfill 75,000 California SB-1386 & other State derivatives, HIPAA Security, PCI/Visa CISP A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
November 10, 2014 Unknown Organization An unknown amount and type of protected information stolen from executives traveling through Asia by hotel Wi-Fi networks infected with DarkHotel spying software Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 10, 2014 Bilkent University Staff accounts with names, email addresses and clear text passwords dumped on the internet 2,226 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 09, 2014 United Nations Development Programme User accounts with email addresses and clear text passwords dumped on the internet Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 08, 2014 Bhajanawali User accounts with user names and clear text passwords dumped on the internet 644 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 08, 2014 Greater Fort Lauderdale Chamber of Commerce Names, addresses, phone numbers, email addresses, usernames, and encrypted passwords dumped on the internet 817 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 07, 2014 CareOne Employee PII stolen by an employee and used to commit fraud Unknown California SB-1386 & other State derivatives, HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
November 07, 2014 Tiger Safari Inc Partial credit card details with card numbers, security codes and pins dumped on the internet 42 California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 07, 2014 Grand Casino Mille Lacs An unknown amount of customer debit and credit card information stolen by hackers 1,600 California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 07, 2014 United States Department of Health and Human Services Medical information and other PII of those seeking assistance with substance abuse, mental health, and HIV testing possibly exposed due to lack of encryption on federal websites Unknown California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 08, 2014 Texas Health and Human Services, Xerox Corporation PII and medical details held in digital and hard-copy files retained by former vendor 2,000,000 California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
November 07, 2014 Central Dermatology Center Patient PII held on internet server compromised by hackers employing malware 76,258 California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 10, 2014 Bon Secours Health System Kentucky Patient PII held in billing database accessed with a former employee's login credentials 697 California SB-1386 & other State derivatives, HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
November 04, 2014 Whitehouse Independent School District PII held on documents kept in stolen trailer  Unknown California SB-1386 & other State derivatives, FERPA A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
November 04, 2014 Cornerstone and Company, LLC Consumer PII, debit or credit card details contained in unencrypted spreadsheet posted to publicly accessible website 46,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 04, 2014 Bayview Solutions LLC Consumer PII, bank account numbers, debit or credit card details in unencrypted spreadsheet posted to publicly accessible website 28,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 04, 2014 Taco Bell Corp. Customer names and credit or debit card numbers with expiration dates stolen by hacker employing malware Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 03, 2014 Jessie Trice Community Health Center Patient names, dates of birth, and Social Security numbers stolen by members of an identity theft ring  7,888 California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
November 03, 2014 Mattress Firm, Inc. PII and credit card details held on documents thrown away in unsecured dumpster  Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
November 03, 2014 Dr. Huyen Nguyen M.D. and Dr. Orlando Kypuros, M.D. PII and medical details held on unshredded documents thrown in dumpster by employee  Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
November 03, 2014 Fifth Third Bank An unknown number of customer names and account details stolen by an employee and used to commit fraud Unknown California SB-1386 & other State derivatives, GLBA A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
November 01, 2014 Meade School District PII held in electronic transcripts inadvertantly made accessible to network users  Unknown California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 31, 2014 Harvard Medical School Mysql accounts with user names and clear text passwords and encrypted passwords dumped on the internet 23 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 31, 2014 Murrurundi NSW Local Community User accounts with user names, email addresses and clear text passwords dumped on the internet 2,444 Australian Privacy Act 1988 A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 31, 2014 Freeborn County Sheriff's Office Information regarding open investigations possibly accessed without authorization and disseminated to the public Unknown California SB-1386 & other State derivatives A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
October 31, 2014 McDonalds An unknown amount of customer debit and credit card information stolen by employee using a hand-held skimming device Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
October 30, 2014 Cohen College Prep High School Social Security numbers, and other personal details of undisclosed type collected in job recruitment scam 40 California SB-1386 & other State derivatives, FERPA A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
October 30, 2014 Extended Stay America Customer names, credit card numbers, and other personal details of undisclosed type held in file stolen from storage room 100 California SB-1386 & other State derivatives, PCI/Visa CISP A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
October 30, 2014 Kelly Elementary School PII accessed by unauthorized student on school computer  1,300 California SB-1386 & other State derivatives, FERPA A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
October 28, 2014 Razorline User accounts with user names, email addresses and clear text passwords dumped on the internet 11 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 28, 2014 Woodland Furniture Customer PII held on credit applications stolen by shop owner and used to commit fraud 13 California SB-1386 & other State derivatives, PCI/Visa CISP A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
October 27, 2014 Capital One Customer names, account numbers, and Social Security numbers accessed without authorization by an employee Unknown California SB-1386 & other State derivatives A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
October 26, 2014 Unknown Organization Unknown user accounts with user email addresses and clear text passwords dumped on the internet 1,000 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 25, 2014 Unknown Organization Unknown user accounts with email addresses and clear text passwords dumped on the internet 548 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 25, 2014 Unknown Organization Unknown user accounts with email addresses and clear text passwords dumped on the internet 26,395 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 25, 2014 Unknown Organization Unknown user accounts with user names, email addresses and clear text passwords dumped on the internet 284 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 25, 2014 Unknown Organization User names and clear text passwords dumped on the internet 9,411 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 25, 2014 Unknown Organization User names and clear text passwords dumped on the internet 39,580 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 23, 2014 Breyer Animal Creations, Reeves International, Inc. PII and credit or debit card details stolen by hackers employing malware Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 22, 2014 Backcountry Gear An unknown amount of customer credit card information stolen by hackers employing malware Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 22, 2014 Pandora TV Inc Usernames and clear text passwords dumped on the internet 112 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 22, 2014 Unknown Organization, Indian Health Service Patient names, Social Security numbers, and medical details inappropriately accessed by a contract physician 1,720 California SB-1386 & other State derivatives, HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
October 22, 2014 New York Police Department (NYPD) Criminal histories and oher PII stolen by an officer and supplied to a private investigator Unknown California SB-1386 & other State derivatives A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
October 22, 2014 Unknown Organization Unknown user accounts with email addresses and clear text passwords dumped on the internet 1,770 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 21, 2014 Unknown Organization Unknown user accounts with user names, email addresses and clear text passwords dumped on the internet 126 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 21, 2014 Tenet Healthcare Corporation, Jo Ellen Smith Psychiatric Center Patient names and diagnoses, as well as treatment, medication, and financial details held on records discarded in a parking lot 5,649 California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
October 21, 2014 NeedMyTanscript.com PII exposed on publicly accessible subdirectory of the company's website 98,818 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 20, 2014 Satta Matka Results Guessing Accounts with mixed user names, email addresses and clear text passwords dumped on the internet 389 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 20, 2014 Graybill Medical Group Patient PII and medical provider details held on x-ray films accidentally placed in a dumpster 1,863 California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
October 20, 2014 Apple, Inc Email addresses, passwords, messages, photos, and personal contacts intercepted by hackers using a man in the middle attack on Chinese iCloud servers Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 20, 2014 Staples, Inc. Customer debit and credit card information possibly stolen from at least eleven stores by hackers employing malware Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 17, 2014 Recovery School District, Future Is Now Student names, Social Security numbers, and dates of birth held on two laptops sold at auction 210 California SB-1386 & other State derivatives, FERPA A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
October 17, 2014 Sourcebooks, Put Me In The Story Customer PII and credit or debit card details stolen by criminals exploiting a vulnerability in the site's shopping cart software 5,204 California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 16, 2014 Pakwatan-e-Services International User accounts with user names, email addresses and clear text passwords dumped on the internet 647 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 16, 2014 Psycho-Ontology Conference User accounts with user names, email addresses and clear text passwords dumped on the internet 2,158 California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 16,2014 Marquette University PII, transcripts, financial details, and other personal details of graduate school applicants accidentally exposed Unknown California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 15, 2014 Pandora TV Inc Customer names, dates of birth, addresses, phone numbers, usernames, email addresses, and encoded passwords stolen by hackers 7,450,000 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 15, 2014 HuHot Mongolian Grills, LLC An unknown number of customer credit and debit card details stolen by an employee using a skimmer Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
October 15, 2014 Ning Harbor Administrator accounts with user names and clear text passwords dumped on the internet 34 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 15, 2014 Unknown Organization Student usernames, email addresses and clear text passwords dumped on the internet 6,096 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 14, 2014 Wildfire Management Branch PII held on database accessed by an Estonian hacker 15,000 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 14,2014 MBIA Inc., Cutwater, New Hampshire Public Deposit Investment Pool, Louisiana Asset Management Pool (LAMP, Inc.), Texas CLASS, Connecticut CLASS, Town of Richmond Customer account numbers and balances exposed by a poorly configured server Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 13, 2014 Unknown Organization, DropBox Usernames and passwords leaked online and hackers threatening release of personal photos, videos, and other files 6,937 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 12, 2014 Nature's Plus User accounts with user names and clear text passwords dumped on the internet 56 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 11,2014 National Academy of Customs Excise &Narcotics Data Base, India Administrator accounts with user names and clear text passwords dumped on the internet 61 The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 10,2014 WorkSource Oregon, The Oregon Employment Department (OED) Names, addresses, Social Security numbers, dates of birth, and other personal details possibly compromised by hacker 851,322 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 10,2014 Kmart An unknown number of customer debit and credit card numbers stolen by hackers employing malware Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 09, 2014 The Evolution Store PII and credit card details viewed by unauthorized third-party using stolen credentials Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 09, 2014 AM Retail Group G.H. Bass & Co. Unknown number of names, credit card numbers, personal identification numbers, and email addresses stolen by an unauthorized data capture device affixed to a cash register Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
October 09,2014 American Dairy Queen Corporation, Unknown Organization, O.J. of Am. (Orange Julius of America) Customer names and credit or debit card numbers with expiration dates stolen by hackers employing the malware known as Backoff Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 09,2014 North Dakota State College of Science Student and employee names, addresses, and Social Security numbers held on computers infected with malware 15,000 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 07,2014 UC Davis Medical Center Patient PII and medical details held in a physician email account accessed by an unknown source 1,326 California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training A.13.2.3 - Electronic Messaging
October 07,2014 Alberta Health Services, Alberta Children & Hospital Foundation Patient names, dates of birth, phone numbers, emergency contact details, and medical histories inappropriately accessed by a staff member 247 Canada PIPA & PIPEDA A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
October 06, 2014 Community Technology Alliance Names and Social Security numbers held on unencrypted laptop stolen from parked vehicle 1,177 California SB-1386 & other State derivatives A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
October 04, 2014 South Staffordshire Housing Association PII financial and medical details in email messages accidentally made available online 3,500 California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training A.13.2.3 - Electronic Messaging
October 03, 2014 Unknown Organization, UIL Holdings Corporation Private and personal identifying information held on laptop stolen from third-party vendor Unknown California SB-1386 & other State derivatives A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
October 02,2014 N.C. Dept. of Environment and Natural Resources User accounts and administrator accounts with PII and mixed clear text and encrypted passwords dumped on the internet 2,799 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 02,2014 Alabama Department of Public Health, Alabama Department of Human Resources An undisclosed amount and type of personal information stolen by an employee and her accomplices for purposes of identity theft Unknown California SB-1386 & other State derivatives A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
October 01,2014 AT&T Customer PII and their Customer Proprietary Network Information (CPNI) accessed by an employee without authorization 1,600 California SB-1386 & other State derivatives A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
October 01,2014 Fort Hays State University Social Security numbers and other personal details of former students accidentally exposed online 138 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
October 01,2014 Provo City School District PII compromised after phishing attack on a staff member's email account Unknown California SB-1386 & other State derivatives, FERPA A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
September 30, 2014 Lincoln Prairie School An undisclosed number of student names, addresses, phone numbers, genders, and dates of birth held in stolen backpack Unknown California SB-1386 & other State derivatives, FERPA A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
September 29, 2014 Albertsons, SuperValu, Inc., Cub Foods, Jewel Osco, Shaws, Star Market, Star Market, Ab Acquisition LLC, ACME Markets Inc. An unknown number of customer names and credit or debit card details possibly stolen by hackers employing malware Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
September 28, 2014 Nisa Retail Limited Staff PII and information including stores’ trading performances leaked, along with a spreadsheet containing an undisclosed number of shareholder names, addresses, phone numbers, and online passwords Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
September 26, 2014  American Family Care An unknown number of patient PII & PHI held on two unencrypted, password-protected laptops stolen from an employee vehicle Unknown California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
September 26, 2014  Girik Names, phone numbers, email addresses, usernames, and clear text passwords dumped on the internet 469 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
September 24, 2014 Japan Airlines Customer details of undisclosed type accessed by hackers 750,000 Japan Privacy Act A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
September 24, 2014  Pacific Biosciences of California, Inc. PII & PHI possibly held on unencrypted, password-protected laptop stolen from employee's home Unknown California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
September 19, 2014  Unknown Organization User accounts with mixed user names, email addresses and clear text passwords dumped on the internet 179 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
September 19, 2014  TripAdvisor LLC, Viator, Inc., PII and debit or credit card details, and encrypted passwords potentially stolen by hackers 1,440.00 California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
September 17, 2014 eBay Inc An unknown number of account usernames, email addresses, and passwords compromised by cross-site scripting exploit Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
September 16, 2014 Unknown Organization Email addresses and clear text passwords dumped on the internet 32 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
September 12, 2014 Aventura Hospital and Medical Center Patients' information stolen from desktop computer 948 California SB-1386 & other State derivatives, HIPAA Security A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
September 12, 2014 Yandy Lingerie Customer names, addresses, credit or debit card numbers, expiration dates, CVV numbers, and email addresses accessed by hackers 44,724 California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
September 12, 2014 Amazon An unknown amount and type of customer account information potentially exposed by e-books containing malicious code Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
September 12, 2014 Santa Fe Family Health Center Patients may have had their medical and banking information stolen when a burglar stole voice-recorded files from healthcare providers, as well as cash and checks that were in a safe Unknown California SB-1386 & other State derivatives, HIPAA Security A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
September 12, 2014 Williamson Medical Center, PST Services, Inc., McKesson Business Performance Services, 24 On Physicians Georgia , Midwest Orthopaedic Center PII exposed to Google search due to business associate's error 10,784 California SB-1386 & other State derivatives, HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
September 12, 2014 Tampa General Hospital Patient PII & PHI accessed by a former employee 675 California SB-1386 & other State derivatives, HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
September 11, 2014 Diamond Computing, Diatherix Laboratories, Inc Patient names, PII, PHI exposed by insecure web server 7,016 California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
September 11, 2014 George Mason University Names and Social Security numbers held on system compromised by hacker employing malware  4,400 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
September 09, 2014 Aventura Hospital and Medical Center, Valesco Ventures Patients had their names, dates of birth, and social security numbers improperly accessed by contractor's employee 82,601 California SB-1386 & other State derivatives, HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
September 09, 2014 Skattesagskommissionen, Denmark Tax information and other personal details concerning the prime minister held on laptops and USB sticks stolen during break-in Unknown EU Directive on Data Protection A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
September 09, 2014 Unknown Organization Email addresses and clear text passwords dumped on the Internet 4,929,091 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
September 09, 2014 Beef & Bradys An unknown number of customer credit and debit card numbers potentially stolen by hackers Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
September 07, 2014 K Box Entertainment Group Pte Ltd PII stolen by hackers and emailed to several media outlets 317,000 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
September 05, 2014  California State University, East Bay Names, addresses, and Social Security numbers, as well as 507 dates of birth compromised by an unknown third party 6,036 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
September 03, 2014 Bartell Hotels, Best Western Plus Island Palms Hotel & Marina, The Dana Hotel on Mission Bay , Humphreys Half Moon Inn & Suites, Pacific Terrace Hotel, Days Hotel San Diego Hotel Circle Customer names, credit and debit card numbers, and expiration dates held on system accessed by hackers 45,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
September 02, 2014 Sheplers, Inc. An unknown number of customer names and debit or credit card numbers with expiration dates stolen by hackers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
September 02, 2014 Home Depot Customer credit and debit card numbers stolen by hackers and put up for sale on the black market 56,000,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
August 27, 2014 Unknown Organization, JPMorgan Chase (Chase Bank) An unknown amount and type of bank account details and other sensitive information stolen from seven large banks by Russian hackers Uknown California SB-1386 & other State derivatives, GLBA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
August 26, 2014 American Dairy Queen Corporation An unknown amount of customer creditand debit card information stolen by hackers employing the malware known as Backoff Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
August 22, 2014 OTTO Customer credit and debit card numbers stolen by hackers employing malware 900 California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
August 22, 2014 Cedars-Sinai Medical Center PII & assorted medical details, and other personal information held on unencrypted, password-protected laptop stolen from an employee's home Uknown California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
August 22, 2014 Unknown Organization Records including names, resident registration numbers, usernames, and passwords stolen from various websites by a group of 16 hackers 220,000,000 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
August 20, 2014 The UPS Store, Inc. PII and credit or debit card details stolen by hackers employing malware Uknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
August 18, 2014 Community Health Systems Professional Services Corporation PII stolen by Chinese hackers APT 18 taking advantage of the Heartbleed bug 4,500,000 California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
August 14, 2014 Albertsons, SuperValu, Inc., Cub Foods, ACME Markets Inc., Jewel Osco, Shaws, Star Market, Farm Fresh Supermarket, Hornbachers, Shop n Save, Shoppers Food & Pharmacy, Ab Acquisition LLC An unknown amount of customer credit and debit card information compromised by hackers employing malware Uknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
August 13, 2014 Kleiner, Perkins, Caufield and Byers PII and financial account details held on two password-protected laptops stolen in an office break-in Uknown California SB-1386 & other State derivatives, GLBA A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
August 12, 2014 St. Francis College PII held on missing password-protected external hard drive Uknown California SB-1386 & other State derivatives, FERPA A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
August 12, 2014 TheNaturalOnline.com Customer names, credit or debit card details, addresses, phone numbers, passwords, and email addresses accessed by hacker Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
August 12, 2014 Fayette County PII and other information of undisclosed type exposed to third party without proper authorization Uknown California SB-1386 & other State derivatives A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
August 12, 2014 Balanced Being Fitness An unknown number of confidential client files held on stolen laptop Unknown California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
August 08, 2014 Boots Retail (Thailand) Ltd. Administrator accounts with usernames and clear text passwords dumped on the internet 12 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
August 08, 2014 Ozsports.info Assorted details including user names, email addreses and clear text passwords dumped on the Internet 13,051 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
August 08, 2014 PhDjobs online Ltd User accounts with user names, email addresses and clear text passwords dumped on the Internet 164,395 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
August 08, 2014 Gastroenterology Consultants, PA, Memorial Healthcare System Patient details stolen by an employee and sold for use in tax fraud 2,000 California SB-1386 & other State derivatives, HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
August 08, 2014 United Parcel Service (UPS), Jersey City Medical Center, Barnabas Health PII and medical details held on lost, unencrypted compact disc Uknown California SB-1386 & other State derivatives, HIPAA Security A.8.3.3 Physical media transfer
August 07, 2014 Sunil Motors User accounts with user names and clear text passwords dumped on the Internet 16 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
August 06, 2014 Department of Homeland Security, US Investigations Services, LLC (USIS) Employee details of undisclosed type possibly stolen by hackers 25,000 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
August 04, 2014 Royal Inland Hospital Foundation Patient PII and other medical information contained in two boxes of records discovered in a donated file cabinet 1,628 California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
August 01, 2014 Urological Associates of Southern Arizona Patient names, dates of birth, and service details printed on improperly disposed of specimen cup labels 3,529 California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
July 31, 2014 Jimmy John's Franchise, LLC An unknown amount of customer credit and debit card information possibly stolen Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 29, 2014 Kent Record Management Inc., Michigan State Medical Society Physician Insurance Agency, Blue Cross Blue Shield Michigan Member PII and medical information with service dates and descriptions held in two boxes misplaced by storage vendor 338 California SB-1386 & other State derivatives, HIPAA Security A.8.3.3 - Physical media transfer
July 29, 2014 National Research Council (NRC) An unknown amount and type of personal information held on system accessed by Chinese hackers Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 29, 2014 Riverside Health System, Cancer Specialists of Tidewater Patient details of undisclosed type inapropriately accessed by an employee and used to commit identity theft 2,000 California SB-1386 & other State derivatives, HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
July 29, 2014 CVS Caremark Corporation Names and medication details mailed to the wrong recipients due to a programming error 350 California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training A.13.2.3 - Electronic Messaging
July 28, 2014 Haley Chiropractic Clinic Patient PII & PHI held on three unencrypted computers stolen in a break-in 6,000 California SB-1386 & other State derivatives, HIPAA Security A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
July 28, 2014 Option Courier Services, Beverly Hospital Lab request forms with patient names, health insurance identification numbers, and an unknown number of SSNs misplaced by a courier 54 California SB-1386 & other State derivatives, HIPAA Security A.8.3.3 - Physical media transfer
July 25, 2014 Indian Health Service Patient PII and U.S. Department of Veterans Affairs enrollment information held in file folder inadvertently left in a public area 620 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
July 24, 2014 Self Regional Healthcare Patient PII, credit card details and PHIpossibly held on laptop stolen from an administrative building 38,906 California SB-1386 & other State derivatives, HIPAA Security, PCI/Visa CISP A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
July 22, 2014 Wall Street Journal, Vice PII with hashed passwords, as well as server information stolen and offered up for sale by a Russian hacker known as W0rm Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 21, 2014 Essential Travel Ltd, Think W3 Ltd Customer PII, credit and debit card numbers stolen by hacker using SQL injection 1,163,996 UK Data Protection Act & EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 21, 2014 Goodwill Industries International Inc An unknown amount of customer credit and debit card information possibly stolen by hackers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 18, 2014 CatchOfTheDay.com.au Pty Ltd Credit card details, hashed passwords, and other customer information stolen by hackers Unknown Australian Privacy Act 1988 A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 17, 2014 Seattle University An undisclosed number of donor names and banking details exposed due to incorrect permission setting Unknown California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 16, 2014 Great Yarmouth Town Centre Partnership User accounts with user names and clear text passwords dumped on the Internet 191 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 15, 2014 Douglas County School District Employee PII, bank account details held on password protected laptop stolen from an employee's home 7,000 California SB-1386 & other State derivatives, FERPA A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
July 15, 2014 County of Summit Sensitive information regarding ongoing court cases held on laptop and flash drive stolen from a court reporter's office Unknown California SB-1386 & other State derivatives A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
July 15, 2014 Information Commissioner's Office, UK An undisclosed amount and type of information involved in an internal data security incident Unknown UK Data Protection Act & EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 15, 2014 TotalBank Bank customers' PII  accessed in network hack 72,500 California SB-1386 & other State derivatives, GLBA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 14, 2014 Viking Electronics, Inc. User names and clear text passwords dumped on the Internet 235 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 11, 2014 City of Encinitas, San Dieguito Water District Employee names and Social Security numbers inadvertently made public on the city website 615 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 11, 2014 Architecture, Engineering, Consulting, Operations and Maintenance (AECOM) Current and former U.S. employees' PII and personal bank account numbers and routing information may have been accessed by hacker 52,660 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 11, 2014 British Columbia Ministry of Health PII & PHI acessed by an unauthorized individual using a doctor's PharmaNet account 1,600 Canada PIPA & PIPEDA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 11, 2014 University of Illinois at Chicago PII belonging to former students of the College of Business Administration accessible online Unknown California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 11, 2014 Enterprise Rent-A-Car, UK Customer PII and other details of undisclosed type stolen by a manager and sold to a claims management company 1,900 UK Data Protection Act & EU Directive on Data Protection A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
July 10, 2014 Penn State Hershey College of Medicine Alumni Social Security numbers held on computer infected with malware 1,176 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 10, 2014 Orangeburg-Calhoun Technical College PII belonging to current and former students and faculty held on password-protected laptop stolen from a staff office 20,000 California SB-1386 & other State derivatives, FERPA A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
July 09, 2014 The Houstonian Hotel, Club & Spa Customer credit card details exposed by malicious software attack over a period of six months 10,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 09, 2014 U.S. Office of Personnel Management An unknown amount and type of personal information regarding applications for security clearances possibly accessed by Chinese hackers Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 09, 2014 Shelburne Country Store Customer credit card information stolen by hackers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 08, 2014 Studio 66 TV User accounts with user names and clear text passwords dumped on the Internet 334 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 08, 2014 Park Hill School District Personnel and student records with SSNs stolen by former employee and made accessible online 10,210 California SB-1386 & other State derivatives, FERPA A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
July 08, 2014 The Wilcox Apartment Homes PII, banking details held in files discovered in an unsecured dumpster Unknown California SB-1386 & other State derivatives A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
July 08, 2014 Vodafone Hutchison Australia Customer PII including credit card details, and internet useage information exposed by reusing default passwords Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 07, 2014 Citibank, Capital One, JPMorgan Chase (Chase Bank), Key Bank, Boeing Employees Credit Union (BECU), Broadway Grill, MAD Pizza, Grand Central Baking Company, Phoenix Zoo, Schlotzsky's, Mary's Pizza Shack, Latitude Bar & Grill, Unknown Organization Over 200,000 customer credit and debit card details stolen by Russian hacker Roman Valerevich Seleznev 200,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 07, 2014 Blue Shield of California, Department of Managed Health Care (DMHC) PII belonging to physicians and other health care providers included on CDs issued as the result of public records requests 18,000 California SB-1386 & other State derivatives, HIPAA Security A.7.2.1 - Classification guidelines
A.7.2.2 - Information labeling and handling
A.8.2.2 - Information security awareness, education and training
July 07, 2014 Reindex, Denmark Thousands of college students' PII accessible via digital library system Unknown EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 04, 2014 St Vincent Breast Center, Indianapolis Breast Center P. C., Solis Women’s Health Breast Imaging Specialists of Indiana P.C. Patient names, addresses, and appointment details printed on letters mailed to the wrong recipients 63,325 California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training A.13.2.3 - Electronic Messaging
July 03, 2014 Danish Ministry of Economic Affairs and the Interior Danish citizens' CPR numbers accidentally exposed online for a period of one hour 900,000 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 03, 2014 Computer Sciences Corp (CSC), CPR-Administrationen, Danish Ministry of Economic Affairs and the Interior SSNs accidentally added to downloadable Robinson list containing names and addresses 900,000 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
July 02, 2014 Unknown Organization, Goldman Sachs & Co An unknown amount of confidential client brokerage data emailed to an incorrect address by a contractor Unknown California SB-1386 & other State derivatives, GLBA A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training A.13.2.3 - Electronic Messaging
June 30, 2014 Metropolitan Health District Patient immunization records including names, dates of birth, administration dates, and provider status held on stolen laptop 300 California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
June 27, 2014 Sterne Agee Group, Inc An unknown number of client PII held on unencrypted, password-protected laptop misplaced by an employee Unknown California SB-1386 & other State derivatives A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
June 26, 2014 Butler University PII bank account details belonging to staff, faculty, alumni, current and protected students stolen by hackers 163,000 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 26, 2014 Splash Car Wash Customer credit card details stolen by hackers exploiting point of sale terminals 30,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 25, 2014 WellSpan Health An unknown amount of patient health information possibly downloaded onto non-network computers Unknown California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 24, 2014 Unknown Organization, MSB Educational Solutions, Uxbridge Public Schools , Ashburnham Westminster Regional School District, Milford Public Schools, Public Schools of Northborough and Southborough, Sutton Public Schools, Massachussets/Vermont PII and Medicaid identification numbers held on password-protected, unencrypted laptop stolen from employee vehicle 3,500 California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
June 24, 2014 Riverside County Regional Medical Center Patient PHI held on unencrypted laptop discovered missing from hospital procedure room 563 California SB-1386 & other State derivatives, HIPAA Security A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
June 23, 2014 Christian Brothers University PII belonging to faculty members, staff, current and prospective students accessed by an unauthorized individual 100,000 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 22, 2014 Twitter, Inc., British Gas An unknown number of usernames, email addresses, and passwords captured by phishers Unknown UK Data Protection Act & EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 21, 2014 NRAD Medical Associates, P.C. Patient PII & PHI accessed by an unauthorized employee 97,000 California SB-1386 & other State derivatives, HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
June 21, 2014 Colorado Neurodiagnostics An unknown amount of patient PII & PHI held on password-protected laptop stolen from the office Unknown California SB-1386 & other State derivatives, HIPAA Security A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
June 19, 2014 Lake Land College Names, addresses, Social Security numbers, email addresses, and encrypted passwords dumped on the internet 108 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 18, 2014 The Metropolitan Companies, Inc., CTI Metropolitan LLC, Metlang LLC, Metropolitan Interpreters and Translators, Metropolitan Hospitality, Inc. Applicant PII with financial details held on computer systems accessed by a third party 8,423 California SB-1386 & other State derivatives A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
June 18, 2014 Danish Parliament Danish politicians' names, dates of birth, and SSNs posted online after voting for law to create new center for cyber security 91 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 17, 2014 Rady Childrens Hospital–San Diego Patient PII, PHI and outstanding balances used as part of a training exercise for nine job candidates 6,307 California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
June 17, 2014 Rady Childrens Hospital–San Diego Patient PII & PHI contained in a spreadsheet accidentally emailed to six outside recipients 14,121 California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training A.13.2.3 - Electronic Messaging
June 16, 2014 Diagnostic Health Solutions, NHS England Unencrypted patient health records stored on Google Drive 10,000 UK Data Protection Act & EU Directive on Data Protection A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
June 16, 2014 Riverside Community College District Students PII emailed to the wrong address 35,212 California SB-1386 & other State derivatives, FERPA A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training A.13.2.3 - Electronic Messaging
June 14, 2014 Municipality of Estremoz, Portugal Usernames and clear text passwords, as well 29 email addresses dumped on the internet 43 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 13, 2014 Giant Eagle, Inc Employee names and Social Security numbers potentially exposed due to an issue with the company's MyHRConnection portal Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 13, 2014 New Trier Township High School , Teachers Retirement System of the State of Illinois An unknown amount of personal information belonging to current and former teachers stolen and used to commit fraud Unknown California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 13, 2014 Community Health Center, Inc. Patient health records held on external hard drive in possession of former employee 130,000 California SB-1386 & other State derivatives, HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
June 13, 2014 Dominos Pizza (France), Dominos Pizza (Belgium) Customer names, email addresses, phone numbers, and passwords stolen and held for ransom by Rex Mundi 650,000 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 12, 2014 Unknown Organization, LogMeIn, Inc., Information Systems & Supplies Inc. (ISS) An unknown amount of customer credit and debit card details accessed by hackers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 12, 2014 Socialistisk Folkeparti (SF), Denmark Politicians' home addresses, Social Security numbers, and email addresses published online, with email passwords also reportedly stolen 22 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 12, 2014 Digital Inclusion User accounts with user names and clear text passwords dumped on the Internet 32 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 12, 2014 Danish Parliament Administrator names, addresses, Social Security numbers, dates of birth, email addresses and encrypted passwords dumped on the Internet 35 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 11, 2014 Jersey City Public Schools Student PII obtained from district computers by staff of a local charter school 600 California SB-1386 & other State derivatives, FERPA A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
June 11, 2014 Metropolitan Regional Information Systems, Inc. Names, locations, usernames, and clear text passwords dumped on the Internet  6,390 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 11, 2014 E-Finance Lab Names, addresses, email addresses, user names, and encrypted passwords dumped on the Internet 5,709 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 10, 2014 AT&T An unknown number of PII accessed without authorization by employees of a vendor company uknown California SB-1386 & other State derivatives A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
June 09, 2014 Redwood Regional Medical Group, St. Joseph Health - Sonoma County Patient names, dates of birth, genders, and medical details held on a thumb drive stolen from an employee's locker  33,702 California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
June 08, 2014 College of the Desert Employee PII and insurance details contained in a spreadsheet emailed to 78 other staffers 1,900 California SB-1386 & other State derivatives, FERPA A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training A.13.2.3 - Electronic Messaging
June 06, 2014 Miami-Dade County An unknown amount and type of employee information has been stolen and used to commit credit card and unemployment fraud Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 06, 2014 Penn State Milton S. Hershey Medical Center Patient names and medical details emailed to an employee's personal account and accessed on unsecured systems and devices 1,801 California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training A.13.2.3 - Electronic Messaging
June 06, 2014 Maximus, Access Health CT Customer PII written on four notepads found in lost backpack 400 California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
June 05, 2014 United States Army, United States Forces, Korea PII belonging to current and former South Korean employees held in two databases accessed by hackers 16,000 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
June 04, 2014 Bank of Montreal An unknown amount of transaction data and other information accessed by two teenagers using a default administrator password  Unknown Canada PIPA & PIPEDA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
May 29, 2014 Office Holdings Ltd, UK An unknown number of PII accessed in security breach Unknown UK Data Protection Act & EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
May 29, 2014 Montana Department Of Public Health Human Services An unknown number of PII, bank account details, and clinical information held on server accessed by hackers Unknown California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
May 29, 2014 Monsanto Company, Precision Planting, Inc. PII held on servers accessed by an outside party 1,600 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
May 29, 2014 Unknown Organization, America First Credit Union Customer debit card numbers captured by skimmers at an unknown retailer 20,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
May 28, 2014 ProMedica, Bay Park Hospital Patient names, dates of birth, and medical details accessed by an unauthorized employee 594 California SB-1386 & other State derivatives, HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
May 26, 2014 AVAST Software s.r.o. Czechoslovakia Forum usernames, email addresses, nicknames, and hashed passwords stolen by hackers 400,000 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
May 21, 2014 eBay Inc. Customers’ PII exposed after hackers gain access 145,000,000 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
May 20, 2014 The Elliot Health System Patient PII with billing codes held on four computers stolen from an employee vehicle 1,213 California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
May 19, 2014 Midwest Women's Healthcare Specialists An unknown number of PII, PHI, credit card numbers discovered blowing out of unsecured dumpsters Unknown California SB-1386 & other State derivatives, HIPAA Security, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
May 19, 2014 Safety First Systems, LLC, Lowes Current and former employee PII stored in a file inadvertently made accessible online 35,000 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
May 17, 2014 BITCOMP User accounts with email addresses and clear text passwords dumped on the Internet 6,313 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
May 13, 2014 American Express Credit card numbers and an unknown number of customer names leaked online by Anonymous Ukraine 668,279 California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
May 13, 2014 Hubbard-Bert, Inc, Lake Erie College of Osteopathic Medicine An undislosed number of student PII made available online due to a misconfigured test server Unknown California SB-1386 & other State derivatives, FERPA and HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
May 13, 2014 Eastern Health, Canada Patient medical records inappropriately accessed by an employee 20 Canada PIPA & PIPEDA A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
May 12, 2014 Aarhus Municipality Names and Social Security numbers accidentally exposed on municipality website 1,600 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
May 07, 2014 Boulder Community Health An unknown number of patient PII, PHI held on medical records stolen from unsecured storage bins located outside facilities Unknown California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
May 05, 2014 AmiBroker Full client accounts with PII, as well as reseller accounts with usernames and passwords dumped on the internet 19,365 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
May 05, 2014 Orange, France Customer names, phone numbers, dates of birth, and email addresses stolen by hackers 1,300,000 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
May 05, 2014 UMass Memorial Healthcare Patient PII accessed and possibly used to commit fraud by a former employee 2,400 California SB-1386 & other State derivatives, HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
May 02, 2014 Molina Healthcare, Inc., Creel Printing LLC Social Security numbers printed on postcards sent to former members 5,261 California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
May 02, 2014 Lafayette Parish Sheriff's Office Subscriber PII, administrator accounts with PII and a mix of encrypted and plain text passwords dumped on the Internet 4,539 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
May 01, 2014 A Thomas Jefferson Education User accounts with user names, email addresses and plain text passwords dumped on the Internet 12 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
May 01, 2014 Eircom, Ireland Email addresses and passwords at risk after hacker intrusion 350,000 Irish Data Protection Act & EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 29, 2014 Unknown Organization, DeKalb Health Records including a mix of PII, PHI &credit card details held on a vendor server accessed by hackers 1,361 California SB-1386 & other State derivatives, HIPAA Security, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 29, 2014 University of North Carolina at Wilmington An unknown number of names, Social Security numbers, and addresses held on a server accessed by hackers Unknown California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 28, 2014 Affinity Gaming An unknown number of customer credit and debit card numbers stolen in an intrusion of the payment processing system Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 26, 2014 MDF Transcription Services, Boston Medical Center Patient PII & PHI posted to a vendor website without password protection 15,000 California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 26, 2014 Johns Hopkins University Student names and Social Security numbers held on a server that was accessible to the Internet 2,166 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 26, 2014 Business Acumen, Australia User accounts with full names, email addresses, user names and encrypted passwords dumped on the Internet 26,747 Australian Privacy Act 1988 A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 24, 2014 Tufts Associated Health Maintenance Organization PII of current and former Tufts Medicare Preferred members stolen through undisclosed means 8,830 California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
April 23, 2014 Coordinated Health Patient PII, insurance details and physician names held on a password protected laptop stolen from an employee's car 733 California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking"
April 22, 2014 Sims and Associates Podiatry PII, insurance details and medical information held on three stolen laptops 6,475 California SB-1386 & other State derivatives, HIPAA Security A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
April 22, 2014 Al Arabiya User accounts with user names and clear text passwords dumped on the Internet 15 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 22, 2014 Iowa State University Student Social Security numbers and 18,949 university ID numbers exposed in an attack on campus servers 48,729 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 19, 2014 Jet Photographic Processing Laboratory, UK Email addresses and clear text passwords dumped on the Internet 8,930 UK Data Protection Act & EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 15, 2014 Flowers Hospital Patient PII & PHI held on forms stolen by an employee and used to file fraudulent tax returns Unknown California SB-1386 & other State derivatives, HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
April 15, 2014 Messianic Journeys User accounts with names, addresses, phone numbers, email addresses and encrypted passwords dumped on the Internet 842 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 15, 2014 Unknown Organization, American Funds Distributors, Inc., Capital Group Companies, Inc Investor passwords and other information held on a vendor server potentially at risk as a result of the Heartbleed bug Unknown California SB-1386 & other State derivatives, GLBA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 14, 2014 The Harley Medical Group - Aesthetic and Cosmetic Surgery Limited, UK PII and potential plastic surgery procedures stolen by Russsian hackers attempting to extort money 480,000 UK Data Protection Act & EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 14, 2014 LaCie USA An unknown number of customer PII and credit or debit card numbers possibly accessed by hackers employing malware Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 14, 2014 Mumsnet Limited, UK An unknown number of PII and other account details accessed by hackers taking advantage of the Heartbleed bug Unknown UK Data Protection Act & EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 13, 2014 German Aerospace Center, Denmark An unknown amount and type of sensitive information possibly compromised by self-destructing malware Unknown EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 11, 2014 Canada Revenue Agency Social Insurance Numbers removed from online systems by hacker exploiting the Heartbleed vulnerability 900 Canada PIPA & PIPEDA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 11, 2014 University Urology, PC Patient names and addresses stolen and provided to a competitor by an employee 1,144 California SB-1386 & other State derivatives, HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
April 09, 2014 Deltek, Inc Customer accounts with usernames and passwords, including 25,000 with credit or debit card numbers obtained by a hacker who broke into the GovWin IQ system 80,000 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions"
April 05, 2014 RealEstate.sy Accounts with names, addresses, phone numbers, email addresses, and plain text passwords dumped on the internet 3,257 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 05, 2014 SyriaJOB LTD Names, addresses, phone numbers, email addresses, and plain text passwords dumped on the internet 50,017 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 04, 2014 Midwest Orthopaedics at Rush, LLC Patient details including names, dates of birth, and surgical information contained in a compromised email account 1,256 California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 04, 2014 U.S. Veterans of Foreign Wars Member PII exposed by Chinese hacker using a remote access Trojan and malicious code 55,000 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 04, 2014 Lubbock Cardiology Clinic Patient PII and medical records stolen in unauthorized access of the practice's electronic health records 1,400 California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 03, 2014 Michigan Department of Community Health Patient PII and Medicaid identification numbers held on an unencrypted flash drive and encrypted laptop stolen from an employee's office 2,595 California SB-1386 & other State derivatives, HIPAA Security A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
April 03, 2014 BigMoneyJobs User PII and clear text passwords dumped on the Internet  36,802 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 02, 2014 Parallon Business Solutions, LewisGale Regional Health System, Salem Hospitalist Patient PII and health insurance details stolen by billing service employee 40 California SB-1386 & other State derivatives, HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
April 02, 2014 Aurelis, Croatia Names, email addresses, usernames, and clear text passwords dumped on the internet 1,046 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions"
April 02, 2014 Macon-Bibb County An unknown number of employee and applicant names PII exposed online Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 02, 2014 Kaiser Permanente Patient PII & PHI held on a server infected with malware 5,100 California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
April 01, 2014 EveryChild, Inc PII & PHI belonging to children and disabled adults held on stolen computers 2,934 California SB-1386 & other State derivatives, HIPAA Security A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
March 28, 2014 City of Colima Email addresses and 5 account usernames and passwords dumped on the internet 112 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 28, 2014 Specs Family Partners PII including credit card information at 34 stores exposed 500,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 28, 2014 Franciscan Health System PII & PHI compromised in a phishing attack 8,300 California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 28, 2014 Credit Karma, Inc. PII credit scores, and other credit report details such as account names and balances transmitted without encryption Unknown California SB-1386 & other State derivatives, GLBA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 28, 2014 Fandango PII and credit card numbers with security codes and expiration dates transmitted without encryption Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 28, 2014 Boxee, Inc. Accounts with user names, email addresses, private messages and encrypted passwords dumped on the Internet 158,128 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 27, 2014 University of Wisconsin - Parkside PII potentially exposed by hackers who installed malware on a university server 15,000 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 25, 2014 El Agave Mexican Restaurant Credit and debit card numbers stolen by hackers who installed malware on the restaurant's point of sale system 200 California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 24, 2014 University of Kentucky, Talyst, Inc., UK HealthCare PHI held on a password protected laptop stolen from a vendor employee 1,079 California SB-1386 & other State derivatives, FERPA and HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
March 24, 2014 Purdue University PII and encrypted passwords dumped on the internet 268 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 24, 2014 Orlando Health, Arnold Palmer Hospital for Children, Winnie Palmer Hospital for Women & Babies PII & PHI held on a missing flash drive 586 California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
March 23, 2014 Building Research Institute Names, addresses, usernames, email addresses, and encrypted passwords dumped on the internet 330 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 22, 2014 Unknown Organization, California Department of Motor Vehicles Credit or debit card numbers compromised due to a security issue with the credit card processing service Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 20, 2014 Auburn University PII of students, faculty and staff held on a server compromised by hackers 13,698 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 19, 2014 M.P. Holidays Names, addresses, phone numbers, usernames, and email addresses dumped on the internet 286 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 19, 2014 Electronic Arts (EA) Email addresses, passwords, and security questions compromised by phishing attack hosted on a company server Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 19, 2014 Electronic Arts (EA), Apple, Inc. Full credit card details and other PII compromised by phishing attack hosted on a company server Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 18, 2014 Internal Revenue Service (IRS) Unencrypted PII downloaded to a thumb drive and made potentially accessible over an unsecured home network 20,000 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 17, 2014 Valley View Hospital PHI with credit or debit card numbers captured in screenshots by a computer virus 5,400 California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 17, 2014 Service Coordination, Inc. PII & PHI accessed by hackers 9,700 California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 17, 2014 CITROËN Germany GmbH, Denmark Customer financial information, shipping addresses, and other unknown personal information stolen by hackers Unknown EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 17, 2014 HealthSource of Ohio Patient names, Social Security numbers, dates of birth, credit card numbers, and medical information made available online 8,800 California SB-1386 & other State derivatives, PCI/Visa CISP, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 14, 2014 Wm Morrison Supermarkets plc, UK Employee names, addresses, and bank account details stolen by an employee and posted online 100,000 UK Data Protection Act & EU Directive on Data Protection A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
March 13, 2014 Detroit Medical Center, Harper University Hospital Patient names, dates of birth, reasons for visits, and in some cases Social Security numbers held on documents stolen by an employee 1,087 California SB-1386 & other State derivatives, HIPAA Security A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
March 12, 2014 6717000.com User accounts PII and 102 administrator accounts PII dumped on the Internet 132 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 12, 2014 Nomorerack An unknown amount of customer credit card information potentially stolen by hackers Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 12, 2014 UCSF Family Medicine Center at Lakeshore PII & PHI held on unencrypted desktop computers stolen in an office burglary 9,986 California SB-1386 & other State derivatives, HIPAA Security A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
March 11, 2014 Cornerstone Neurology Patient names, dates of birth, and medical information held on a stolen laptop 548 California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
March 10, 2014 Seitron SPA, Italy Administrator accounts with user names and clear text passwords dumped on the Internet 11 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 10, 2014 McFarland School District PII as well as 2 administrator usernames and encrypted passwords dumped on the internet 341 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 10, 2014 Archdiocese of Seattle Employee and volunteer Social Security numbers stolen by hackers and used to file fraudulent tax returns 90,000 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 08, 2014 MTV España 3 Administrator and user accounts with user names, email addresses and encrypted passwords dumped on the Internet 27 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 07, 2014 United States Department of Defense, Unknown Organization, U.S. Department of State, U.S. Agency for International Development Names, Social Security numbers, addresses, and dates of birth stolen by employees as part of an identity theft ring 600 California SB-1386 & other State derivatives A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
March 07, 2014 Sutherland Healthcare Solutions, Los Angeles County Department of Health Services, San Francisco Department of Public Health PII & PHI held on a number of computers stolen in an office robbery 224,400 California SB-1386 & other State derivatives, HIPAA Security A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
March 07, 2014 Johns Hopkins Department of Biomedical Engineering Students names, email addresses, and phone numbers stolen and dumped online by hackers 1,300 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 06, 2014 Metropolitan Transportation Authority PII on a CD found inside a refurbished drive purchased at a major retailer 15,000 California SB-1386 & other State derivatives A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
March 05, 2014 North Dakota University System PII held on a server accessed in an intrusion 290,780 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 05, 2014 Sally Beauty Supply LLC Credit and debit card numbers stolen in a network intrusion and put up for sale on an underground crime store 25,000 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
March 05, 2014 Ceridian Corporation, Point Park University Employee names, addresses, Social Security numbers, dates of birth, banking information and salary details held on missing reports 1,800 California SB-1386 & other State derivatives, FERPA A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
March 05, 2014 Froedtert Health, Community Memorial Hospital, United Healthcare Services, Inc., Roper St. Francis Healthcare PII errorneously faxed to an Oregon resident Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training A.13.2.3 - Electronic Messaging
March 03, 2014 City of Detroit Employee names, dates of birth, and Social Security numbers compromised after a malware infection 1,700 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 28, 2014 Bank of America, Dispatch Taxi Affiliation Inc, Taxi Affiliation Service LLC, Checker Taxi Affiliation, Yellow Cab Chicago, Blue Diamond Taxi Affiliation, Inc, American United Taxi An unknown number of customer debit and credit card numbers stolen and fraudulently used Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 26, 2014 Unknown Organization, Assisted Living Concepts, LLC PII including salary information at risk after a breach of the company's payroll vendor 43,600 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 25, 2014 Indiana University PII of students and recent graduates accessed by three webcrawlers 145,966 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 24, 2014 Apple Valley Dental (Dr. Samuel Kim), 1-800-DENTIST PII on patient referral forms discovered in a vacant lot Unknown California SB-1386 & other State derivatives, HIPAA Security A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
February 22, 2014 EC-Council PII of security professionals compromised by a hacker using a DNS redirect 60,000 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 19, 2014 University of Maryland Records containing PII of faculty, staff, studentsand affiliated personnel held in a database attacked by hackers 309,079 California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 19, 2014 Ripple, South Korea Names, email addresses, usernames and encrypted passwords dumped on the internet 43 Personal Data (Privacy) Ordinance (PCPD) A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 19, 2014 Department of Immigration and Border Protection, Australia PII of individuals seeking asylum held in a file mistakenly published on a government website 10,000 Australian Privacy Act 1988 A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 19, 2014 St.Vincent Indianapolis Hospital Patient names, dates of birth, genders and service information held on a password-protected laptop stolen from the hospital 1,100 California SB-1386 & other State derivatives, HIPAA Security A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
February 18, 2014 Unknown Organization, Well.Ca Full credit card details including expiration dates and CVV numbers exposed by hackers exploiting vulnerability in a service provider's website Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 18, 2014 History of Newport RFC, Denmark User accounts with names and dates of birth dumped on the internet 601 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 18, 2014 Celtic Haven Names, addresses, phone numbers, and email addresses dumped on the internet 562 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 17, 2014 Merengue Pastelería Customer names, email addresses and phone numbers dumped on the internet 3,430 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 17, 2014 Muslim Directory, UK User accounts with full names, home addresses, contact phone numbers, email addresses and clear text passwords dumped on the Internet 38,903 UK Data Protection Act & EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 16, 2014 Equine Canada User accounts with first and last names and email addresses dumped on the Internet 3,641 Canada PIPA & PIPEDA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 14, 2014 VisaForIran.Com PII including passport, visa and employment information dumped on the internet 31 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 14, 2014 Pangea Day Names, addresses, usernames, encrypted passwords and email addresses dumped on the internet 608 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 14, 2014 ExamSolutions, UK User accounts with names, addresses, encrypted passwords and email addresses dumped on the internet 1,244 UK Data Protection Act & EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 14, 2014 Experian, Colorado Bureau of Investigation Credit report database accessed by someone using client's login credentials Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 14, 2014 Coastal Koi Members Club Member names, mailing addresses, IP addresses and email addresses dumped on the internet 38 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 14, 2014 Forbes.com LLC Names, email addresses, usernames, and passwords stolen by the Syrian Electronic Army 1,056,986 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 12, 2014 AVS TV Network User credentials with other PII with clear text passwords dumped on the internet 39,343 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 11, 2014 Las Vegas Sands Corp., Sands Casino Resort Bethlehem PII as well as administrator passwords and credit card details revealed on company website Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 10, 2014 Kmart Customer PII, prescriptions held on backup media stolen in a robbery Unknown California SB-1386 & other State derivatives, HIPAA Security A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
February 06, 2014 Reading Rockets Names, home addreses, contact numbers, dates of births, email addresses and clear text passwords dumped on the Internet 5,840 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 06, 2014 Bank of the West PII with passwords compromised after an unauthorized party gained access to the job application system Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 08, 2014 Barclays Bank PLC, UK Customer files containing PII as well as PHI leaked 27,000 UK Data Protection Act & EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 07, 2014 Easter Seals Superior California Patient records including PII, dates and medical details held on a password protected laptop stolen from an employee's vehicle 3,026 California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
February 05, 2014 St. Joseph Health System Patient PII and medical details, as well as an unknown amount of bank account information held on server accessed by hackers 405,000 California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 05, 2014 Olmsted Medical Center Employee Federal W-2 statements accessed by hackers 1,000 California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 05, 2014 Home Depot USA Employee PII stolen by three former human resources associates used to open fraudulent credit cards 20,000 California SB-1386 & other State derivatives, PCI/Visa CISP A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
February 04, 2014 Anna Span Sex Toys, UK Accounts with names, addresses, phone numbers, email addresses, and encrypted passwords dumped on the internet 74 UK Data Protection Act & EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 04, 2014 TTNET, General Directorate of Security, Turkish National Intelligence Organization, Turkey PII and account details of Turkish government officials stolen and leaked by hackers 600 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 03, 2014 Marriott International, Starwood Hotels and Resorts Worldwide Inc., Radisson Hotels & Resorts, InterContinental Hotels Group, White Lodging Services, Corporation PII with CCNs at risk after a suspected breach of the point of sale systems at hotel food and beverage outlets Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 03, 2014 Orange, France Customer PII and account details stolen by hackers using the 'My Account' section of the company website 800,000 EU Directive on Data Protection A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
February 03, 2014 Midland Independent School District Names, dates of birth and Social Security numbers held on an unsecured external hard drive stolen from an employee vehicle 14,000 California SB-1386 & other State derivatives, FERPA A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
February 02, 2014 Bell Canada, Magma Communications Customer PII as well as 5 credit card numbers leaked on the internet after being stolen from a third party supplier's IT system 22,421 Canada PIPA & PIPEDA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
January 31, 2014 White Lodging Services Corporation
Merrillville, Indiana
Nationwide brands such as Hilton, Marriott, Sheraton and Westin may have been the victim of a data breach potentially exposing credit and debit card information. Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
January 30, 2014 UC Davis Health System
Sacramento, California
Medical provider's email accounts was impacted by a malicious software used to access records. In this case this malware targeted the medical provider's email account. Unknown California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
January 28, 2014 Bring It To Me
San Diego, California
A data breach occurred at one of their vendors that may have compromised personal or payment card information.  Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
January 25, 2014 Michaels Stores Inc.
Irving, Texas
A security breach regarding customers payment cards Unknown California SB-1386 & other State derivatives, PCI/Visa CISP A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
January 24, 2014 Coca-Cola Company
Atlanta, Georgia
Theft of several computers from one of their locations that contained personal information on employees and other individuals.  Unknown California SB-1386 & other State derivatives A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
January 24, 2014 St. Francis Hospita and Medical Centers
Hartford, Connecticut
Patient records were stolen from a contracted emergency room physicians car. Unknown California SB-1386 & other State derivatives, HIPAA Security A.11.2.6 - Security of equipment and assets
A .6.2.1 - Mobile device policy
A. 6.2.2 - Teleworking
January 23, 2014 W.J Bradley
Centennial, Colorado
Information on specific loan transactions had been taken from their computer systems by several former loan officers of the company Unknown California SB-1386 & other State derivatives A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
January 17, 2014 Easton-Bell Sports Inc.
Van Nuys, California
Vendors servers was the target of vicious malware  Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
January 17, 2014 E-Benefits Department of Veteran Affairs, District Of Columbia Veterans and Service members who had registered and logged into eBenefits were able to see a combination of their own information as well as data from other eBenefits users. Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
January 15, 2014 South Carolina Department of Employment and Workforce
Columbia, South Carolina GOVINSD  
A human resources employee allegedly downloaded the personal information of current and former DEW employess to a personal device. 4,658 California SB-1386 & other State derivatives A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
January 14, 2014 Southwest General Health Center
Middleburg Heights, Ohio
Private information in binder was recently lost, including names, data on births, clinical information and medical record numbers.  480 California SB-1386 & other State derivatives, HIPAA Security A.11.1.1 - Physical security perimeter
A.11.1.2 - Physical entry controls
A.11.2.1 - Equipment siting and protection
January 14, 2014 NORCOM-North East King County Regional Public Safety Communication Agency
Bellevue, Washington
A security breach of a server that stored records of medical responses 6,000 California SB-1386 & other State derivatives, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
January 14, 2014 Update Legal
San Francisco, California
A suspect in custody had digital photographs of I-9 forms on the smartphone in this persons possession. Unknown California SB-1386 & other State derivatives A.8.2.1 - Classification of information
A.8.2.2 - Labelling of Information
A.7.2.2 - Information security awareness, education and training
January 10, 2014 Neiman Marcus
Dallas, Texas
Database of customer information was hacked  1,100,000 California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
January 10, 2014 Alamance County Department of Social Services
Burlington, North Carolina
A former social worker pled quilty to identity theft, tax, and fraud charges. 33 California SB-1386 & other State derivatives A.6.1.1 - Information security roles and responsibilities
A.7.1.1 - Screening
A.7.1.2 - Terms and conditions of employment
A.7.2.1 - Management responsibilities
A.7.2.2 - Information security awareness, education and training
A.8.2.4 - Return of assets
A.9.2.5 - Removal or adjustment of access rights
January 07, 2014 Risk Solutions International LLC, Loudoun County Public Schools
Ashburn, Virginia
More than 1,300 links could be accessed through a Google search Unknown California SB-1386 & other State derivatives, FERPA A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
January 02, 2014 Straight Dope Message Board
Chicago, California
Hackers broke into the online message board forum. This resulted in unauthorized access of members usernames, emails and passwords. Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
January 02, 2014 Eye Surgery Education Council
Fairfax, Virginia
System was hacked and user accounts with partial email addresses, user names and clear text passwords were dumped onto the Internet. 4,748 California SB-1386 & other State derivatives, FERPA, HIPAA Security A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
January 01, 2014 Snapchat
Venice, California
The hacker or group known as "Lightcontact" first posted the database on Reddit and on a website called SnapchatDB.info Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
January 01, 2014 Skype breach
L-2165 Luxembourg, Luxembourg
The Syrian Electronic Army is reportedly taking credit for hacking into user accounts on Skype Unknown California SB-1386 & other State derivatives A.14.1.2 - Securing Applications Services on Public Networks
A.14.1.3 - Protecting Applications Services Transactions
    ESTIMATED TOTAL (ROUGH): 465,516,948    
GRC Certification
Bookmark and Share
Copyright 2005-2017 by eFortresses, Inc. All rights reserved.