List of Data Breaches
1
1919 Investment Counsel LLC
September 21, 2020 | Third Party
Abstract
On September 21, 2020, a 1919ic employee discovered some unusual activity on their 1919ic work computer. We immediately began investigating and retained a third party forensic expert to assist. During our investigation, we learned that an unauthorized user gained access to 1919ic’s computer systems, which are operated by a third-party Managed IT services firm with oversight by 1919ic’s internal technology team. During the forensic analysis, 1919ic was able to quickly take steps to prevent further unauthorized access and secure our systems. At this time, we do not have any indication that your information was accessed or misused. However, because we deeply value you and are committed to transparency, we wanted to make you aware of this incident.1873349 Ontario, Inc.
June 01, 2018 | Website Compromise
Abstract
Our security team was made aware of suspicious activity on the Canadian Website. We immediately began an investigation with the assistance of a leading computer security firm and disabled the website. On October 30, 2018, the investigation identified unauthorized access to payment card data from cards used to make purchases on the Canadian Website from August 15, 2014 to September 15, 2018.1-800-Flowers.com
February 15, 2016 | Unauthorized Access
Abstract
Our customer service team received reports on February 15, 2016 from several customers that they were unable to complete their online order. Our operations team initiated an investigation and identified signs of unauthorized access to the network that operates our e-commerce platform.2
21st Century Oncology
Abstract
On November 13, 2015, the Federal Bureau of Investigation (FBI) advised us that patient information was illegally obtained by an unauthorized third party who may have gained access to a 21st Century database. We immediately hired a leading forensics firm to support our investigation, assess our systems and bolster security. The forensics firm determined that, on October 3, 2015, the intruder may have accessed the database, which contained information that may have included your name, Social Security number, physician’s name, diagnosis and treatment information, and insurance information. We have no evidence that your medical record was accessed.7
7-Eleven, Inc.
June 13, 2016 | Accident
Abstract
On behalf of the 7-Eleven franchisees, 7-Eleven maintains a database of records for each franchise location that contains information on all franchisee employees for that location. Only the records in the database for the employees of a particular franchisee (“Employing Franchisee”) are sent to the local store and are available for access by the Employing Franchisee. 7-Eleven discovered in June 2016 that as part of the update process, in addition to the normal set of employee records sent for each Employing Franchisee, some additional records from the franchisee employee database were available to certain 7-Eleven franchisees. We immediately updated the records, investigated to determine the cause of the issue, and have taken additional safety measures to protect your information and ensure that records are not accidentally made available to any franchisee other than the Employing Franchisee.8
80sTees
June 03, 2012 | Unknown
Abstract
On January 29, 2013, Discover Card requested that we conduct an investigation of our computer system because of some unauthorized charges experienced by Discover customers after completing purchases on our website. Shortly after we got Discover's request we: (1) conducted our own investigation including reviewing server log files;(2) recoded our website so that we no longer stored credit card numbers on our server and securely removed all existing credit card data from our server;(3) confirmed that our malware and antivirus scans were operating:(4) reported to the U.S. secret Service about our investigation; and (5) hired a PCI approved forensic investigator to conduct a full evaluation of our computer server. At that time we did not find any intrusion or vulnerabilities in 80sTees' server.9
9W Halo OpCo L.P. d/b/a Angelica
April 10, 2018 | User Error
Abstract
On April 10, 2018, Angelica sent an email to a former employee in response to his request for a copy of his 2017 W-2. Instead of sending only the former employee’s 2017 W-2, the response inadvertently included an attachment with 2017 W-2 forms for multiple current and former employees of Angelica, including you. Angelica did not learn about the inadvertent disclosure of the W-2s until April 15, 2018. Angelica immediately reached out to the former employee, who confirmed that he had deleted the message containing the W-2s. Prior to deleting the message, the former employee forwarded the attachment with all of the W-2s to his tax preparer and a current employee of Angelica, both of whom have confirmed that they deleted the file and that they did not forward the file to anyone else.A
Atlas Mechanical, Inc.
October 11, 2020 | Malware
Abstract
Atlas recently became aware of suspicious activity on its computer network and discovered it could not access certain files on its systems. Atlas immediately launched an investigation, with the assistance of thirdparty computer forensic specialists, and determined that its network had been infected with malware which prevented access to certain files on the system. The investigation determined that the malware was introduced into the system by an unauthorized actor who also accessed and acquired certain files in Atlas’ system. Atlas then began a lengthy and labor-intensive process to identify sensitive information that may have been contained within impacted files, and to identify the individuals whose information may have been impacted. While our investigation is ongoing, we are notifying you because that investigation determined certain information related to you may have been impacted.Agoura Health Products, LLC dba Gundry MD
August 06, 2020 | Third Party
Abstract
We are writing to advise you of a recent data security incident involving a company called 1ShoppingCart. com (“1ShoppingCart”). Gundry MD contracts with 1ShoppingCart to process payments made through our website. On October 30, 2020, we learned from 1ShoppingCart that an unauthorized third party accessed 1ShoppingCart’s systems and collected information regarding transactions placed on Gundry MD’s website from August 6, 2020 to August 22, 2020.Aetna
June 24, 2020 | Email Compromise
Abstract
On July 1, 2020, EyeMed discovered that an unauthorized individual gained access to an EyeMed email mailbox and sent phishing emails to email addresses contained in the mailbox’s address book. On the same day, EyeMed took immediate actiontoblock theunauthorizedindividual’saccess tothe mailboxandsecuredthe mailbox. EyeMedimmediately launchedan investigation into the incident and engaged a cybersecurity firm to assist in its efforts. It was determined that the unauthorized individual first gained access to the mailbox on June 24, 2020, and that access terminated on July 1, 2020.ArbiterSports
June 3, 2020 | Ransomware
Abstract
We recently detected unauthorized access to certain devices in our network and an attempt to encrypt our systems. We immediately took measures to stop the access, launched an investigation, and a security firm was engaged. On July 15, 2020, findings from the investigation identified a backup copy of a database made for business continuity reasons that was obtained by the unauthorized party at some point in the prior few weeks. Although we were able to prevent devices from being encrypted, the unauthorized party demanded payment in exchange for deleting the files that were obtained. We reached an agreement and obtained confirmation that the unauthorized party deleted the files.Assured Imaging
May 19, 2020 | Ransomware
Abstract
On May 19, 2020, Assured learned that its electronic medical records system had become encrypted due to “ransomware” deployed by an unknown actor. Because the impacted systems contained patient and employee information, Assured worked quickly to (1) restore access to the patient information so it could continue to care for patients without disruption and (2) investigate what happened and whether this incident resulted in any unauthorized access to, or theft of, personal information by the unknown actor.American Payroll Institute, Inc. (APA); Global Payroll Management Institute, Inc.
May 13, 2020 | Malware
Abstract
The APA experienced a skimming cyberattack in which personal information was accessed by unauthorized individuals. The source of the cyberattack is thought to have been a vulnerability in APA’s content management system, which allowed a “skimmer” to be installed on both the login webpage of the APA website, as well as the checkout section of the APA’s online store. APA’s IT team uncovered unusual activity on the site dating back to May 13, 2020 at approximately 7:30 pm CT.American Payroll Institute, Inc. (APA); Global Payroll Management Institute, Inc. (GPMI)
May 13, 2020 | Malware
Abstract
The APA experienced a skimming cyberattack in which personal information was accessed by unauthorized individuals. The source of the cyberattack is thought to have been a vulnerability in APA’s content management system, which allowed a “skimmer” to be installed on both the login webpage of the APA website, as well as the checkout section of the APA’s online store. APA’s IT team uncovered unusual activity on the site dating back to May 13, 2020 at approximately 7:30 pm CT.Amphastar Pharmaceuticals, Inc.
May 2, 2020 | Ransomware
Abstract
On July 24, 2020, the Company learned for the first time that some Company data had been posted on the internet without authorization on July 21. Most of the information was legacy data (approximately 15 years old) and included some of your personal information along with other company records.The Company immediately investigated this posting to learn what happened with the assistance of a leading specialist routinely retained to assess and mitigate cybersecurity incidents. The posting was determined to be related to an earlier ransomware attack on May 2, 2020 that had been fully contained without any indication that data had been removed based on available records. No payment was or will be made to the criminals responsible for this malicious/criminal act. The Company was able to use backups and restore business continuity promptly. As law enforcement and others have reported, ransomware attacks have increased and have targeted the healthcare industry in the United States and around the world including during the global pandemic.
American Symphony Orchestra League
May 1, 2020 | Ransomware
Abstract
Blackbaud, which works with many nonprofits and educational institutions to support their development and donor engagement activities, recently notified us of a security incident. You may have received a similar e-mail about this incident from other nonprofits or universities whose data Blackbaud stewards. At this time, we understand that Blackbaud discovered and stopped a ransomware attack. After discovering the attack, Blackbaud’s Cyber Security team—together with independent forensics experts and law enforcement—expelled the cybercriminal from their system. Blackbaud indicated, however, that the cybercriminal did remove a copy of a backup file containing some of your information before being locked out of the system. A full description of the incident is available on Blackbaud’s website at https://www.blackbaud.com/securityincident.Allergy & Asthma Medical Group of the Bay Area, Inc.
April 27, 2020 | Laptop Stolen
Abstract
On April 28, 2020, Allergy & Asthma Medical Group of the Bay Area discovered that its Berkeley physicians' office was broken into during the evening of April 27, 2020. We immediately initiated an investigation during which we learned that three laptops were stolen. While these laptops were secured, we are taking a conservative approach that the bad actor(s) may have gained access to them. Accordingly, we performed a diligent review to determine what information was present on the laptops and to whom that information related. Based on that review, we learned that certain limited information relating to your FeNo results was potentially viewable on the laptop.Ascend Clinical LLC
April 21, 2020 | Ransomware
Abstract
On or about May 31, 2020, Ascend detected irregularities in its data systems, including some Ascend data that had become encrypted through an unknown source. Upon a thorough investigation, Ascend determined that an unauthorized user had accessed and downloaded Ascend business records, including some personally identifiable information (“PII”) of Ascend’s patients. Under a federal law known as the Health Insurance Portability and Accountability Act (“HIPAA”), this PII is considered protected health information (“PHI”).Arbonne International, LLC
April 20, 2020 | Unauthorized Access
Abstract
On the evening of April 20, 2020, Arbonne became aware of unusual activity within a limited number of its internal systems. Arbonne immediately commenced an investigation with the assistance of third-party computer specialists. While the investigation remains ongoing, the preliminary investigation determined that certain information in Arbonne’s systems may have been accessed without authorization. On April 23, 2020, the investigation identified a data table containing limited personal information that may have been accessible to unauthorized actor.Alcorn Fence Company
April 19, 2020 | Email Compromise
Abstract
We recently detected unauthorized access to an Alcorn employee email account that may have contained your personal information. We immediately launched an investigation and engaged a digital forensics firm to assist. Through this investigation, we determined that your personal information may have been accessed without authorization.Alameda Health System
April 08, 2020 | Email Compromise
Abstract
On June 17, 2020, we learned that, for a brief period of time on April 8, 2020, an unauthorized person from outside AHS was able to remotely access the email account of an AHS employee. Upon learning of the incident, we immediately took action to secure the employee’s email account to prevent any further access. We also launched an investigation and engaged a leading forensic security firm to assist in our investigation. As part of that investigation, we searched for any personal information in the email account that could have been viewed. We recently completed our investigation and have determined that the account contained some personal information, including your name and limited medical information. The type of information differs for each individual, but was mostly information such as dates of birth, medical record numbers, appointment dates, driver’s license number, Social Security number and health insurance information.Andrew Dang, DDS
April 19, 2020 | Computer Stolen
Abstract
On Sunday, April 19, 2020, during the pandemic and while my business was closed, I went into my office and discovered that a break-in had occurred and my office had been burglarized, including the theft of, among other things, our office computer. I immediately reported the incident to the police, with whom we continue to liase. I also am concurrently notifying federal and state regulators of the incident.Amtrak
April 16, 2020 | Unauthorized Access
Abstract
On the evening of April 16, 2020, Amtrak determined that an unknown third party gained unauthorized access to certain Amtrak Guest Rewards accounts. Your account was among those that were accessed without authorization.Accident Insurance Company
April 13, 2020 | Unauthorized Access
Abstract
On August 18, 2020, we determined that your personal information may have been accessed during a cyber incident in which unauthorized persons attempted to interfere with the operation of our computer system. While their attempt did not succeed, during the incident they may have had access to sensitive information. When we learned of their attempt in April of 2020 AIC immediately launched an investigation with the assistance of cybersecurity experts to determine what happened and what information may have been exposed. We are unaware of any information being misused but wanted to provide this information to you.Angeion Group
March 30, 2020 | Email Compromise
Abstract
In July 2020, we learned that between March 30, 2020 and May 4, 2020, an unknown third party accessed, remotely and without authorization, the corporate email box of one of our employees. In light of the employee’s job functions, that email box included certain personal information, present in claims administration files and related communications.AST LLC
March 09, 2020 | Email Compromise
Abstract
On or about March 9, 2020, an unknown third party accessed employee payroll information after having gained access to an employee’s email address. The third party was able to set up rules in the employee’s email that diverted the employee’s email messages to the third party. We wanted to inform you about this incident as soon as possible to allow you to take precautionary steps to further protect your personal information.Athenian School
February 7, 2020 | Ransomware
Abstract
According to Blackbaud, cybercriminals gained access to their system as part of a ransomware attack sometime between February 7, 2020 and May 20, 2020. Blackbaud informed us that upon discovering the attack, Blackbaud’s cybersecurity team – along with independent forensics experts and law enforcement – stopped the attack and expelled the cybercriminals. However, Blackbaud discovered that prior to locking the cybercriminals out, they removed a copy of a backup file containing your personal information. Blackbaud has assured us, based on representations by the Federal Bureau of Investigations, that upon receiving the ransomware payment the cybercriminals destroyed the information that they accessed.Advantage Capital Funding, LLC
February 6, 2020 | Third Party
Abstract
On March 17, 2020, Advantage Capital confirmed a report that it initially received on February 6, 2020 concerning potentially unauthorized access to a third-party hosted database that Advantage Capital used to store merchant loan application data. Advantage Capital subsequently took the database offline and a cyber security firm was engaged to assist with the investigation. Through the investigation, Advantage Capital determined that the unauthorized access occurred between February 6, 2020 and March 6, 2020. Advantage Capital has addressed the security issues resulting in this incident.Allstate Benefits
February 05, 2020 | Unknown
Abstract
TBDBAmbry Genetics Corporation
January 22, 2020 | Email Compromise
Abstract
Our security team identified unauthorized access to an employee’s email account between January 22-24, 2020. We promptly initiated an investigation, with the assistance of outside experts. The investigation was unable to determine whether there was unauthorized access to, or acquisition of, any particular information from the email account. Nevertheless, we are notifying you because your personal information may have been impacted. Specifically, while we are not aware of any misuse of your personal information, the security incident may have resulted in the disclosure of your information, including your <<ClientDef1(name [and/,] Impacted Data)>>.Artech, L.L.C.
January 5, 2020 | Ransomware
Abstract
On January 8, 2020, Artech received a report of unusual activity relating to an employee’s Artech user account. We immediately began investigating this report and through that investigation identified ransomware on certain Artech systems. That same day we engaged a leading third-party forensic investigation firm to assess the security of our systems and to confirm the nature and scope of the incident. On January 15, 2020, the investigation determined that an unauthorized actor had access to certain Artech systems between January 5, 2020, and January 8, 2020. Artech undertook a comprehensive review of these systems and determined that some personal information was present in them at the time of the incident. We reviewed this information and our internal records to identify the individuals associated with this information and their contact information for purposes of providing notice. On or around June 25, 2020, we completed this review and determined that some of your personal information was contained in one or more of the involved files.Atria Wealth Solutions
December 03, 2019 | Email Compromise
Abstract
CUSO Financial became aware of suspicious emails coming from an affiliate's employee's email account. An investigation was launched immediately with assistance from third-party computer forensics speciatlists to determine the nature and scope of the activity. On March 26, 2020, the investigation determined that certain personal information was accessible witthin the email account when it was accessed without authorization on December3, 2019. The investigation, however, was unable to determine what, if any, information was viewed by the unauthorized actor(s). Approximately 1% of clients were potentially affected at CUSO Financial. Since determining that personal information was accessible withing the account, CUSO Financial undertook efforts to locate address information for potentially impacted individuals and determine its relationship to these individuals in order to provide this notice.Andrew Lundholm CPA
November 24, 2019 | Unauthorized Access
Abstract
On April 29, 2020, we identified suspicious activity in our tax filing software and immediately initiated an investigation into the activity. On May 19, 2020, we determined an unknown actor accessed our tax filing software at times between November 24, 2019 and April 29, 2020. The unknown actor also accessed folders containing sensitive information that we use to prepare tax returns. Your information was contained within these folders.ACCO Engineered Systems, Inc.
November 20, 2019 | Device Lost
Abstract
On November 20, 2019, ACCO discovered that an employee’s company laptop and mobile phone had been stolen. Upon learning of the event, ACCO immediately remotely deleted all information from the mobile phone and launched an investigation into the nature and scope of the event. ACCO undertook a lengthy and labor-intensive process in an attempt to identify the information contained on the devices. While the investigation was unable to confirm the specific data contained on the devices or whether any of the data was accessed, ACCO is notifying you in an abundance of cautionAdelanto Elementary School District
November 04, 2019 | Vulnerability
Abstract
On April 27nd, 2020, Aeries Software notified over 150 school districts, including AESD, that their system was breached. The District uses the Aeries Student Information System to provide students and their parents with online access to information regarding school events and schedules. In late November 2019, Aeries learned that an unauthorized individual exploited a vulnerability in the Aeries software that would allow access to student and parent information. Upon discovery, Aeries and law enforcement launched an investigation and believe they have the person responsible in custody.Apple Valley Unified School District
November 04, 2019 | Vulnerability
Abstract
Apply Valley USD uses the Aeries Student information System to provide students and their parents with online access to information regarding school events and schedules. in late November 2019, Aeries learned that an unauthorized individual exploited a vulnerability in the Aeries software that would allow access to student and parent information. Upon discovery, Aeries began an investigation and law enforcement launched an investigation to identify the person responsible, who Aeries believes is now in police custody. On May 4, 2020, Aeries notified the District that this individual may have accessed data pertaining to over 160 school districts, including Apple Valley Unified School District.ABC Unified School District
November 04, 2019 | Third Party
Abstract
On May 12, 2020, the ABC Unified School District was informed by Aeries Software, Inc., the vendor for our student information database, that they had suffered a data breach impacting those who use the ABC USD portalAltice USA, Inc.
November 04, 2019 | Phishing
Abstract
In November 2019, an unauthorized third party gained access to certain Altice USA employees’ email account credentials through a phishing incident. The unauthorized third party then used the stolen credentials to remotely access and, in some instances, download the employees’ mailbox contents. Upon identifying this incident through our internal controls, we secured the email accounts, engaged an expert computer forensics firm to assist with our investigation, and notified law enforcementAFTRA Retirement Fund
October 24, 2019 | Network Compromise
Abstract
On October 28, 2019, AFTRA received an alert of suspicious activity in its environment. AFTRA immediately launched an investigation into the nature and scope of the incident. As part of the investigation, which was conducted with the assistance of a third-party forensic expert, it was determined that certain files and folders on AFTRA’s network may have been subject to unauthorized access for periods of time between October 24, 2019 and October 28, 2019. At this time, AFTRA does not have evidence that files containing your information were accessed; however, access to these files could not be ruled out. AFTRA then undertook a time-consuming review of all the files and folders that may have been accessed to determine what sensitive information they may contain.Audio Visual Services Group, LLC d/b/a PSAV
October 22, 2019 | Email Compromise
Abstract
On or about January 15, 2020, PSAV learned that an unauthorized party had gained remote access to certain employees’ business email mailboxes. The unauthorized activity was part of an apparent attempt to use email accounts to re-route wire transfer payments from vendors to bank accounts under the control of the unauthorized party.AmeriSave Mortgage Corporation
October 03, 2019 | Unauthorized Access
Abstract
On December 12, 2019, one of AmeriSave’s business partners notified AmeriSave that, between October 2019 and November 2019, unauthorized third-parties may have used AmeriSave’s account credentials to access a business partner platform that maintained the personal information of AmeriSave’s customers. As a result, your personal information may have been inappropriately viewed or accessed by these third parties.American Medical Technologies
October 01, 2019 | Email Compromise
Abstract
On or about December 17, 2019 we discovered suspicious activity within an employee’s email account. We immediately engaged a third-party forensic firm to perform an investigation into our email tenant. After an extensive and comprehensive investigation and data mining process, on May 14, 2020, we learned that your personal information may have been available to the attacker during the incident. We are sending you this letter to notify you about the incident and provide information about steps you can take to protect your information.Active Network, LLC
October 01, 2019 | Unauthorized Access
Abstract
We recently identified suspicious activity on the Blue Bear platform. Our investigation determined the activity related to Blue Bear webstore users between October 1, 2019 and November 13, 2019. During this time, some personal information that you provided may have been accessed or acquired by unauthorized third parties.Atria Senior Living
September 18, 2019 | Phishing
Abstract
Our ongoing investigation into an email phishing incident recently determined that an unauthorized person had gained access to some of our employees’ email accounts. Upon first learning of the incident, we immediately took steps to secure the accounts and began an investigation with the assistance of a cybersecurity firm. The investigation determined an unauthorized party had accessed the accounts at various times between September 18, 2019 and September 20, 2019. The investigation was unable to determine which specific emails or attachments, if any, were viewed by the unauthorized individual.Auto Approve, LLC
August 28, 2019 | Vulnerability
Abstract
On September 15, 2019, a security researcher alerted Auto Approve to a system vulnerability exposed following a standard maintenance release. As a result, certain personal information that you previously shared with Auto Approve, in relation to an auto loan, was accessible to external parties for approximately three weeks. Auto Approve has not identified evidence of access to this data, apart from the security researcher and his affiliate, and is therefore advising you of this incident in an abundance of caution.Aveanna Healthcare
July 09, 2019 | Email Compromise
Abstract
? Beginning on August 24, 2019, Aveanna became aware of suspicious activity relating to a number of its employee email accounts. Aveanna took steps to secure the email accounts and began working with outside computer forensics specialists to determine the nature and scope of the activity. The investigation determined that an unknown actor accessed certain employee email accounts between July 9, 2019 and August 24, 2019. Unfortunately, the investigation did not reveal if any email or attachment was actually accessed or viewed.Athens Insurance Services, Inc.
July 01, 2019 | Email Compromise
Abstract
On or around September 17, 2019, Athens Insurance Services, Inc. (“Athens”) became aware of a potential compromise to one (1) of its employee’s email account. Athens immediately took actionable steps to secure the affected account, including changing the account password. Further, Athens engaged an expert forensic company to investigate the incident. It was ultimately determined that one (1) email account experienced unauthorized access between July 1, 2019 and September 17, 2019. On January 22, 2020, after thorough investigation, Athens determined that the unauthorized access may have allowed access to your personal information. Athens has worked diligently to obtain sufficient contact information to provide notificationAliMed, Inc.
June 1, 2019 | Unauthorized Access
Abstract
We recently discovered that a malicious party had gained access to one of our servers and may have acquired payment card data used in connection with certain transactions made with AliMed. We engaged external forensic investigators and data privacy professionals and commenced a prompt and through investigation into the incident. As a result of this investigation, we determined that the payment card information potentially accessed and/or acquired related to certain transactions made with AliMed between June 1, 2019 and June 17, 2020.Andy Frain Services
May 22, 2019 | Laptop Stolen
Abstract
On May 22, 2019, an Andy Frain Services employee’s laptop was stolen from her vehicle.Avalara, Inc.
May 22, 2019 | Vulnerability
Abstract
On May 22, 2019, an employee of one of our customers (who happens to be a former employee of Compli, Inc.) notified us that an eCompli code update contained a vulnerability that allowed the employee to gain unauthorized access to certain personal information about certain individuals at some of our customers, including your organization. This third party informed us of the vulnerability and we subsequently removed the vulnerability on May 22, 2019.Ameritas Life Insurance Corp.
May 01, 2019 | Phishing
Abstract
On May 9, 2019, Ameritas discovered a few associates fell victim to a phishing campaign that was designed to trick the recipient into providing their email credentials. Upon investigation, Ameritas determined that several associates were impacted at different times between May 1 - June 4 and concluded that, as a result of the phishing campaign, a number of their email inboxes were compromised. Ameritas quickly addressed the exposure by disabling the unauthorized access and deployed a mandatory enterprise-wide password reset.Acrisure LLC, d/b/a Filice Insurance Agency
April 03, 2019 | Cloud Storage Compromise
Abstract
On April 3, 2019, Filice Insurance Agency learned from its third-party cloud service provider that a data security incident may have affected client information. The incident involved unauthorized access to the cloud storage service. Upon learning of this incident, we immediately disabled the unauthorized access and launched an investigation. We also engaged a leading digital forensics team to provide assistance. On May 21, 2019, the digital forensics investigation determined that your personal information was affected.Arthur J. Gallagher & Co.
March 15, 2019 | Device Lost
Abstract
Without Gallagehr's awareness or permission, an individual at an outside law firm assisting with legal proceedings transferred data provided on an encrypted drive to an unencrypted hard drive and subsequently misplaced the drive while traveling. The law firm notified Gallagher about the incident on or around March 15, 2019. Upon learning of the incident, Gallagher immediately launched an investigation, including working with several third-party investigators and experts, to try to locate the missing hard drive and also to confirm the nature and scope of the data involved. During that time, Gallagher was informed that the outside law firm had not yer refined the data for the legal matter, and the individual lawyer transferred all the data provided to it from Gallagher onto the unencrypted hard drive. In the middle of Octover 2019, Gallegher determined that your personal information was also contained on the hard drive.Altura Credit Union
March 05, 2019 | Skimming
Abstract
On March 8, 2019, an ATM skimming device with an associated video camera was discovered on one of our ATMs. This discovery immediately prompted the examination of all of our ATMs at all of our branches. Our review yielded evidence that these skimming devices had been installed and removed from other locations. These ATM skimming devices were unlawfully installed on our machines at various points between March 5 to March 8, 2019.American Indian Health & Services, Inc.
February 26, 2019 | Insider Threat
Abstract
On March 7, 2019, AIHS discovered a former AIHS employee forwarded certain AIHS emails to her personal email account. While the individual was employed by AIHS at the time the emails were forwarded, because they were forwarded in a manner that conflicts with AIHS policies and procedures, AIHS immediately launched an investigation with the assistance of a third-party computer forensics expert. The investigation included reviewing the email account of this former employee to determine the information contained in the forwarded emails and to whom the information related. The investigation determined the former employee forwarded certain emails between February 26, 2019 and March 6, 2019, some of which contained information relating to certain AIHS employees, patients, and vendors. Although we are unaware of any actual or attempted misuse of your personal information, we are providing you this notification out of an abundance of caution because your information was present in the forwarded emails.Abbott Laboratories
January 19, 2019 | Device Lost
Abstract
On January 9, 2019, as part of a regular audit process, Abbott provided its third-party auditor with a portable drive containing information about certain employee stock options and stock grants. On January 19, 2019, the auditor informed us that the drive was misplaced. We immediately began an investigation into the actions of the auditor and circumstances leading to the loss of the drive. Although we have no information suggesting that the drive was improperly accessed, it has not been recovered, and we are notifying individuals who had some of their personal information on the drive out of an abundance of caution.December 01, 2014 | Network Compromise
Abstract
Anthem discovered on January 29, 2015 that it was the target of a cyber-attack that resulted in unauthorized access to its computer systems over the course of several weeks beginning in December 2014. The Abbott Laboratories Health Care Plan (the “Abbott Plan”) is administered by BCBSIL and not by Anthem. However, Anthem plays a role in processing Abbott Plan claims for Abbott Plan participants who receive health care services in states where Anthem operates (California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Ohio, Virginia and Wisconsin). Consequently, personal information about some Abbott employees and other Abbott Plan participants who received care in those Anthem locations was exposed as a result of the incident. We are sending this notice to you because we have been advised by BCBSIL that it will be contacting you shortly by letter.AltaMed Health Services Corporation
January 09, 2019 | Malware
Abstract
On February 19, 2019, we discovered our information system had been infected with a virus that prohibited our access to our files. We immediately worked to restore our information system and launched an investigation, with the assistance of third-party forensics, to determine the nature and scope of the incident. As part of our ongoing investigation, we determined this virus was introduced by an unknown third-party that had access to certain servers on our information system which contain personal and protected health information relating to current and former Centrelake patients. After a review of available forensic evidence, we determined that suspicious activity began on our network on January 9, 2019, lasting until the virus infection on February 19, 2019.May 21, 2018 | Network Compromise
Abstract
On December 31, 2018, SHDS informed AltaMed that it had experienced a data security incident involving the SHDS network which, according to SHDS, affected information belonging to certain AltaMed patients. In its letter to AltaMed, SHDS stated that it first detected abnormal activity within its network on June 22, 2018. Upon detecting this activity, SHDS launched an investigation and engaged a forensics firm to support its inquiry. SHDS ultimately determined that an unauthorized third-party gained access to SHDS’s network as early as May 21, 2018 and acquired files containing patient information. SHDS also notified the Federal Bureau of Investigation (“FBI”) about this incident and will cooperate fully with the FBI’s investigation.Abstract
On June 30, 2014, the Arcadia Police Department informed us that it was investigating a former AltaMed employee on suspicion of identity theft. During their investigation, law enforcement stated it had recovered a hard drive and other evidence containing the personal information of individuals. They believed the information recovered had been used by individual(s) to commit or attempt to commit identity theft or fraud. However, citing its ongoing investigation, law enforcement would not disclose whether those records were AltaMed records, the identities of the individuals to whom the information related, or the reason for its belief that the information had been misused.American Cancer Society, Inc.
January 08, 2019 | Unknown
Abstract
TBDBArmorGames, Inc
January 01, 2019 | Third Party
Abstract
On January 29th, 2019, Tuik Security Group privately contacted us to let us know about a potential breach of our users' data. We immediately began an investigation which included an ongoing audit of our hosting provider, web servers, and database systems. We can now confirm this breach is real and occurred around January 1st, 2019. This appears to be part of a larger breach affecting 16 companies (see this news article for more information). We are one of the smaller companies affected, apparently holding less than 2% of the total accounts affected between the 16 companies. At this time, we have no evidence that any Armor Games’ users’ data was actually misused and we are taking steps to prevent potential misuse.Abel HR
November 11, 2018 | Email Compromise
Abstract
On November 26, 2018, Abel HR became aware of suspicious activity relating to one of our employee's email accounts when email messages began to be automatically forwarded from the email account to an unauthorized outside email account. we quickly changed the password for the account to ensure that any unauthorized access to the account was ended. We immediately launched an investigation with assistance from an outside computer forensics specialist, and on December 20, 2018, the investigation confirmed an unauthorized actor logged into the email account between November 11-26, 2018. while our investigation could not confirm that your information was actually acquired by the actor, we are notifying you in an abundance of caution because your information was present in the email account when this incident occurred.Ally Bank
November 11, 2018 | Third Party
Abstract
We recently discovered (November 2018) that our third-party supplier inadvertently transmitted files, which contained your personal information, to another financial institution.AeroGrow International
October 29, 2018 | Malware
Abstract
On March 4, 2019, AeroGrow learned that an unauthorized person may have acquired, through the use of malicious code, the payment card information that users entered into the eCommerce vendor’s payment page. Upon learning of the incident, we immediately removed the malicious code and secured the website. We are writing to you because our investigation indicates that the payment card information you submitted to the eCommerce vendor’s payment page may have been compromised. This malicious code may have been present on our website between October 29, 2018, and March 4, 2019.May 13, 2015 | Malware
Abstract
After we eradicated the initial infiltration into our system (as we previously informed you), our systems were attacked again by, we believe, the same hacker. This hacker is a sophisticated and persistent criminal with detailed knowledge of how to exploit online shopping cart systems. We discovered on June 10, 2015, that the hacker managed to circumvent the safeguards we had implemented after the initial attack. We worked into the night in response to this discovery, and on the same day, successfully eradicated the malicious software that caused the second attack.October 15, 2014 | Malware
Abstract
Here at AeroGrow International, Inc., we take the security of our customers’ information seriously. Unfortunately, like many companies in today’s global digital economy, we recently received information suggesting that we may have experienced a data compromise. We immediately hired cybersecurity specialists to investigate the incident. As a result of this investigation, we learned on May 5, 2015, that a hacker likely used malicious software (malware) to infiltrate our online servers, which are hosted by a leading service provider. Within days of being notified of the hacking event, the cause of the compromise had been eradicated.ACE Cash Express, Inc.
October 27, 2018 | Unauthorized Access
Abstract
On November 16, 2018, ACE discovered that an unauthorized person attempted to access ACE customer accounts through our ACE Cash Express Mobile Loans application ("ACE Loan App") with usernames and passwords obtained from a third-party source. There is no indication that the usernames and passwords were obtained as a result of an incident at ACE. Upon discovering this, we immediately launched an investigation and engaged a leading cyber security firm to assist us. The investigation determined that between October 27, 2018 and November 16, 2018, an unauthorized person may have accessed your ACE Loan app account and the information contained your account.Avid Technology, Inc.
October 08, 2018 | Email Compromise
Abstract
? In October of last year, Avid determined there had been unauthorized access to certain Avid employee email accounts. Avid first identified suspicious activity within an email account on September 24, 2018, and promptly launched an investigation into the nature and scope of the incident, the information that may have been improperly accessed, and the identities of the impacted individuals. Avid also took steps to secure the email accounts. The investigation determined a rule to forward all incoming messages to an unauthorized email account was established on an employee’s account from October 8, 2018 to October 12, 2018. Avid then began an extensive programmatic and manual review of the impacted account to determine if any sensitive data was contained in the account. Avid began notifying individuals on or around June 5, 2019, while this data review was underway. On August 16, 2019, we completed the process of identifying individuals who may have had personal information accessible in the account. We recently concluded a thorough, manual review of our records to identify contact information for the remaining individuals with information accessible within the account.Amateur Athletic Union
October 01, 2018 | Malware
Abstract
On August 2, 2019, AAU, with the assistance of third-party forensic investigators, identified signs of malicious code on our site, play.aausports.org and determined that the code could capture information entered onto the site’s checkout page from October 1, 2018 to July 2, 2019.American Medical Response, Inc.
September 24, 2018 | Phishing
Abstract
We learned that an outside entity sent phishing emails to certain of our employees soliciting their login information to our email system. The entity appears to have been able to use these credentials to gain unauthorized access to a small number of employee email accounts, which contained certain personal information about a limited number of our employees or affiliated students as well as patients. The access was limited to information that was contained in emails of the impacted employees and did not extend to patient or employee database(s).Atrium Health (formerly Carolinas HealthCare System)
September 22, 2018 | Third Party
Abstract
On October 1, 2018, AccuDoc informed Atrium Health that AccuDoc had been the victim of a cyber incident and that certain databases containing billing information belonging to Atrium Health and its Managed Locations may have been involved. Following an extensive review of AccuDoc’s systems by multiple forensic experts, it appears that an unauthorized third party gained access to AccuDoc’s databases between September 22, 2018 and September 29, 2018.Allen Chern LLP
July 27, 2018 | Third Party
Abstract
We were recently informed by a third-party vendor that its own investigation concluded that a database hosted by the vendor and containing UpRight Law’s clients’ personal information was potentially acquired by an unauthorized individual between July 27 and July 30, 2018.Applied Data Finance, LLC d/b/a Personify Financial
July 21, 2018 | Email Compromise
Abstract
On or about November 9, 2018, we were alerted to suspicious activity regarding an employee’s business e-mail account. We immediately began investigating this activity and subsequently determined that an unauthorized third party had illegally gained access to the employee’s business e-mail account on July 21, 2018. The hacker also gained access to a second employee’s email account. The hacker was able to view the contents of both e-mail accounts and send “spear-phishing” e-mails to others. A “spear-phishing” e-mail is a message that appears to be from someone the recipient knows and trusts, but it is actually sent by a different person trying to illegally obtain access to the recipient’s computer system, e-mail accounts, or personal information. We have seen no evidence of this hack extending outside of our email servers into the rest of our IT system.Animoto Inc.
July 10, 2018 | Unauthorized Access
Abstract
On July 10, 2018, we reveived an alert of unusual activity on our system. We immediately stopped all suspicious activity and launched an investigation with the support of outside forensics experts. On August 6, 2018, we confirmed that the activity was unauthorized, and that user data may have been obtained. While we cannot confirm that data was removed from our systems or that your information was affected, we wanted to let you know about this incident out of an abundance of caution.American Express Travel Related Services Company, Inc.
July 05, 2018 | Third Party
Abstract
Expedia informed American Express of a potential intrusion on its Orbitz travel booking platform, which serves as the underlying booking engine for Amextravel.com and travel booked through Amex Travel Representatives. On July 23, Expedia provided us with a list of potentially impacted Amex travel customers. Expedia has told us that transactions made from July 5 through July 9 may be at risk. Expedia has also told us it has taken remediation steps to prevent further access to the Orbitz platform.October 01, 2017 | Third Party
Abstract
On March 16, 2018, Orbitz alerted us that it was the victim of a cyber attack. The attack involved Orbitz customers and customers of their business partners, and occurred on a platform that serves as the underlying booking engine for Amextravel.com and travel booked through Amex Travel Representatives. Certain transactions made on the Orbitz platform from January 1, 2016 through December 22, 2017 may have been impacted. Orbitz has assured us that its platform has been remediated. To be clear, this was an attack on the Orbitz platform. It was not an attack on, and did not compromise, the platforms American Express uses to manage your American Express® Card accounts.Aetrex Worldwide, Inc.
June 22, 2018 | Malware
Abstract
Aetrex recently was contacted by representatives of the credit card industry regarding potential fraud related to a small number of credit/debit cards that were used on our website. We immediately launched an internal investigation and hired third-party forensic investigators. We determined that an unauthorized third-party was able to insert a malicious code into our website to obtain customer payment card information entered into our website between June 22, 2018, and November 20, 2018, and during a few hours on December 4, 2018, possibly impacting our customers whose payment card information was used during these time periods. On or around December 17, 2018, we confirmed the identities of the individuals whose payment card information may have been impacted.Aimbridge Hospitality Holdings, LLC
June 07, 2018 | Email Compromise
Abstract
On September 14, 2018, we became aware of unusual activity in an employee’s email account. We immediately launched an internal investigation into the unusual activity. With the assistance of computer forensics experts, we learned [Company] was the victim of an email phishing incident which resulted in unauthorized access to a number of employees’ email accounts between June 7, 2018 and September 24, 2018. After determining there was unauthorized access, we undertook a lengthy and labor-intensive process to identify the personal information contained within the affected email accounts. On November 28, 2018, our investigation confirmed the identity of the individuals whose personal information was affected. Based on available forensic evidence, an email containing your personal information was potentially subject to unauthorized access. Although we are unaware of any actual or attempted misuse of your personal information, we are notifying you in an abundance of caution because your information was present in the impacted email accounts.January 08, 2018 | Email Compromise
Abstract
On March 21, 2018, we identified unusual activity in an employee email account. We immediately changed the employee’s credentials and launched an investigation, with the assistance of third-party forensic investigation firm, to determine what happened. As part of the investigation, we determined that certain employee email accountswere subject to unauthorized access and certain emailswere accessible to an unauthorized individual(s).Authentic Recovery Center, LLC
June 07, 2018 | Email Compromise
Abstract
On June 21, 2018, we learned that an unauthorized third party gained access to one of our secure email accounts. We immediately began an investigation and notified local and federal authorities. The investigation determined that the unauthorized access occurred between June 7, 2018 and June 21, 2018. Upon discovery of the incident, we immediately terminated any unauthorized access to the email account.Advocate Sherman Hospital (“Sherman”)
May 08, 2018 | Third Party
Abstract
Jobscience – a service provider that helped us process job application information – informed us it was the victim of a data breach. According to Jobscience, in or around May 2018, an unauthorized third party was able to gain access to and acquire data contained on Jobscience’s server that was used to process employee application information. After provision of additional information by Jobscience in December 2018 and further investigation, we were able to identify in February 2019 that your data was involved. Jobscience stated that law enforcement is aware of the incident, but this notification was not delayed as a result of a law enforcement investigation.Amarin Pharma, Inc.
May 02, 2018 | Third Party
Abstract
On or around June 20, 2019, we became aware of media reports suggesting that a database containing information about consumers who use or have expressed interest in Vascepa® may have been subject to unauthorized access. Amarin promptly began investigating these reports and determined that the database in question was maintained by the vendor. Amarin promptly took steps to suspend active data feeds to the vendor’s database, and the vendor informed us that the database was taken offline on June 20, 2019.Art.sy, Inc. d/b/a Artsy
April 30, 2018 | Breach
Abstract
On February 11, 2019, we became aware that account information for some of our users was made available on the internet. We are still investigating the precise causes of the incident, and together with our engineering team, we are working with a leading cyber forensics firm to assist us.Another Planet Entertainment
April 09, 2018 | Email Compromise
Abstract
On April 9, 2018, APE became aware of unusual activity within its email system. In response, APE took immediate steps to secure the email system, launched an internal investigation and notified law enforcement. APE also retained a leading forensics firm to perform an independent investigation to determine what happened, and whether any personal information may have been accessed without authorization. After an exhaustive investigation, on July 17, 2018, APE learned that certain personal information was involved in the incident. APE thereafter worked diligently to locate addresses for the affected population in order to provide notification to the individuals whose information was potentially affected. APE has determined that the incident may have affected the personal information of 2,357 California residents.AAA Business Supplies
April 08, 2018 | Email Compromise
Abstract
Our accounting email addresses were compromised, which we discovered on Thursday, June 7, 2018. The parties involved appear to be pursuing fraudulent attempts to get AAA, our customers and our vendors to misdirect payments.AccessLex Institute d/b/a Access Group
March 23, 2018 | User Error
Abstract
On March 28, 2018 we learned that on March 23, 2018 a vendor we use to help provide student loan processing services inadvertently sent a copy of certain loan files, including your file, to another business that was not authorized to receive them. Shortly after we learned of the inadvertent file transfer, we contacted managers of the second business that received the files. The second business confirmed it had deleted the transferred files and agreed that the appropriate manager would sign a sworn statement confirming it had deleted the files and retained no copies.Autism Learning Partners Holdings, LLC
March 15, 2018 | User Error
Abstract
On March 15, 2018, A is for Apple sent an email to a former employee in response to her request for a copy of her 2017 IRS Form W-2. Instead of sending only the former employee’s W-2, the response inadvertently included an attachment with the W-2 forms for all current and former employees, including yours. The former employee quickly reported this error to us and stated that she immediately deleted the file from her account.Amgen, Inc.
February 21, 2018 | Phishing
Abstract
On April 23, 2018, we received a letter from WTW informing us that they had suffered a phishing incident that led to a breach of security and the potential unauthorized disclosure of personal information on February 21, 2018. The information that WTW maintained on behalf of Amgen related to claims brought against Amgen in civil litigation as well as worker’s compensation and workplace injury claims. Your information was among this type of personal information that was maintained by WTW and could have been disclosed in this incident.Applied Plan Administrators (“APA”), a division of The Retirement Advantage, Inc. (“TRA”)
February 10, 2018 | Phishing
Abstract
Applied Plan Administrators ("APA"), a division of TRA, recently fell victim to a phishing attack which resulted in unauthorized access to one APA email account. On February 12, 2018, TRA became aware of potentially suspicious activity in that APA email account and promptly took responsive action to resolve the threat at that time. Promptly thereafter, TRA engaged our firm as legal counsel and a third party forensics firm to investigate the incident. On February 23, 2018, the forensics firm determined that there was unauthorized access to the single APA account from February 10, 2018 through February 12, 2018. The forensics firm did not find any evidence that other APA email accounts or APA systems were affected. Furthermore, the forensics firm uncovered no evidence that personally identifiable information was accessed or acquired as a result of this incident.American Stock Transfer & Trust Company, LLC
February 01, 2018 | User Error
Abstract
AST serves as the exchange agent for a transaction involving Colony NorthStar Credit Real Estate, Inc. (the “Company”). On February 1, 2018, an AST employee sent a file containing information about shareholders of the Company (the “Shareholder Information”) to 34 financial advisors who represent those shareholders. Each financial advisor received the Shareholder Information in a format that displayed only the information relating to those shareholders who were represented by such financial advisor. On the same day, it was discovered that the financial advisors could manipulate the file to access information relating to shareholders who are not their clients.Ascensus, LLC
January 31, 2018 | User Error
Abstract
On January 31, 2018, Ascensus inadvertently sent a payroll report to another Ascensus retirement plan client. Upon discovering this, Ascensus immediately informed the recipient that she had received confidential data in error. The client’s plan administrator confirmed to Ascensus that she deleted the report immediately upon identifying that it did not relate to participants in her plan, and that no other individuals at her company viewed or had access to the reportABM Industries Incorporated
January 08, 2018 | Unknown
Abstract
TBDBJuly 07, 2017 | Phishing
Abstract
On or about August 1, 2017, we discovered that ABM had become the target of a phishing email campaign. For background, phishing is a type of electronic attack where outside individuals impersonate a trusted person or company to obtain information or install dangerous software. Several ABM employees had clicked on the phishing emails and entered their credentials. As is our protocol, we immediately took steps to secure these employees’ email accounts and launched an in-depth investigation to determine whether any sensitive information was accessed or acquired.American Golf Corporation
December 12, 2017 | Malware
Abstract
We were recently informed by the company that hosts and operates our website of a potential security incident involving our website. Based upon the vendor’s investigation, it appears that an unauthorized individual was able to gain access to portions of our website and install malicious software on the website servers designed to capture payment card information as it was being entered on the siteAcademy of Art Unversity dba Stephens Institute
November 08, 2017 | User Error
Abstract
The Academy of Art University is committed to safeguarding the personal information of our employees. On November 8, 2017, an Academy employee mistakenly sent an internal e-mail with an attachment (subject of email: Reminder! 2017 Difference Card Reimbursement Claims), and one of the spreadsheet tabs included in the attachment contained your personal information. The file containing your personal information was originally on a working document that was stored in a secured drive. The employee needed the information contained on the working spreadsheet document to prepare the email distribution list. The employee failed to remove the spreadsheet attachment before the email was sentAflac
September 08, 2017 | Third Party
Abstract
American Family Life Assurance Company of Columbus and Continental American Insurance Company (collectively “Aflac”) are committed to protecting the security and confidentiality of personal and health information that we receive and maintain. Following an extensive internal investigation, we are writing to inform you of an incident involving a business email system hosted by a third party. Aflac is notifying individuals regarding possible unauthorized access to Microsoft Office 365 hosted email accounts belonging to limited number of sales agents.ABB, Inc.
August 25, 2017 | Email Compromise
Abstract
ABB, Inc. (“ABB”), received notice on August 25, 2017, that an employee’s email account had suspicious login activity as the result of a hacker sending a phishing scheme email to ABB employees on or around August 25, 2017. ABB conducted a full assessment to determine the scope of the data loss and identify any potentially affected individuals.Avanti Markets Inc.
July 04, 2017 | Malware
Abstract
On July 4, 2017, we discovered a sophisticated malware attack which affected kiosks at some Avanti Markets. Based on our investigation thus far, and although we have not yet confirmed the root cause of the intrusion, it appears the attackers utilized the malware to gain unauthorized access to customer personal information from some kiosks. Because not all of our kiosks are configured or used the same way, personal information on some kiosks may have been adversely affected, while other kiosks may not have been affected.July 02, 2017 | Third Party
Abstract
As most of you are aware by now. Avanti Markets suffered a data breach through a third party software provider over the July 4th holiday that impacted some Avanti Market Kiosks.Our team acted swiftly to contain the intrusion. We believe we were successful in doing so within hours after learning of this threat. However, the malware may have resulted in the capture of some kiosk users' personal information, including names and credit card information. I want to stress that contrary to early concerns, no biometric information was captured by the malware. The fingerprint scans used with the U. are U4500 fingerprint scanner supplied by Avanti Markets are all encrypted and were not vulnerable to this intrusion.
Andrea Yaley, DDS
May 19, 2017 | Ransomware
Abstract
On June 2, 2017 our office received a ransomware notice from someone who had hacked our computer systems. We believe the hacking occurred on or about May 19, 2017. Upon receiving the notice, we immediately contacted the local and federal authorities, shut down all our computer systems, and implemented additional security measures to preclude further attacks. We were able to restore our health records from our backup systemsAdvanced Graphic Products, Inc. /dba/ “Advanced-Online”
April 29, 2017 | Unauthorized Access
Abstract
Advanced-Online learned on January 3, 2018 that certain personal information housed on the company’s online platform may have been subject to unauthorized access. The date range for the incident appears to be April 29, 2017 until January 12, 2018. Upon becoming aware of the potential unauthorized access, Advanced-Online promptly engaged a nationally recognized cybersecurity and forensics firm to assess and address the situation.ALLIANCE FOR COLLEGE-READY PUBLIC SCHOOLS
April 04, 2017 | Vulnerability
Abstract
Schoolzilla informed us that a computer security researcher performed a security analysis and detected a vulnerability in the Schoolzilla system on or about April 4, 2017. As soon as Schoolzilla received the notice on or about April 5, 2017, they immediately fixed the error and verified that nobody other than the one security researcher accessed the exposed files. Schoolzilla also assured us that the security researcher, who discovered and alerted them to this vulnerability, permanently and securely deleted the data.Alamo Capital
March 14, 2017 | Breach
Abstract
On March 14, 2017, a data security incident occurred which may have affected your personal information. When we discovered the incident on the same day, we immediately launched an investigation, and reported it to the FBI, the SEC and the Financial Industry Regulatory Authority (FINRA). Our information technology personnel also took measures to secure all client information.American Tire Distributors Holdings Inc.
March 03, 2017 | Breach
Abstract
We believe that on March 3, 2017 a file containing your 2016 W-2 information was apparently fraudulently obtained by a third party. We learned of this on March 6, 2017 and an investigation immediately commenced. We believe the incident has been contained and did not involve an intrusion into the company's networks.Auto Pride Car Wash
February 11, 2017 | Third Party
Abstract
Redwood City CA – Auto Pride Car Wash was informed on March 27, 2017 that our point-of-sale system experienced an intrusion last month. Our point-of-sale system is operated by a third-party platform provider and this provider experienced the intrusion.To date, the investigation indicates that the intruder placed malware on the point-ofsale system, and by doing so gained access to our customers’ payment card data, including the cardholder’s first and last name, payment card number, and security code.
Acme Car Wash and Clearwater Express
February 06, 2017 | Malware
Abstract
Salinas, CA - Acme Car Wash and Clearwater Express Car Wash were informed on March 27, 2017 that our point-of-sale system experienced an intrusion last month. Our point-of-sale system is operated by a third-party platform provider and this provider experienced the intrusion.To date, the investigation indicates that the intruder placed malware on the pointof-sale system, and by doing so gained access to our customers' payment card data, including the cardholder's first and last name, payment card number, and security code.
ASI Computer Systems
December 01, 2016 | Website Compromise
Abstract
On or about November 1, 2018, ASI became aware that certain usernames and passwords in relation to one of its websites had become subject to unauthorized access. ASI immediately launched an investigation to understand the nature and scope of the event and whether any sensitive data was at risk. Upon investigation, their IT department learned that certain usernames and passwords related to a customer support website, which provided end-user documentation and software support, had been subject to unauthorized access prior to December 2016. ASI confirmed which credentials had been exposed by the following day, November 2, 2018. ASI determined the affected credentials related to California residents. ASI notified affected individuals because their username and password were subject to unauthorized access.Agri Beef Co.
November 22, 2016 | Unauthorized Access
Abstract
Gorilla Group, a third-party partner that hosts Snake River Farms servers, advised us that a data security incident occurred during the window of November 22, 2016 to April 4, 2017, and Gorilla Group notified Agri Beef of the incident on April 5, 2017. During the window, a third party may have gained access to snakeriverfarms.com with the intent to obtain certain PII.Anchor Loans LP
November 07, 2016 | Database Compromise
Abstract
On or about November 7, 2016, a security researcher accessed one of our databases that was publicly exposed on the Internet. We reacted swiftly by reconfiguring the database and moving to secure the data. Because the security researcher had access to this database, your personal information may have been exposed.Akira
November 01, 2016 | Malware
Abstract
Akira was recently contacted by representatives of the credit card industry regarding potential fraud related to credit cards used on our website. We immediately launched an internal investigation and hired a third party forensic investigator. On July 18, 2017, the forensic investigator confirmed that our website was infected with a form of malicious code that collected certain payment information used at checkout. This code was immediately removed from our website.Anaheim Majestic Garden Hotel
August 10, 2016 | Third Party
Abstract
The Anaheim Majestic Garden Hotel had engaged the Sabre Hospitality Solutions SynXis Central Reservations System (“SHS Reservation System”) to facilitate online booking of hotel reservations. You may be aware that the SHS Reservation System is a leading online reservations systems used throughout the world.Aimbridge Hospitality Holdings LLC
August 10, 2016 | Third Party
Abstract
Sabre Hospitality Solutions (“Sabre”) provides reservation management services to The Anza Calabasas Hotel. The Sabre Hospitality Solutions SynXis Central Reservations system (CRS) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Sabre notified us on or about June 6, 2017 that an unauthorized party gained access to account credentials that permitted unauthorized access to unencrypted payment card information, as well as certain reservation information, for a subset of hotel reservations processed through the CRS. The investigation determined that the unauthorized party first obtained access to payment card and other reservation information on August 10, 2016, and the last access to payment card information was on March 9, 2017Aqua-Aston Hospitality LLC
August 10, 2016 | Third Party
Abstract
The Sabre Hospitality Solutions SynXis Central Reservations system (CRS) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following an examination of forensic evidence, Sabre notified us on or about June 8, 2017 that an unauthorized party gained access to account credentials that permitted unauthorized access to unencrypted payment card information, as well as certain reservation information, for a subset of hotel reservations processed through the CRS, including some reservations made by Aqua-Aston customers.Apria Healthcare
August 05, 2016 | Email Compromise
Abstract
On August 5, 2016, we discovered that the email account of an Apria Healthcare employee was subject to unauthorized access. We immediately launched an internal investigation and retained third-party forensic experts to assist in the investigation of the incident. The forensic investigators later determined that the email account contained the personal information of certain individuals, including you. We then undertook a thorough analysis and review of all documents within the email accounts to determine all affected individuals and data types involved.Anne M. Cummings, M.D., F.A.C.P.
July 26, 2016 | Malware
Abstract
On August 22, 2016, I received confirmed notice from my electronic medical record provider that their electronic system was subject to a malware attack on July 26, 2016. They became aware of the incident on July 27, 2016, and I am informed that they promptly took action to secure their systems.A&A Ready Mixed Concrete, Inc.
May 16, 2016 | Breach
Abstract
We are contacting you regarding a data security incident that occurred on Monday, May 16th, 2016, at the Company. It appears the targeted data involved 2015 W2 information of employees which could potentially become available to unknown individuals. As a result, your personal information may have been exposed to others.Ascensus, Inc.
April 29, 2016 | Misconfiguration
Abstract
On August 23, 2016, we discovered a website configuration error that allowed the plan administrator of another Ascensus retirement plan access to your personal information. Upon discovering this, Ascensus immediately terminated the configuration that allowed this inadvertent access.Areas
April 04, 2016 | Phishing
Abstract
On April 29, 2016, Areas learned it was the target of an email phishing scheme which resulted in unauthorized access to your personal information.Advance International Marketing, Inc.
April 04, 2016 | Vulnerability
Abstract
AIM Inc received a report on April 4, 2016, that an unauthorized person was able to gain access to certain images that had been uploaded to our website. We immediately conducted an investigation, engaged a leading security firm, and alerted law enforcement. The investigation determined that the unauthorized person indentified an issue in the document upload feature of the website that customers used to upload firearms license and documents for age verification.Aspiranet
March 21, 2016 | Phishing
Abstract
On March 21, 2016, Aspiranet was targeted by an e-mail scam called “spoofing.” We discovered this incident within thirty minutes of it taking place. Nonetheless, it resulted in Aspiranet inadvertently making personal information from your W-2 filing available to a third party.Advance Auto Parts, Inc
March 07, 2016 | Phishing
Abstract
On March 7, 2016, a third party obtained unauthorized access to employee information. This access was through a phishing-type attack in which an outside party posing as an Advance employee convinced an employee to provide a file containing information about certain individuals who worked for Advance during 2015. The employee believed the email request for this file was a legitimate internal data request. The information was not obtained through a breach of Advance’s information systems.Academy of Art Unversity
March 04, 2016 | Phishing
Abstract
On March 4, 2016, an employee of the Academy was targeted by an e-mail scam, called "spoofing." The spoofed e-mail appeared to come from a member of the Academy's executive team and asked for employees' W-2 information. Because the recipient/employee wrongly believed the e-mail to contain a valid request from a senior executive, the employee replied by attaching the federal Form W-2 for you and other Academy employees. We later learned the reply e-mail was sent to an unknown individual.Aptos Inc.
February 01, 2016 | Third Party
Abstract
Mrs Prindables along with a wide range of major retailers, utilizes a third party company named Aptos to operate and maintain the technology for website and telephone orders. On February 6, 2017, Aptos informed us that unauthorized person(s) electronically accessed and placed malware on Aptos’ platform holding Information for 40 online retailers, including Mrs Prindables, from approximately February 2016 and ended in December 2016. Aptos has told us that it discovered the breach in November 2016, but was asked by law enforcement investigating the incident to delay notification to allow the investigation to move forwardAmaash Corporation
December 02, 2015 | Malware
Abstract
Wendy’s recently reported additional malicious cyber activity involving some franchisee-operated restaurants. The Company believes this criminal cyberattack resulted from a service provider’s remote access credentials being compromised, allowing access – and the ability to deploy malware – to some franchisees’ POS systems. Soon after detecting the malware, Wendy’s identified a method of disabling it and thereafter has disabled the malware in all franchisee restaurants where it has been discovered. The investigation has confirmed that criminals used malware believed to have been effectively deployed on some Wendy’s franchisee systems starting in late fall 2015.Avis Budget Group
October 02, 2015 | Third Party
Abstract
On October, 2, 2015 the third-party provider, which manages our benefits open enrollment process, inadvertently sent a file containing personal information, which included your name, address and social security number, to another company that is also one of its clients. Immediately upon learning of this incident, Avis Budget Group’s Information Security and Human Resources teams fully and thoroughly investigated this incident, in close cooperation with our third-party provider and the company where the data was erroneously sent. We have no evidence or reason to believe that your personal information was misused or stolen. Our data security investigation confirmed that a file containing your data was briefly viewed by two individuals and promptly and properly deleted.American Express Travel Related Services Company, Inc and /or its Affiliates (“AXP”)
September 23, 2015 | Breach
Abstract
Protecting the security of our Card Members’ information is very important to us and we strive to let you know about security concerns as soon as possible. We have been informed that a data security incident occurred at a merchant where you used your Card. Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure.April 23, 2015 | Third Party
Abstract
Protecting the security of our Card Members’ information is very important to us and we strive to let you know about security concerns as soon as possible. We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system. Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measureMarch 22, 2015 | Third Party
Abstract
Protecting the security of our Card Members’ information is very important to us and we strive to let you know about security concerns as soon as possible. A third party service provider engaged by numerous merchants experienced unauthorized access to its system. As a result, account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure. At this time, we have been informed that your name and address, along with your current or previously issued American Express Card account number, expiration date, and four-digit security code (printed on the front of your Card), may have been compromised. Please be aware that you may receive additional letters from us if more than one of your American Express Card accounts were involved.February 01, 2015 | Third Party
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A company that provides payment processing services to numerous merchants has informed us that there has been unauthorized access to its processing system. As a result, account information of some of our Cardmembers, including some of your account information, may have been improperly accessed.January 20, 2015 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to its data files.December 30, 2014 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to its data files.December 21, 2014 | Third Party
Abstract
Protecting the security of our Card Members’ information is very important to us and we strive to let you know about security concerns as soon as possible. A third party service provider engaged by numerous merchants experienced unauthorized access to its system. As a result, account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure. At this time, we have been informed that your name and address, along with your current or previously issued American Express Card account number, expiration date, and four-digit security code (printed on the front of your Card), may have been compromised. Please be aware that you may receive additional letters from us if more than one of your American Express Card accounts were involved.December 01, 2014 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to its data files.November 20, 2014 | Third Party
Abstract
Protecting the security of our Card Members’ information is very important to us and we strive to let you know about security concerns as soon as possible. We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system. Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure.November 02, 2014 | Third Party
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A company that provides payment processing services to numerous merchants has informed us that there has been unauthorized access to its processing system. As a result, account information of some of our Cardmembers, including some of your account information, may have been improperly accessed.October 18, 2014 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to its data files.August 07, 2014 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to their website files.June 02, 2014 | Unauthorized Access
Abstract
Protecting the security of our Card Members’ information is very important to us and we strive to let you know about security concerns as soon as possible. We have been informed that a data security incident occurred at a merchant where you used your Card. Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measureMay 19, 2014 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to its data files.April 29, 2014 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to its data files.April 14, 2014 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to its data files.April 12, 2014 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to their website files.December 07, 2013 | Unauthorized Access
Abstract
Protecting the security of our Card Members’ information is very important to us and we strive to let you know about security concerns as soon as possible. We have been informed that a data security incident occurred at a merchant where you used your Card. Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measureJuly 06, 2013 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to its data files.June 13, 2013 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to their website files.May 28, 2013 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to their website files.April 09, 2013 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. We were recently made aware that your American Express Card information was recovered during an investigation by law enforcement and/or American Express.March 08, 2013 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to its data files.February 10, 2013 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to its data files.February 01, 2013 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to its data files.January 17, 2013 | Unauthorized Access
Abstract
American Express is strongly committed to the security of all our Cardmembers’ information and wants to inform you that a merchant where you have used your American Express Card for payment detected unauthorized access to its data files.January 15, 2013 | Third Party
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A company that provides payment processing services to numerous merchants has informed us that there has been unauthorized access to its processing system. As a result, account information of some of our Cardmembers, including some of your account information, may have been improperly accessed.December 21, 2012 | Breach
Abstract
We recently learned of a security incident that may have resulted in the disclosure of the credit card information, names, and addresses associated with your account. As a reminder, we do not collect your social security number or date of birth. We take the security of your information very seriously, and sincerely apologize for any inconvenience this may cause you.December 19, 2012 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to their website files.November 01, 2012 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to its data files.October 16, 2012 | Unauthorized Access
Abstract
On January 7, 2013. I learned of a data security incident that may have resulted in the disclosure of the credit card information names, and billing address associated with your online purchase. Shorty after the learning of the incident, we retained a forensic computer investigator, who determined that on or about October 16, 2012, and unauthorized third party gained access to our website and data system.September 01, 2012 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to its data files.August 03, 2012 | Unauthorized Access
Abstract
American Express is strongly committed to the security of all our Cardmembers’ information and wants to inform you that a merchant where you have used your American Express Card for payment detected unauthorized access to their website.June 26, 2012 | Unauthorized Access
Abstract
American Express is strongly committed to the security of all our Cardmembers’ information. We have recently been made aware that your American Express Card information was recovered during the course of an investigation by law enforcement and/or American Express. At this time, we believe the affected data included your American Express Card account number, your name and the expiration date on your card. Importantly, your Social Security number is not impacted, and our systems do not show any indication of unauthorized activity on your Card account related to this incident.June 13, 2012 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to their website files.June 03, 2012 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to their website files.May 21, 2012 | Unauthorized Access
Abstract
American Express is strongly committed to the security of all our Cardmembers’ information and wants to inform you that a merchant where you have used your American Express Card for payment detected unauthorized access to its data files.April 02, 2012 | Unauthorized Access
Abstract
American Express is strongly committed to the security of all our Cardmembers’ information and wants to inform you that a merchant where you have used your American Express Card for payment detected unauthorized access to its data files.April 01, 2012 | Unauthorized Access
Abstract
American Express is strongly committed to the security of all our Cardmembers’ information and wants to inform you that a merchant where you have used your American Express Card for payment detected unauthorized access to their website.March 02, 2012 | Unauthorized Access
Abstract
American Express is strongly committed to the security of all our Cardmembers’ information and wants to inform you that a merchant where you have used your American Express Card for payment detected unauthorized access to its data files.February 02, 2012 | Unauthorized Access
Abstract
American Express is strongly committed to the security of all our Cardmembers’ information and wants to inform you that a merchant where you have used your American Express Card for payment detected unauthorized access to its data files.January 17, 2012 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to their website files.November 06, 2011 | Unauthorized Access
Abstract
American Express is strongly committed to the security of all our Cardmembers’ information and wants to inform you that a merchant where you have used your American Express Card for payment detected unauthorized access to its data files.July 11, 2011 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to their website files.April 06, 2011 | Unauthorized Access
Abstract
We are writing to notify you of a data security incident involving IHS Inc. On February 22, 2013, IHS discovered that some of our databases, including those containing personal information you provided as a customer of IHS Jane’s, were illegally accessed by unauthorized parties. Our investigation indicates that the unauthorized parties acquired the relevant data from the IHS Jane’s environment on or about November 22, 2012.March 13, 2011 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to their website files.February 15, 2011 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to their website files.May 05, 2008 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to its data files.Abstract
American Express is strongly committed to the security of all our Cardmembers’ information. We have recently been made aware that your American Express Card information was recovered during the course of an investigation by law enforcement and/or American Express. At this time, we believe the affected data included your American Express Card account number, your name and the expiration date on your card. Importantly, your Social Security number is not impacted, and our systems do not show any indication of unauthorized activity on your Card account related to this incident.American Bankers Association
September 16, 2015 | Website Compromise
Abstract
ABA has learned that email addresses and passwords used to make purchases or register for events through aba.com’s Shopping Cart have been compromised. Though we are not aware of any fraudulent activity associated with this, we are taking the breach seriously and have launched an immediate investigation. This memo is to let you know what we know, and what you can and should do to protect your information.Acclaim Technical Services
August 26, 2015 | Network Compromise
Abstract
We recently learned that Acclaim Technical Services, Inc., (“ATS”) was the target of a malicious, state-sponsored cyber intrusion which resulted in the theft of certain background investigation and other records containing personal information. You are receiving this letter because we have determined that your personal information may have been included in a background investigation form that was compromised during the incident.Accuform Signs
June 30, 2015 | Website Compromise
Abstract
We are contacting you regarding a data security incident that has occurred at Accuform Signs. Essentially, our systems have been illegally hacked into by outside intruders. Beginning at least as early as June 30, 2015, we believe Accuform Signs order information was improperly accessed from our website and/or the website of [DISTRIBUTOR NAME] (with whom we are working closely in order to provide you this joint notification with important information to better protect you). This order information may have included your name, address, email, phone and credit card information. As a result, this information may have been potentially exposed to others.Acer Service Corporation
May 12, 2015 | Website Compromise
Abstract
We recently identified a security issue involving the information of certain customers who used our ecommerce site between May 12, 2015 and April 28, 2016, which resulted in unauthorized access by a third partyAtkinson, Andelson, Loya, Ruud & Romo
April 23, 2015 | Laptop Stolen
Abstract
On April 23, 2015, a personal laptop belonging to a member of our law firm was stolen while the attorney was a passenger on the MTS Trolley in downtown San Diego. The theft was reported on April 24, 2015 to the San Diego police department. The report was taken by Officer Ruvido, ID No. 5509 and was assigned Case No. 15-017392. We have been working with law enforcement but, to date, they have been unable to locate the stolen laptop computer.ADP, LLC
April 07, 2015 | User Error
Abstract
Unfortunately, on April 7th, and May 18th, 2015 an ADP associate inadvertently transferred through encrypted email a report that included your information to trusted human resources professionals at two other ADP clients. Each human resources professional immediately notified ADP and provided assurance that your information was not used or further disclosed, and was deleted. We truly regret and inconvenience this may cause you.Apple America Group LLC
March 03, 2015 | Device Lost
Abstract
We are contacting you regarding a data security incident that occurred on March 3, 2015, involving your W-2 information. On that date, an outside consultant (that is, someone who is not an employee of Apple American Group, but rather a third party vendor hired to help us improve our payroll systems) lost a portable USB flash drive. We have learned this flash drive contained your name, address, Social Security number, wage and tax information. The lost information did not include any information regarding your bank accounts, credit cards, medical history or date of birth. In addition, no guest information was involved in this incident.Advantage Consolidated LLC
February 23, 2015 | Database Compromise
Abstract
I am writing to inform that your personal information may have been on a database that was accessed by an unauthorized person between February 23, 2015 and February 26, 2015. We do not have any evidence that identity theft has occurred. It is possible that someone may have illegally accessed your personal information. The information may have included your name, address, phone number, date of birth, and social security number. We are offering you free access to experts who are ready and able to assist you.Automotive Recovery Services, Inc.
January 12, 2015 | Unauthorized Access
Abstract
ARS takes the security of this information seriously. Unfortunately, we have discovered that unauthorized person(s) gained access to certain VDPC legacy systems. While the source of this intrusion is still under investigation, it may have exposed your personal information between July 2012 and May 2015, including your name, social security number, street address, email address, phone number, drivers license number, the type of vehicle you donated, and/or the name of the charity to which you donated your vehicle. This incident occurred on our systems and not the systems of the charity to which you donated your vehicle.American Airlines, Inc.
December 30, 2014 | Unauthorized Access
Abstract
We are writing to inform you about an incident involving unauthorized access to your online AAdvantage account. An unauthorized third party recently used email addresses and passwords obtained from sources other than American Airlines to log into certain accounts, including yours. This could have resulted in access to the information that you see when you log in to your account, such as your name, email address, phone number, postal address, date of birth, the last four digits of your credit or debit card and its expiration date, your AAdvantage number and information about the miles, mileage activity, the points that you have accrued, and the last four digits of passport numbers.American Apparel, Inc
December 10, 2014 | Breach
Abstract
As you may have seen in the press, Anthem, Inc. (Anthem), the largest of the Blue Cross and Blue Shield Plans, recently announced it was the target of a sophisticated cyber-attack. In its public announcement, Anthem represents that it immediately began a forensic investigation to determine what personal information may have been impacted and to identify any affected members. Though that investigation is still underway, Anthem states that initial results indicate that certain member data was accessed and that data could include that of American Apparel employees. Anthem has stated that the accessed member data included names, dates of birth, member ID/social security numbers, addresses, phone numbers, email addresses and employment information.Acosta, Inc. and its subsidiaries, including Mosaic Sales Solutions US Operating Co. LLC
November 10, 2014 | Laptop Stolen
Abstract
On November 10, 2014, the personal automobile of an associate in the Company's Human Resources department was burglarized. Stolen from the automobile were various personal items and a company laptop. The associate discovered the theft on November 11, 2014 and promptly reported the theft to local law enforcement and to the company.Armor Games Inc.
October 24, 2014 | Email Compromise
Abstract
On Oct 24, 2014, we discovered that a third party obtained access to our users’ emails and “hashed’ passwords. That means that the passwords were encrypted in such a way that it is nearly impossible for anyone, even us, to read it. However, on Oct 24, 2017, a security researcher informed us of a file containing emails and plaintext passwords which claims the data had come from us (Armor Games) and another company (Coupon Mom). We are investigating whether we are the true source of the breach, since the number of leaked emails/passwords is far less than the number of emails breached on either our system or Coupon Mom’s system in 2013. Our users’ passwords were hashed (this makes it unlikely that they could extract plaintext passwords from our data), and some users are reporting that their passwords were included in this breach though they have never used either site. As we investigate the source of the data in this file, we are taking the precautionary measure of treating this as a data breach of our own users.American Residuals and Talen, Inc. (“ART”)
October 18, 2014 | Website Compromise
Abstract
On October 18, 2014, we detected an unauthorized login onto our web application. We worked immediately to contain the unauthorized access and prevent it from happening again. The unauthorized intruders had access to the database for less than two hours. We launched an investigation and retained outside forensic experts to confirm whether employee information may have been accessed. On November 10, 2014, our experts determined that your information may have been accessed by the intruders. While our investigation is ongoing, it is possible that none of your information was accessed or taken. We are unaware of any actual or attempted misuse of your information, but we are providing notice of this incident to you out of an abundance of caution.ABM Parking Services
September 29, 2014 | Third Party
Abstract
CHICAGO, IL – December 5, 2014 – ABM Parking Services, Inc. (“the company”), today announced that Datapark USA Inc. a vendor that provides and maintains point of service software for several Chicago, Illinois parking facilities managed by the company, has confirmed a data security incident. This incident may involve certain customer credit and debit card information, including payment card numbers.After being notified by Datapark of a potential compromise, the company launched an investigation to: confirm the nature of any unauthorized access to its system; identify any information that may have been exposed; and quickly remediate the compromise. The company engaged independent data forensic experts to assist with the investigation. At this time, the company believes the following Chicago locations were affected during the indicated dates:
Alight Solutions LLC
September 22, 2014 | Misconfiguration
Abstract
On May 20, 2019, in connection with a routine Federal Reserve security review, we became aware of an issue involving your personal information. Starting on September 22, 2014, system-generated emails from the SmartBenefits website were sent to individual participants confirming changes they made to their SmartBenefits online account. Federal Reserve Benefits Center system-generated emails were also sent to some individual participants to follow up on open cases with the Federal Reserve Benefits Center. Those communications inadvertently included your Social Security Number in the properties of the email. This information, which was used as an internal identifier for account tracking and customer service, was not included in the subject line or body of any email, and only included information pertinent to the recipient. You may have received at least one such email, sent via an unencrypted transmission, during the period from September 22, 2014 through June 29, 2019.American Soccer Company, Inc.
September 04, 2014 | Website Compromise
Abstract
On October 21, 2014, SCORE discovered a potential unauthorized data breach that occurred on September 4, 2014, which involved some information from our website customers. Immediately after this discovery, we began an internal investigation and have partnered with an external IT firm to secure the website payments, rapidly gather facts, and provide information to our customers.Auburn University
September 01, 2014 | Misconfiguration
Abstract
On March 2, 2015, Auburn University became aware of the fact that personal information relating to certain current, former, and prospective students was inadvertently accessible on the internet since September 2014. Auburn University corrected this internal issue the day it was discovered and retained independent forensics experts to identify the full extent of data implicated by this situation. While these investigations are ongoing, we have determined that files containing your name, address, date of birth, Social Security number, email address, and academic information were among those potentially exposed as a result of this incident.Ascensus, Inc
July 29, 2014 | User Error
Abstract
Ascensus, the recordkeeper for Hanmi Bank Profit Sharing & 401(k) Savings Plan, is writing to notify you that on July 29, 2014, Ascensus inadvertently sent a report containing your name, birth date, address and Social Security number to a client other than Myung Hee Kim. Although the client’s plan administrator did open the report, she confirmed to Ascensus—in writing—that she deleted it immediately upon identifying that it was not for participants in her plan, and that no other individuals at her company viewed or had access to the report.Albertson’s LLC
June 22, 2014 | Network Compromise
Abstract
BOISE, ID - August 14,2014 -- AB Acquisition LLC, which operates Albertsons stores under Albertson's LLC and ACME Markets, Jewel-Osco, and Shaw's and Star Markets under New Albertson's, Inc., recently learned of an unlawful intrusion to obtain credit and debit card payment information in some of its stores. The appropriate federal law enforcement authorities have been notified, and AB Acquisition is working closely with its third party IT services provider, SUPERVALU, to better understand the nature and scope of the incident. Third-party data forensics experts are supporting an ongoing investigation. AB Acquisition has not determined that any cardholder data was in fact stolen, and currently it has no evidence of any misuse of any such data.Abstract
AB Acquisition LLC, which operates Albertsons stores under Albertson's LLC and ACME Markets, Jewel-Osco, and Shaw's and Star Markets under New Albertson's, Inc., recently was notified by its third party IT services provider SUPERVALU of a separate, more recent, attempted criminal intrusion seeking to obtain payment card information used in some of its stores. The company has been informed that different malware was used int this recently discovered incident than was used in the incident previously announced on August 14, 2014. The investigates into both this incident and the earlier incident are ongoing.Anderson & Murison
June 01, 2014 | Misconfiguration
Abstract
Your agent used our personal umbrella rating system to obtain a quote through Anderson & Murison’s web-based online personal umbrella rating system. To request a premium estimate, your agent provided us with information relating to you. On July 18, 2014, we discovered that some of the umbrella applications completed on our website were accessible for viewing on the internet. This inadvertent disclosure was not the result of an action or inaction by your retail insurance agent.AT&T Mobility, LLC
April 09, 2014 | Insider Threat
Abstract
AT&T's commitments to customer privacy and data security are top priorities, and we take those commitments very seriously. We recently determined that employees of one of our service providers violated our strict privacy and security guidelines by accessing your account without authorization between April 9 and 21, 2014, and, while doing so, would have been able to view your social security number and possibly your date of birth [two letters will say only "date of birth" since SSN was not viewable]. AT&T mobile phones in the secondary mobile phone market so that those devices can then be activated with other telecommunications providers.Atlantic Automotive Corporation d/b/a MileOne
March 05, 2014 | Third Party
Abstract
TradeMotion hosts and operates automobileparts websites for auto dealers nationwide, including MileOne's websites. GetBMWParts.com and SubaruPartsDepot.com. TradeMotion operates all aspects of the online transaction including payment processing. TradeMotion has notified MileOne that they discovered an incident involving the unauthorized acquisition of customer information from March 5, 2014 to May 17, 2014. TradeMotion's investigation indicates that, as a result of the incident, customers' personal information such as name, street address, telephone number, email address and credit card number may have been compromised.AppleCare Insurance Services, Inc.
January 01, 2014 | Laptop Stolen
Abstract
We are writing to let you know about a privacy issue involving some of your personal information. On January 1, 2014, a licensed insurance agent of AppleCare Insurance Services, Inc., doing business as Golden Outlook (AppleCare), had his laptop computer stolen. Some of your personal information was on it. This agent may have worked with you in discussing or helping you enroll in a health planAffinity Gaming
December 07, 2013 | Server Compromise
Abstract
LAS VEGAS, May 16, 2014 - Affinity Gaming ("Affinity") has confirmed an unauthorized intrusion into the system that processes customer credit and debit cards for non-ATM transactions at its casino and casino resort properties, and is issuing this public notice of the data security incident. Affinity is encouraging individuals who visited its facilities and used their credit or debit cards for hotel, food and beverage, or retail transactions between December 7, 2013, and April 28, 2014, to take steps to protect their identities and financial information. ATM and cash advance transactions were not affected. Affinity takes this matter very seriously, and has established a confidential, toll-free inquiry line to assist its customers.Anthem Blue Cross
October 23, 2013 | User Error
Abstract
We are sending you this letter to notify you that your Tax Identification Number (“TIN”), along with your name and business address, were erroneously displayed on a PDF document posted to the Anthem website, www.anthem.com/ca. The PDF documents were posted to Anthem.com for just over 24 hours, from October 23, 2013 until October 24, 2013, and were intended to assist individuals looking for information about physicians in certain provider networks. It appears that you use your Social Security Number (SSN) as your TIN and thus it was included on this posting. Once Anthem identified the error, we took immediate steps to remove the PDFs from the Anthem.com/ca website. The PDFs were corrected and re-posted without the TINs.AHMC Healthcare, Inc and affiliated hospitals
October 12, 2013 | Laptop Stolen
Abstract
ALHAMBRA, Calif. – Oct. 21, 2013 – AHMC Healthcare Inc. said today that protected health information for approximately 729,000 patients has been compromised following the theft of two laptops from a secure office. The laptops contained data from patients treated at the following AHMC hospitals: Garfield Medical Center, Monterey Park Hospital, Greater El Monte Community Hospital, Whittier Hospital Medical Center, San Gabriel Valley Medical Center and Anaheim Regional Medical Center.Adobe Systems Incorporated
September 11, 2013 | Unauthorized Access
Abstract
On behalf of Adobe Systems, I am writing to inform you about an incident that involved information about you. We recently discovered that, between September 11 and September 17, an unauthorized third party illegally accessed certain customer order information. We take the security of personal information seriously and deeply regret that this incident occurred.Advocate Medical Group
July 15, 2013 | Computer Stolen
Abstract
On July 15, 2013, we learned that an Advocate administrative office inPark Ridge, Illnois was burglarized overnight. We discovered that four password-protected computers were missing. We immediately notified the Park Ridge Police Department and began a thorough investigation to determine the information contained on the computers. Our investigation confirmed that the computers contained patient information used by Advocate for administrative purpose and may have included your demographic information.Affinity Gaming LLC
March 14, 2013 | Server Compromise
Abstract
LAS VEGAS, December 20, 2013 — Affinity Gaming ("Affinity") has confirmed an unauthorized intrusion into the system that processes customer credit and debit cards for its casinos, and is issuing this public notice of the data security incident and encouraging individuals who visited its gaming facilities between March 14th and October 16th of 2013 to take steps to protect their identities and financial information. Affinity regrets any inconvenience this incident may cause and has established a confidential, toll-free inquiry line to assist its customers.American Express Travel Related Services Company, Inc and/or its Affiliates (“AXP”)
March 08, 2013 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to its data files.ANTIOCH UNIFIED SCHOOL DISTRICT
January 18, 2013 | User Error
Abstract
The confidentiality of personal information maintained by the Antioch Unified School District is critically important and the District takes great efforts to protect it. Regrettably, we are writing to you because of an incident involving an inadvertent disclosure of information which occurred on January 18,2013. At that time, and email pertaining to Worker's Compensation procedures as well as accident investigation forms were sent to a limited number of District personnel. The email mistakenly included an attachment that contained the social security numbers and abbreviated Worker's Compensation claim information of current and former employees that reported injuries.Accume Partners
October 31, 2012 | Laptop Stolen
Abstract
Recently we learned of a data security breach involving a laptop belonging to WeiserMazars. LLC, the CPA firm which audits the statement of net assets available for Plan benefits in connection with the Plan's annual reporting obligations under the Employee Retirement Income Security Act of 1974. The laptop was stolen from the vehicle of a WeiserMazars employee on October 10, 2012 prior to 7:30AM in Philadelphia, Pennsylvania.Alere Home Monitoring, Inc.
September 23, 2012 | Laptop Stolen
Abstract
We are writing to inform you of an incident that may have involved your personal information that occurred on September 23, 2012. A car belonging to an Alere Home Monitoring employee was burglarized. One of the items stolen from the car was the employee’s laptop. While the laptop was password protected, it did contain a file with your personal health information. Some of the information included in this file was your name, address, date of birth, Social Security number, and diagnosis. A police report was filed, but so far the laptop has not been recovered.American Express Travel Related Services Company, Inc and/or its Affiliates (“AXP”)
August 24, 2012 | Unauthorized Access
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to their website filesApril 02, 2012 | Unauthorized Access
Abstract
American Express is strongly committed to the security of all our Cardmembers’ information and wants to inform you that a merchant where you have used your American Express Card for payment detected unauthorized access to their website.American Tool Supply
August 01, 2012 | Server Compromise
Abstract
On August 1, 2012, ATS discovered that a hacker gained access to the ATS System. Upon discovery, ATS suspended the ATS System and removed all financial information that was stored on it. ATS also initiated an internal investigation to determine whether personal information was stored on, or accessible from, the ATS System. Moreover, the IBM X-Force forensics team was also engaged to investigate the incident.Anasazi Hotel LLC
June 18, 2012 | Malware
Abstract
Around March 21, 2013 we were notified by the credit card processing vendor that Anasazi was identified as the “common point of purchase” for a number of credit cards involved in fraudulent transactions with other merchants. The notice of common point of purchase was simply to alert Anasazi that it, perhaps with other merchants, was a merchant common to subsequent suspected fraudulent uses of payment cards used at our facility. In response to the notice, we quickly locked down our computer network and all computer systems and engaged forensic investigators, who analyzed all aspects of our data systems to determine whether credit card information was in fact accessed without authorization. The forensic experts uncovered evidence that Anasazi was the target of cyberattackers seeking to access parts of our internal network and data systems. The forensic experts found evidence that as early as June 18, 2012 the cyber-attackers installed malware apparently designed to perform certain functions, including eventually transmitting credit card data outside the secure network. While the forensic experts found no actual evidence that credit card information was in fact transmitted to the attackers, the forensic experts have concluded that the malware discovered on the Anasazi systems is consistent with that typically used to gather and transmit sensitive credit card data. Out of an abundance of caution, we are providing this notice to you even in the absence of hard evidence that your credit card data was in fact taken by the attackers.Advanced Data Processing, Inc.
June 15, 2012 | Insider Threat
Abstract
The notice is sent to you on behalf of Advanced Data Processing, Inc. (the "Company") and ________(the "Ambulance Agency") to alert you to an important matter. The Company manages billing for ambulance agencies. We learned on October 1, 2012 that an employee of the Company illegally accessed and disclosed certain patient account information in connection with a scheme to file false federal tax returns. Accessed account information included name, date of birth, Social Security number and record identifier. No medical information was accessed.Apria Healthcare, Inc.
June 14, 2012 | Laptop Stolen
Abstract
This is official correspondence from Apria Healthcare, Inc. (Apria) to inform you of a data security incident. On June 14, 2012, a laptop with password protection and owned by Apria was stolen from an employee's locked vehicle. Since that time, we have been investigating the incident thoroughly with the help of legal, computer, and compliance experts. Unfortunately, we learned that the files on the stolen laptop contained some of our current and past patient's personal information that was given to us as part of providing homecare equipment or service.American Pharmacists Association
April 23, 2012 | Unauthorized Access
Abstract
We are writing to notify you of recent unauthorized access to computer systems that contained certain of your personal information, and to inform you of actions you may take to protect yourself against any risks of fraud or other misuse of your personal information. We sincerely apologize for any inconvenience this incident may cause, and thank you for your understanding and cooperation as we continue our investigation.Ameritas LIfe Insurance Corp.
March 22, 2012 | Laptop Stolen
Abstract
On March 21, 2012, an employee of our Western Regional Sales office notified us that his company laptop computer, along with other business and personal items, had been stolen from his car. The theft was immediately reported to the appropriate law enforcement authorities, and they are investigating the crime and working to recover the stolen property. Unfortunately, the stolen laptop contained certain personal information used to provide group dental and vision quotes, as well as certain individual member enrollment information for employer-sponsored group health plans. The stolen computer was password protected but not encrypted.American Express Travel Related Services Company Inc and / or its Affiliates (“AXP”)
December 30, 2011 | Breach
Abstract
American Express is strongly committed to the security of all our Cardmembers’ information. We have recently been made aware that your American Express Card information was recovered during the course of an investigation by law enforcement and/or American Express. At this time, we believe the affected data included your American Express Card account number, your name and the expiration date on your card. Importantly, your Social Security number is not impacted, and our systems do not show any indication of unauthorized activity on your Card account related to this incident.American Express Travel Related Services Company, Inc and/or it’s affiliates (‘AXP’)
November 01, 2010 | Unauthorized Access
Abstract
American Express is strongly committed to the security of all our Cardmembers’ information and wants to inform you that a merchant where you have used your American Express Card for payment detected unauthorized access to their website.Aeries Software, Inc.
Abstract
The purpose of this notice is to inform you that your database may have been subject to unauthorized access involving your Parent and Student Data.A.B. Closing, Inc. D/B/A Kavaliro
Abstract
In March 2020, Kavaliro became aware of unauthorized persons who were using an imposter domain name to conduct email phishing directed at Kavaliro’s customers. Kavaliro has since had the imposter domain taken down, and while investigating the imposter domain, on March 26, 2020, became aware of unauthorized access to several Kavaliro email accounts by those involved with the imposter domain. On April 11, 2020, Kavaliro was able to determine that there was also unauthorized access to multiple additional Kavaliro email accounts, as well as certain internal file management systems.A&A Global Imports, Inc.
Abstract
On August 17, 2018, we were notified by law enforcement that they suspected certain of A&A’s information may have been compromised by unknown cyber attackers. Upon receiving this notification, we immediately engaged with several firms, including a leading computer forensic firm, to conduct a forensic investigation into the matter. As a result of that investigation, we discovered that unauthorized code was placed on our website that may have been capable of capturing certain information entered on the website during the checkout process. Our forensic investigation further revealed that the cyber attackers also may have been able to acquire data out of our customer database. Based on our investigation to date, it appears that information entered on our website may have been exposed at various points in time, including from August 15, 2017 to January 4, 2019. Importantly, the unauthorized code identified during our forensic investigation has been removed.Artix Entertainment, LLC
Abstract
Two talented individuals found a vulnerability in our older game websites (specifically AdventureQuest, DragonFable, and MechQuest). We were notified of this on October 16th, 2018. Thankfully, they have worked diligently with us to fix these issues and protect our game networkAncestry.com Operations, Inc.
Abstract
Immediately after receiving the file containing the RootsWeb surname list user data, the Ancestry Information Security Team commenced its analysis of the file and its contents, and started a forensic investigation of RootsWeb’s systems to determine the source of the data and identify any potential active exploitation of the RootsWeb systemAllrecipes.com, Inc.
Abstract
We recently determined that the email address and password typed into allrecipes.com by members when they created or logged into their accounts prior to June 2013 may have been intercepted by an unauthorized third party. Based on information available to us, we cannot determine with certainty who did this or how this occurred. Our best analysis is that email addresses and allrecipes.com passwords were intercepted during account registration or login by our members.Aptos, Inc. on behalf of Retailers in Attached Addendum
Abstract
Aptos, Inc. ("Aptos"), the third-party company, contracted to operate our e-commerce platform informed us on February 7, 2017 that an intrusion occurred on their systems.Aptos, Inc. on behalf of Retailers in the Attached Addendum
Abstract
We were informed on February 6, 2017 that our website www.alphaindustries.com experienced an intrusion last year. Our site is operated for us by a third-party platform provider, Aptos, and it was Aptos that experienced the intrusion.Aptos, Inc. on behalf of Retailers in Attached Addenda
Abstract
We are writing to inform you of an incident that may have involved your personal information. Along with more than 40 other retailers, our eCommerce store is hosted on a software platform owned and managed by Aptos, Inc. Aptos has determined that an unauthorized person or persons remotely accessed its systems and gained access to information of some of the individual consumers of these retailers. The investigation indicates that the intrusion began in approximately February 2016 and ended in December 2016. This letter provides details of what Aptos has explained to us regarding their investigation of this breach.Abbott Nutrition
Abstract
On February 6, 2017, we were first alerted of a security incident at Aptos, Inc. (Aptos), the company that provided and managed the e-commerce platform for AbbottStore.com. This incident may affect our customers who purchased products from AbbottStor.com. Aptos retained the services of an outside secrurity forensics team to investigate the nature and scope of the incident.ACTIVEOutdoors
Abstract
Although we have made and continue to make significant investments in technology and security, on August 22, we became aware that we were the victim of an unauthorized and unlawful access to our online hunting and fishing licensing applications in Idaho, Oregon and Washington.Alliance Health Networks, LLC
Abstract
On December 17, 2015, we became aware that a test database containing patient information had inadvertently been left accessible via the internet. Upon learning this, we immediately secured the data base and removed it from public view. We also began an internal investigation and determined that your child's name, address, telephone number, email address, medications and limited clinical information may have been included in the data base.AT&T
Abstract
AT&T’s commitments to customer privacy and data security are top priorities, and we take those commitments very seriously. As part of an ongoing investigation, we determined that your account was accessed without authorization in violation of AT&T’s privacy and security policies between February and July, 2014. AT&T believes your account was accessed as part of an effort to request codes that allow phones programmed for the AT&T Network to be used on other networks. This activity did not affect your AT&T mobile device(s). While there is no evidence that your Social Security Number or information related to telecommunications services that you purchase from AT&T, known as Customer Proprietary Network Information or CPNI (e.g., type of service or quantity of service), has been acquired, such information was contained in the system accessed and thus AT&T is offering you one year of free credit-monitoring. This notification to you has not been delayed as a result of a law enforcement investigation.American Sleep Medicine
Abstract
On March 3, 2015, we discovered an external hard drive had been stolen from a locked server room. After extensively searching the premises, the incident was reported to the San Diego Police Department (Case number #15-012876).We are informing you because the hard drive contained your patient information from sleep studies conducted in 2012. The hard drive contained your name, date of birth, referring doctor, interpreting doctor, medical history and sleep study results. The breach does not include Social Security numbers, Driver’s License/California Identification Card numbers or any financial account information. There has been no indication that information has been used for any unlawful purpose.
Anthem, Inc.
Abstract
On January 29, 2015, Anthem, Inc. (Anthem) discovered that cyber attackers executed a sophisticated attack to gain unauthorized access to Anthem’s IT system and obtained personal information relating to consumers who were or are currently covered by Anthem or other independent Blue Cross and Blue Shield plans that work with Anthem. Anthem believes that this suspicious activity may have occurred over the course of several weeks beginning in early December, 2014.AECOM Technology Corporation
Abstract
We have recently discovered that AECOM has been the victim of a computer security attack that resulted in the possible exposure of employee records containing employee personal information. As a result, some of your personal information may have been exposed to unauthorized parties.Despite having implemented industry-leading cyber defense protections, a cyber attacker was able to penetrate some of our systems. We discovered the unauthorized intrusion when AECOM’s security sensors notified us of suspicious behavior on the corporate network last month; and our investigation further determined last week that the attack impacted servers that contain employee payroll databases. This intrusion may have resulted in the exposure of personal information for present and past AECOM employees, including information such as names, addresses, Social Security numbers, and personal bank account numbers and routing information. The records at issue covered only employees who are on, or have been on, U.S. payroll.
American Express Travel Related Services Company, Inc. and /or its Affiliates (“AXP”)
Abstract
We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. We were recently made aware that your American Express Card information was recovered during an investigation by law enforcement and/or American Express.Arcadia Health Services, Inc. d/b/a Arcadia Home Care & Staffing
Abstract
We are writing to you because of an incident at your employer, Arcadia Home Care a/k/a Arcadia Health Services, Inc. (“Arcadia”).There has been a security breach of your employment records and personal information.
The security breach stems from the unauthorized access of your personal information by Mr. Charles E. Symes, II and his new business “Alegre.”
Mr. Symes had previously obtained access to your employment information under strict agreements and protocols that he had with Arcadia. Mr. Symes was an independent contractor for Arcadia.
ADP
Abstract
ADP provides payroll-related services to your employer [name]. As part of providing these services, ADP produces payroll and income tax forms and other documents that include your personal information. Unfortunately, we discovered on April 29 that your name and Social Security number were contained in a tax filing record in an embedded format not visible using the Adobe program or other similar PDF reader that was accidentally disclosed to another employee of the company who was not authorized to receive it. We truly regret that this happened.Altrec, Inc.
Abstract
On May 7, 2012, Altrec, Inc. (“Altrec”) discovered a potential information security incident involving personal information related to the American Express credit card you used while shopping at altrec.com (“Website”). We deeply value our relationship with you and the trust you place in us, and we have promptly addressed certain information vulnerabilities in our system. We sincerely apologize for any inconvenience or concern this may cause you. As a precaution we are writing to notify you and call your attention to some steps you may take to help protect yourself.B
Belden
November 12, 2020 | Unauthorized Access
Abstract
On the evening of November 12, 2020, Belden IT professionals detected unusual activity involving certain company servers. We immediately triggered our cybersecurity incident response plan, deployed teams of internal IT specialists, and engaged leading third-party cybersecurity forensic experts and other advisors to identify the scope of the incident and move quickly to mitigate the impact. Forensics experts determined that we were the target of a sophisticated attack by a party outside the company. On or about November 15, 2020, we learned that the outside party accessed servers that contained personal information of some current and former employees.Backroads
October 2, 2020 | Unauthorized Access
Abstract
On October 2, 2020, Backroads became aware of suspicious activity within its computer network. Backroads immediately began an investigation, working with external forensic specialists, to determine the nature and scope of the activity. Our investigation determined that certain files within our environment were encrypted and inaccessible. On October 16, 2020, we discovered that certain files had been accessible to unknown actors and that certain personal information was contained in these files. We recognize that it may feel like there was a delay between the initial incident and receiving this notification. From the moment we knew that files were accessible to the unknown actors, we have been working both internally to determine who could have been affected, as well as externally with appropriate authorities in each jurisdiction where we operate globally. Thank you for your understanding and patience while we worked through all the necessary details.Barrister Books
July 7, 2020 | Website Compromise
Abstract
We recently discovered a data security incident involving our website. We immediately launched an investigation and engaged a digital forensics firm to assist. The recently completed investigation determined that payment card information may have been exposed for customers who made purchases through barristerbooks.com, lawbooks.com or lawbooksforless.com between July 7, 2020 and September 11, 2020.BarristerBooks, Inc.
July 07, 2020 | Website Compromise
Abstract
We recently discovered a data security incident involving our website. We immediately launched an investigation and engaged a digital forensics firm to assist. The recently completed investigation determined that payment card information may have been exposed for customers who made purchases through barristerbooks.com, lawbooks.com or lawbooksforless.com between July 7, 2020 and September 11, 2020.Baylor Genetics
May 4, 2020 | Breach
Abstract
While preparing 2019 tax returns, we discovered a potential data security incident that may have affected some of our client’s personal information. We immediately launched an investigation and worked with the IRS and our software provider to ascertain what had occurred. We also retained an independent digital cybersecurity firm to conduct a forensic investigation of B+Co’s network and computer systems.September 24, 2019 | Phishing
Abstract
Baylor Genetics was the target of an email phishing campaign that resulted in a limited number of employees receiving a suspicious email containing a malicious link. These employees unfortunately fell victim to the phishing campaign, resulting in an unauthorized individual gaining access to those employees’ email accounts. Upon learning of the incident, Baylor Genetics disabled the impacted email accounts and required mandatory password resets to prevent further misuse. There is no evidence that the purpose of the phishing campaign was to obtain patient information and we have no evidence that any of your information was actually acquired or used by the unauthorized individual. However, out of an abundance of caution, we are providing notice and offering you credit monitoring services at no charge.Bregante + Company, LLC
May 04, 2020 | Unauthorized Access
Abstract
While preparing 2019 tax returns, we discovered a potential data security incident that may have affected some of our client’s personal information. We immediately launched an investigation and worked with the IRS and our software provider to ascertain what had occurred. We also retained an independent digital cybersecurity firm to conduct a forensic investigation of B+Co’s network and computer systems.Bank of America
April 22, 2020 | User Error
Abstract
Authorized lenders are required to submit loan applications to the SBA through the SBA’s loan application platform.Brown-Forman Corporation
April 14, 2020 | Unauthorized Access
Abstract
On July 28, 2020, we discovered suspicious activity in our internal network and promptly began to investigate and contain it. On August 4, 2020 we learned the cyber criminals stole certain records containing information about some of our current and former employees. In some cases, these records contained limited information about employee dependents or beneficiaries. Out of an abundance of caution, we are providing this letter to all current employees of Brown-Forman as well as former employees who worked at Brown-Forman as of 2013 to alert them of this incident. We will notify you separately if your beneficiaries or dependents were impacted.BMB Associates
March 16, 2020 | Unauthorized Access
Abstract
On or about March 16, 2020, the Company discovered some clients had IRS E-file rejections. Based on our investigation, the e-filing rejections was due to fraudulent tax filings by an unauthorized third party who was able to compromise the Company’s Intuit ProSeries® service and create a guest account. The Company’s IT team was able to discover the hidden guest account and was able to remove it on April 2, 2020.Abstract
On or about March 16, 2020, the Company discovered some clients had IRS E-file rejections. Based on our investigation, the e-filing rejections was due to fraudulent tax filings by an unauthorized third party who was able to compromise the Company’s Intuit ProSeries® service and create a guest account. The Company’s IT team was able to discover the hidden guest account and was able to remove it on April 2, 2020Bruce L. Boros, M.D., P.A. DBA Advanced Urgent Care
March 1, 2020 | Ransomware
Abstract
On March 1, 2020, a ransomware infection encrypted files stored on a backup drive.Bailard, Inc.
February 25, 2020 | Email Compromise
Abstract
Bailard became aware of unusual activity involving a single employee email account and immediately began an investigation. With the assistance of third-party computer specialists, on April 3, 2020, the investigation determined that the employee email account had been accessed at varying times between February 25, 2020 and March 5, 2020 without authorization.Beverly Hills Unified School District
November 4, 2019 | Vulnerability
Abstract
The District uses the Aeries Student Information System to provide students and their parents with online access to information regarding school events and schedules. In late November 2019, Aeries learned that an unauthorized individual attempted to exploit a vulnerability in the Aeries software that would allow access to student and parent information. Aeries later determined that the exploit was successful. Upon discovery, Aeries began an investigation and law enforcement launched an investigation to identify the person responsible, who Aeries believes is now in police custody. On April 27, 2020, we were notified by Aeries that this individual may have accessed the District’s Aeries System. We then contacted Aeries and, on May 5, 2020, we were informed that the individual did access parent and student data within the District’s Aeries System.Brea-Olinda Unified School District
November 04, 2019 | Unauthorized Access
Abstract
In late April, we were informed there may have been unauthorized access to the Aeries SIS which may have revealed Parent and Student Login information, physical residence addresses, emails addresses, and a form of password known as a password hash. However, no other data elements were impacted as a result of this incident. The incident was not isolated to only the Brea Olinda Unified School District, but many districts throughout the state.Blue Cross Blue Shield Association
September 28, 2019 | Programming Error
Abstract
We recently learned that a programming change made by the vendor on September 28, 2019 to update the fepblueTM mobile app inadvertently altered some permission functionalities in error. As a result, in certain circumstances, adult members on your FEP® policy contract were able to see your summary claims information on the fepblue mobile app between September 28, 2019 and October 22, 2019, even though permission to view that information had not been granted affirmatively and requested confidential communications measures were in place. When we learned of this issue on October 22, 2019, we turned off the mobile app’s claims viewing feature that same day to investigate and remediate the issue. Importantly, we are not able to confirm whether any of your summary claims information was actually viewed by your adult family members and are providing this notice to you out of an abundance of caution. To date, we are not aware of any misuse or further disclosure of the information accessible because of this incident.Bed Bath & Beyond Inc.
September 04, 2019 | Service Compromise
Abstract
We recently discovered that a third party used email and password information acquired outside Bed Bath & Beyond and Buy Buy Baby to access a limited number of online accounts during the period of September 4 – 27, 2019.May 15, 2017 | Website Compromise
Abstract
We detected recent suspicious website activity. Upon investigation, we discovered that some person or automated robot was attempting to log in to online Bed Bath & Beyond accounts by guessing commonly used passwords or by obtaining usernames and passwords from another source outside Bed Bath & Beyond. It may be that whoever made these attempts had obtained user names and passwords from another site relying on their knowledge that many people use the same password on multiple sites. It does appear that one of these efforts was succcessful in logging in to your Bed Bath & Beyond online account very recently with a password that was able to be guessed or obrained from some source likely outside of Bed Bath & Beyond. At this time, we have no reason to believe that there was any effort made to place any unauthorized orders on your Bed Bath & Beyond account, that credit card could not have been used without entering the security code from the card itself. That security code is not stored on our website and therefore would not have been available on our website, even if someone entered your username and password. Moreover, only the card type, expiration date, and lat four digits of the card number would have been visible, which means it could not have been used to make unauthorized purchases elsewhere.BookShark LLC
August 26, 2019 | Malware
Abstract
On August 26, 2019, we learned from our third-party developer that maintains our website that it discovered and removed unauthorized code on our website, www.bookshark.com. Upon learning this, we immediately launched an investigation, and a leading cybersecurity firm was engaged to assist. On September 25, 2019, the investigation determined that the unauthorized code was designed to capture information entered during the login and checkout processes and may have been present from March 11, 2019 through August 26, 2019.Bamboo HR LLC
February 11, 2019 | Service Compromise
Abstract
On February 13, 2019, BambooHR became aware of unauthorized access by an unidentified thirdparty to the TraxPayroll system. We determined that the unauthorized party was trying to change employee direct deposit information, which we quickly isolated and fixed. We also shut-down the means by which the unauthorized access occurred. It appears that the third party may have had access to the TraxPayroll system as early as February 5, 2019, but the attempted inappropriate actions took place between February 11-13, 2019. BambooHR then conducted a comprehensive review of all unauthorized activity and determined that a report was accessed that may have allowed the third party to view personal information of certain employees. It appears that the unauthorized party’s purpose in accessing the TraxPayroll system was to divert payroll deposits into its own accounts, not to collect personal information. While BambooHR is unable to determine whether your personal information was retained, it was contained in the report that was accessed. Out of an abundance of caution, BambooHR is notifying all individuals that may have been affected by this this unfortunate event.Brighton Collectibles, LLC
January 28, 2019 | Website Compromise
Abstract
On March 7, 2019, we learned that an unauthorized individual may have gained access to the website we used to process credit card transactions between January 28, 2019 and February 15, 2019. When we first learned of this incident, we took immediate steps to secure the information. A thorough investigation was conducted by a forensic investigation firm to determine what happened, who was impacted and what information may have been affected. We wanted to let you know this occurred and to assure you we take it very seriously.Bank of the West
December 03, 2018 | Skimming
Abstract
On January 20, 2019, the Bank’s security teams identified instances of unauthorized account withdrawal attempts concerning certain debit cards which had previously been used at our Campbell Branch ATM. We promptly contacted law enforcement and began taking steps to review our ATM network. Our review found that a device known as an “ATM skimming device” had been installed and removed from our Campbell Branch ATM. We believe the ATM skimming device was unlawfully installed on our ATM machine between December 3, 2018 and December 22, 2018.March 02, 2018 | Third Party
Abstract
On March 2, 2018, we were notified of a security incident that occurred at one of our contracted service providers who furnishes Bank of the West with business data analysis services relating to our business banking customers. The service provider’s investigation determined that unauthorized third parties used compromised credentials to log into a limited number of their employee email accounts and may have accessed information associated with your business. On March 19, 2018, we received a copy of the data file that may have been illegally accessed. We immediately took action, however, the data file was not in an easily useable format and required significant analysis to identify potentially affected individuals and associated mailing addresses.February 01, 2017 | Skimming
Abstract
On April 9, 2017, the Bank's security teams idnetified instances of unauthorized account withdrawals at the our ATMs in several Aouthern California cities. We immediately contacted law enforcement and began taking steps to review our ATM network. Our review found that devices known as "ATM skimming devices" had been installed and removed from seven of our ATMs in Southern California. We believe these ATM akimming devices were unlawfully installed on our machines at various points between February 1, 2017 and April 9, 2017.Abstract
On December 19, 2013 we discovered that a retired internet application that provided job listings and accepted applications for positions at the Bank had been illegally accessed. While we do not have conclusive evidence that personal information was taken during this access, the unauthorized users may have obtained information concerning you including your user name and password created to access the site.British Airways Plc
October 21, 2018 | Unknown
Abstract
TBDBBlood Systems, Inc.
August 29, 2018 | Website Compromise
Abstract
What Happened On Sept. 4, 2018, we detected unusual activity related to donor profiles within our eDonor donor portal. A prompt investigation with our software vendor, Haemonetics Software Solutions, revealed that between Aug. 29 and Sept. 2, 2018, a small number of blood donor profiles were subject to unauthorized access on our donor portal website: «DonorURL». In some of the donor accounts, donor loyalty program points were fraudulently used to order or attempt to order gift cards in our Hero Rewards Store. In an abundance of caution, we disabled donor portal login capability for all donors between Sept. 4 and 7 while we investigated the activity and established a corrective action plan. On Sept. 7 and Sept. 14, we notified donors by email that their passwords were reset with additional password security measures. Finally, for the few accounts for which donor points were inappropriately used, all earned loyalty points were promptly restored.BEL USA, LLC (“BEL”) through its website DiscountMugs.com
August 05, 2018 | Malware
Abstract
On November 16, 2018, we discovered that an unauthorized change had been made to our DiscountMugs.com website. We immediately initiated an investigation and learned that unauthorized code was inserted into our shopping cart page designed to collect information customers entered on that page. We immediately removed the unauthorized code and reported the matter to law enforcement and to the payment card companies. On December 20, 2018, our investigation determined that orders placed by credit or debit cards between August 5, 2018 and November 16, 2018, may have been impacted by the unauthorized code. We are providing you with this notice because our records indicate that you placed an order between August 5, 2018 and November 16, 2018Bayside Covenant Church, Inc.
August 03, 2018 | Email Compromise
Abstract
In October of 2018, Bayside became aware of suspicious activity in certain employees’ email accounts. Bayside immediately began an investigation to confirm the nature and scope of this activity. Through the investigation, which included working with third party forensic investigators, we determined that the unauthorized actors accessed certain employees’ accounts without authorization between August 3, 2018 and October 20, 2018. Unfortunately, the investigation was unable to determine which emails or attachments may have been viewed without authorization. In an abundance of caution, the entire contents of the email accounts involved were reviewed to identify any personal information contained within the accounts. On December 19, 2018, the programmatic and manual review was completed, and it was determined that certain personal information was contained within the accounts that were accessed without authorization. To date, we have no information that there has been any actual or attempted misuse of the personal information within the accounts related to this event.Beverages & More, Inc. dba BevMo!
August 02, 2018 | Malware
Abstract
Based upon information that we have received to date from the service provider that operates our website (NCR Corporation) and the results of a third party forensic investigation sponsored by NCR, we believe that an unauthorized individual was able to gain access to the BevMo website and install malicious code on our checkout page. This code was designed to capture payment information and may have affected certain orders placed on the BevMo website between August 2, 2018 and September 26, 2018. You are receiving this letter because our records indicate that you placed an order on the website during this timeframe.BioMarin Pharmaceutical Inc.
June 18, 2018 | Email Compromise
Abstract
On June 21, 2018, we discovered that someone (the “attacker”) had accessed two BioMarin email mailboxes, beginning on June 18, 2018, as a result of a successful phishing attack by which the attacker acquired a temporary employee’s user ID and password. When we discovered the breach on June 21, we had the temporary employee change his credentials, thereby preventing further access to the mailboxes. We have so far been unable to determine for certain whether the attacker extracted any or all of the information in the mailboxes before this access was terminated, but it is possible.Bankers Life (BL) - BL is the marketing brand of Bankers Life and Casualty Co., Medicare Supplement insurance policies sold by Colonial Penn Life Insurance Co. and select policies sold in NY by Bankers Conseco Life Insurance Company, a NY licensed ins. co
May 30, 2018 | Website Compromise
Abstract
We recently discovered that unauthorized third parties accessed credentials belonging to a limited number of our employees between May 30 and September 13, 2018. During this period, unauthorized third parties used improperly obtained employee information to gain access to certain company websites, potentially resulting in unauthorized access to personal information of policyholders and applicants. Based on our investigation, we have no reason to believe that our systems or network have been otherwise compromised at this time.Brinker International, Inc.
May 11, 2018 | Breach
Abstract
On May 11, 2018, we learned that some of our Guests’ payment card information was compromised at certain Chili’s restaurants as the result of a data incident. Currently, we believe the data incident was limited to between March – April 2018; however, we continue to assess the scope of the incident. We deeply value our relationships with our Guests and sincerely apologize to those who may have been affected.Black Phoenix, Inc
May 01, 2018 | Malware
Abstract
Malicious code was injected into the portion of the checkout page where credit card info bound for AuthorizeNet is gathered. If you made a purchase using the AuthorizeNet gateway during this period, your credit card data may have been compromised. We do not store any credit card info ourselves on the site – none whatsoever - so there was no credit card data to harvest from before this time period.Branton, de Jong and Associates
February 11, 2018 | Unauthorized Access
Abstract
Upon encountering suspicious electronic activity on our tax program, we immediately contacted our tax preparation software and began an investigation into the matter to determine what was going on. Additionally, we changed all passwords, and hired a leading, specialized forensic IT firm. On March 16, 2018, the specialized forensic IT firm determined that there was unauthorized access to our system from a foreign IP address. This access occurred between February 11th and February 26th, 2018. Unfortunately, the forensic IT firm cannot determine which individuals’ information was accessed within program folders, so we are notifying everyone whose information was accessible out of an abundance of caution and concern for our clients.Blue Beacon International
January 29, 2018 | Service Compromise
Abstract
On March 15, 2018, we discovered that our employee portal accounts had been accessed without authorization. We immediately disabled our employee portal site and launched an investigation led by an expert team of data security response professionals. The Federal Bureau of Investigation and the Internal Revenue Service/Criminal Investigation unit (IRS/CI) were also notified in order to provide additional security for your identity and to prevent fraudulent activity.Bay Area Air Quality Management District
January 10, 2018 | Email Compromise
Abstract
On January 10, 2018, unknown individuals accessed an Air District email account and gained access to messages sent to and from that account over a period of approximately two weeks. Three other accounts were accessed for less than one day each. A small number of the messages in those accounts contained personal information from current and former employees, several past and present members of the Board of Directors, Hearing Board and Advisory Council, as well as a smaller number of individuals who engaged in transactions with the Air District.Bakersfield City School District
November 09, 2017 | User Error
Abstract
On November 9, 2017, at or about 4:24 p.m., the Board Docs Agenda was posted to the District’s website. In this agenda packet under the Certificated Human Resources Report, a report of certificated extra-time was inadvertently attached. It was confirmed that the personal information contained in this attachment included that of approximately 1,250 certificated employees and/or substitutes who worked extra-time. The error was identified at approximately 7:45 p.m. and immediately removed. The total time this information remained online was approximately three hours and twenty-one minutes.Brinderson, L.P.
October 24, 2017 | Unauthorized Access
Abstract
On October 24, 2017, we discovered that an unauthorized individual may have gained access to one of our computer systems. Upon learning of this, we blocked the intruder’s access to our systems, shut down the affected systems, and immediately began an investigation to determine the scope of the incident. We also engaged a forensic security firm to assist in our investigation.Best Buy Co., Inc.
September 26, 2017 | Malware
Abstract
We recently identified malware on certain of our systems. Based on our investigation, the malware appears to have been placed on our systems around May 15, 2017. As a customer who made a purchase on our online store (www.bronsonvitamins.com) or by phone with our customer service center between May 15, 2017 and January 30, 2018, you may be affected by this matter.BMO Harris Bank N.A.
May 15, 2017 | User Error
Abstract
This letter is to inform you about a matter involving some of your personal information. Regrettably, during the production of 2016 IRS Form 5498 for BMO Harris Bank IRA accounts, which were mailed May 15, 2017, an error occurred and some customers received their own Form 5498 along with another customer’s Form 5498, while other customers didn’t receive their form.Bridger Insurance Services
May 07, 2017 | Third Party
Abstract
In September 2018, Bridger contacted its third-party IT provider to help resolve issues with its network. During this process, Bridger became aware of potential unusual access to one of its servers. Bridger launched an internal investigation to determine the nature of this potential access, and on September 14, 2018, Bridger shutdown the potentially affected server.Bluestem Brands, Inc.
April 07, 2017 | Unauthorized Access
Abstract
We believe that your personal information was accessed by cyber-attackers executing an attempt to obtain unauthorized access to your Fingerhut account between March 24, 2017 and April 7, 2017.Bombas LLC
November 11, 2016 | Malware
Abstract
Last year, as part of a review of data security, we discovered that malicious code designed to scrape credit card numbers and other personal information may have been present as early as November 11, 2016 on our e-commerce platform. We launched a thorough investigation to determine whether personal information of our customers was potentially exposed.September 27, 2014 | Third Party
Abstract
We first started selling Bombas socks online through our website in September 2013. We relied on larger, professional third party service providers for the design, development, hosting, maintenance, backend credit card processing, and security of our website.Bulletproof 360, Inc.
October 26, 2016 | Website Compromise
Abstract
On March 21, 2017, we informed you about an incident that potentially affected your payment card information used for online transactions on Bulletproof’s e-commerce website. Our March 21 notification to you was based on a preliminary forensic report that indicated payment card information was at risk from October 26, 2016 through January 31, 2017. We received a final forensic report on August 1, 2017, that indicates that payment card information used on Bulletproof’s e-commerce website from October 26, 2016 through May 30, 2017 may have been compromised.October 13, 2016 | Malware
Abstract
In mid-October 2017, Bulletproof identified unauthorized computer code that had been added to the software that operates the checkout page at www.bulletproof.com. When we discovered the unauthorized code, we immediately removed it and began an investigation. We have been working with leading computer security firms to examine our systems. We have also been working with law enforcement. Based on our investigation, we determined that the unauthorized code may have been capable of capturing information entered during the checkout process during the period from May 20, 2017 through October 13, 2017 and October 15-19, 2017. You are receiving this notice because your payment card may have been entered on the checkout page during this time period.Baxter Credit Union
October 03, 2016 | Email Compromise
Abstract
We value and respect the privacy of your information, which is why we are writing to advise you of a recent incident that may have involved certain of your personal information. On October 11, 2016, we learned that the email account of one of our employees had been compromised as part of an investigation we undertook after the email account was used to SPAM, or send an unsolicited email.BraceAbility
September 24, 2016 | Website Compromise
Abstract
On October 28, 2016, BraceAbility, Inc. learned of a possible security incident involving its online ordering website. We immediately engaged independent IT forensic experts to assist with our investigation. While the investigation is still ongoing, it appears that your credit or debit card data may have been compromised if you made an online purchase between September 24, 2016 and November 28, 2016. The information potentially exposed includes your name, address, card number, verification code, and/or the card’s expiration date as well as information related to your online purchase.BEYOND YOGA
August 01, 2016 | Breach
Abstract
We recently discovered that your personal information may have been exposed in July and August 2016 as a result of an incident currently under investigation.Broadview Mortgage
July 28, 2016 | Unauthorized Access
Abstract
On July 28, 2016, we were advised by our third-party information technology provider that it had identified two unauthorized administrative accounts on a server in one of our branch offices. We immediately began an investigation and promptly disabled the unauthorized accounts.Brian Goldman, MD A Medical Corporation
July 19, 2016 | Laptop Stolen
Abstract
On July 19, 2016 two laptop computers belonging to the medical offices of Dr. Brian HalevieGoldman were stolen. The laptops were password protected, secured in a carrying case and locked inside a vehicle when the theft occurred. It is not known whether the information contained on the laptops was or will be accessed by the thief. It is possible that the laptops themselves and not the information they contained were the target of the thief.Banner Health
June 17, 2016 | Unauthorized Access
Abstract
On July 13, 2016, we discovered that cyber attackers may have gained unauthorized access to information stored on a limited number of Banner Health computer servers. We immediately launched an investigation, hired a leading forensics firm, took steps to block the cyber attackers, and contacted law enforcement. The investigation revealed that the attack was initiated on June 17, 2016.Berkeley Endocrine Clinic
April 22, 2016 | User Error
Abstract
On April 22, 2016, my office was subject to a spam email which we believe went to many patients. Though no patient information was affected by that correspondence, we sent a notification email to all individuals on our email list, informing them of the spam. Inadvertently, the recipient list for the notification email on April 22, 2016 was not hidden.Bon Secours Health System, Inc.
April 18, 2016 | Third Party
Abstract
On June 14, 2016, Bon Secours discovered that files containing patient information had inadvertently been left accessible via the internet by one of our vendors, R-C Healthcare Management. While attempting to adjust their computer network settings from April 18, 2016 to April 21, 2016, R-C Healthcare Management inadvertently made files located within their computer network accessible via the internet. When Bon Secours discovered this issue, Bon Secours notified R-C Healthcare Management of this issue so that information could no longer be accessed via the internet. Upon receiving the notification, R-C Healthcare Management immediately took steps to secure the information so that it could no longer be accessed via the internet.Berkeley Unified School District
April 11, 2016 | User Error
Abstract
The Bay Area News Group, a publisher of multiple Bay Area newspapers, annually conducts surveys of all public agencies in the Bay Area regarding employee salary and related payroll information. They are entitled to this information pursuant to the California Public Records Act. The District compiled the requested information and transmitted it in an electronic file last week to the reporter who was coordinating the collection of the data. Unfortunately, the District inadvertently sent an electronic file that contained social security numbers. It did not include any other confidential information such as addresses, telephone numbers or birthdates. The reporter immediately contacted us about the transmission of confidential data. We then immediately responded by requesting that the reporter delete the files, and we transmitted another version of the data requested that did not include confidential data.Brooks Brothers
April 04, 2016 | Malware
Abstract
Brooks Brothers was recently alerted to a potential security incident. Based upon an extensive forensic investigation, it appears that an unauthorized individual was able to gain access to and install malicious software designed to capture payment card information on some of our payment processing systems at our retail and outlet locations. To find out if your Brooks Brothers or Brooks Brothers Outlet location was impacted, please visit www.brooksbrothers.com/incident-locationsfor a list of affected locations. Please note that this incident did not affect any purchases made on the BrooksBrothers.com website.Bristol Farms, Inc.
March 30, 2016 | Phishing
Abstract
On March 30, 2016, an unauthorized individual, impersonating a Bristol Farms/Lazy Acres executive, contacted Bristol Farms/Lazy Acres requesting certain information for Bristol Farms/Lazy Acres employees. Before it was determined that the request was fraudulent, an electronic file was provided, which contained information about the affected employees.Billy Casper Golf
February 26, 2016 | Phishing
Abstract
On Friday, February 26, Billy casper Golf was the targeted victim of an e-mail spoofing attack. Through this attack, a request was made for all 2015 employee W2 information. Unfortunately, this information was provided before it was discovered that the request was made from a fraudulent account by an individual purporting to be our CEO. We discovered the fraudulent nature of this request on Saturday, February 27, 2016 and have been working tirelessly to investigate.BMP/Pennant Holdings, LLC
January 13, 2016 | Malware
Abstract
Wendy’s recently reported additional malicious cyber activity involving some franchisee-operated restaurants. The Company believes this criminal cyberattack resulted from a service provider’s remote access credentials being compromised, allowing access – and the ability to deploy malware – to some franchisees’ POS systems. Soon after detecting the malware, Wendy’s identified a method of disabling it and thereafter has disabled the malware in all franchisee restaurants where it has been discovered. The investigation has confirmed that criminals used malware believed to have been effectively deployed on some Wendy’s franchisee systems starting in late fall 2015.Baja Bound Insurance Services, Inc.
December 16, 2015 | Phishing
Abstract
On December 16, 2015, we discovered that an agent’s Baja Bound Insurance Service’s email account may have been compromised through a phishing attack. From our investigation, it appears the phishing email was intended to collect only email addresses. As part of our investigation, we also reviewed the documents stored in the email account and discovered an application that contained your personal information, including your name, address, date of birth, driver’s license number, and credit card number. Our website, www.bajabound.com, was not affected and remains secure. While we have no evidence that any of this information was viewed or compromised, we wanted to let you know about this event out of an abundance of caution.Blucora, Inc.
November 10, 2015 | Unauthorized Access
Abstract
Fighting tax-related identity theft is a high priority for TaxAct. We have been working diligently with the IRS, state regulators and other tax software providers to identify new security measures we can use to deter such fraudulent activity. As part of that ongoing process, we recently discovered suspicious activity related to your TaxAct account.Blue Shield of California
September 15, 2015 | Third Party
Abstract
In December of 2015, Blue Shield was notified by our vendor that data about you may have been accessed by an unauthorized user who gained access to the vendor’s data systems without permission. We believe that the unauthorized access happened between September and December of 2015 and was the result of log-in credentials for certain Blue Shield customer service representatives being misused. No data systems at Blue Shield were impacted. We take this issue seriously and regret the concern it may cause.December 20, 2013 | Breach
Abstract
I am writing on behalf of Blue Shield California ("Blue Shield") to advise you of a recent incident that resulted in our disclosure of your Blue Shield ID number to one or more of your clients who may have attempted to pay for their Individual and Family Plan policy through our online payment system. The Agent ID number is your Tax Identification Number which, in your case, is your Social Security Number ("SSN"). We have no reason to believe that your personal information has been misused, but we apologize for this incident and regret the concern or inconvenience it may cause you.February 28, 2013 | User Error
Abstract
On May 16, 2014, the DMHC discovered that Blue Shield of California had inadvertently included provider Social Security numbers (SSNs) in the rosters Blue Shield provided to the DMHC in February, March and April, 2013. Because they did not recognize their error, Blue Shield did not mark the rosters as confidential or otherwise alert the DMHC to the inclusion of the SSNs. The DMHC’s subsequent investigation revealed that the DMHC had produced the rosters in response to ten PRA requests made to the DMHC between March 2013 and April 2014. In addition to the SSNs, the rosters included providers' names, business addresses, business telephone numbers, medical groups, and practice areas.Buyers Protection Group
July 19, 2015 | Laptop Stolen
Abstract
On July 19, 2015, a company laptop was stolen from an employee's car during a large-scale break in of at least 20 vehicles in the Greater Atlanta Area. The incident was immediately reported to the police and a police report was filed. Accordingly, we are working with local law enforcement and Fidelity National financial's (parent company of BPG) security team to investigate the incident and take appropriate responsive action. In the course of FNF's security team investigation, it was discovered that a file containing your name, address, date of birth and social security number was likely on the laptop at the time of the theft.Bank of Manhattan—Mortgage Lending
June 12, 2015 | User Error
Abstract
We believe in acting quickly to protect our customers’ best interests. Thus, we are contacting you to inform you about a recent data security incident at Bank of Manhattan Mortgage Lending. Our investigation is ongoing, but it appears that an employee handled mortgage loan files stored on a removable disk drive in a manner that was contrary to our policies and instructions, and may have resulted in unauthorized disclosure or use of information in those files. These files included a loan that was originated for you at Bank of Manhattan Mortgage Lending, or was owned by Bank of Manhattan Mortgage Lending at one point. The loan files include name, address, loan number, phone numbers, Social Security numbers, birth dates, credit information, tax information, and other financial information. This information is in regards to your loan number ending with [ClientDef1(Loan Number)] originated on [ClientDef2(Origination Date.)] We conducted a prompt investigation and recovered the original removable disk drive. We have notified law enforcement and appropriate government agencies. We are not aware of any fraudulent or improper use of your information, nor are we aware of any subsequent disclosure of your data. Please be assured that we have taken every step necessary to address the incident to date, and that we will continue to investigate and take any additional steps that may be required. We are committed to fully protecting the information you have entrusted to us.Bonita Unified School District
June 02, 2015 | Database Compromise
Abstract
On June 2, 2015, we discovered that unauthorized individuals gained access to our student database in May 2015 and changed the grades of several students at San Dimas High School. We believe the suspects also accessed and downloaded personal information relating to students, including your name, Social Security number, birthdate, medical information, Aeries usernaem and password, and contact information, such as physical address, email address and phone number. Upon learning this, we immediately reported the incident to law enforcement and conducted an investigation to determine what information may have been changed. We are cooperating with law enforcement in its investigation of this incident. The information that was changed has been restored to its orignal status.B. Lane, Inc., a Delaware corporation d/b/a Fashion to Figure
May 19, 2015 | Malware
Abstract
On October 16, 2015, we noticed that a page on our website, which was managed by a third party web hosting firm, was loading slowly. Through investigation, we learned that malware had been installed on the hosting firms's webserver on or around May 19, 2015. Your credit card information was located on the impacted webserver. We are sending this letter so that you are aware of this situation, and to provide you with identity theft protection services.Blue Spring Partners, LLC
April 25, 2015 | Unauthorized Access
Abstract
On April 30, 2015, we detected a system intrusion that occurred on April 25, 2015. Your personal information may have been disclosed which included name, address, email and encrypted password. We immediately implemented procedures to protect all data and prevent unauthorized access and requested an investigation with authorities.Bay Area Children’s Association
January 15, 2015 | Third Party
Abstract
On April 1, 2016, we received notice from our electronic medical record provider that their electronic system was breached and some of our patient records were acquired by unauthorized persons. Specifically, they determined that cyber intruders may have installed malware in January 2015 and, through credential theft, accessed certain systems in their environment. We immediately requested further information to identify which of our patients were affected and on April 22, 2016, we were informed that such information could not be confirmed with a high level of confidence. Though we do not have confirmation that your records were compromised, given the sensitivity of the information potentially exposed we wanted to notify you of this matter as soon as possible as your patient records were on the affected electronic medical record system.bebe stores, inc.
November 08, 2014 | Unauthorized Access
Abstract
bebe stores, inc. recognizes the importance of protecting the payment card information of our customers. We recently detected suspicious activity on computers that operate the payment processing system for our stores. We immediately engaged a leading computer security firm and worked with them to block the attack from continuing. Based on our investigation to date, we believe the attack was focused on and limited to data from payment cards swiped in our U.S., Puerto Rico and U.S. Virgin Islands stores during a short window between November 8, 2014 and November 26, 2014. This data may have included cardholder name, account number, expiration date, and verification code. Purchases made through our website, mobile site/application, or in Canada, or our other international stores were not affected. Customers can feel confident in continuing to use their payment cards in our stores.Bistro Burger, Inc.
October 02, 2014 | Malware
Abstract
We recently confirmed that unauthorized individuals or entities installed malicious software on computer systems used to process credit card transactions at our Mission Street Bistro Burger location, located at 201 Mission St. San Francisco, CA 94105. The incident may have compromised payment card data of visitors that made credit card purchases at the Mission Street location between October 2, 2014 and December 4, 2014, including name, payment card account number, card expiration date and security code.Bulk Reef Supply
July 30, 2014 | Website Compromise
Abstract
We are contacting you about a data security incident that occurred at BulkReefSupply.com ("BRS"). While the investigation is ongoing, it has been determined that the security of some data for some customers who logged into the website from July 30, 2014 until January 30, 2015 may have been compromised. The outside cyber hacker intrusion was initially discovered on January 21, 2015 and the data compromise was contained and corrected on January 22, 2015. Further corrective action occurred on January 30th.Black Mountain Software
May 30, 2014 | Breach
Abstract
The city which produces your water bills, The Town of Jamestown, uses Black Mountain Software for its Utility Billing process. On June 17th, Black Mountain Software became aware of an online security problem and quickly worked to resolve the issue within minutes of the discovery. On June 18th, we alerted all BMS customers of the situation. By June 20th, a thorough forensic review of records was complete and BMS identified eight (8) of their client organizations had files that were accessed without proper authorization and notified each of them. Unfortunately, some of your personal information was contained in the accessed files.Benjamin F. Edwards & Co.
May 24, 2014 | Unauthorized Access
Abstract
On May 27, 2014, BFE discovered, like many other businesses and financial institutions, that it was a victim of an unauthorized attempt to access our electronic data. Based on the results of our investigation, we have learned some of our information was taken; however, we do not have any specific evidence that your information was acquired by a third party or has been fraudulently used.Bay Area Pain Medical Associates
May 19, 2014 | Computer Stolen
Abstract
We hope this letter finds you well. We are writing to inform you that on May 19, 2014, our office was broken into and many items were stolen including three desktop computers. Upon discovery the following day, the Sausalito Police Department was immediately notified and a formal police report was filed.Backcountry Gear
April 27, 2014 | Malware
Abstract
Our company was founded on a commitment to absolute customer service and satisfaction. We believe in transparency and clear communication. We therefore want to alert you that on July 23, 2014, we discovered that malware (malicious computer code) had been installed on our server which compromised customer payment card information submitted with orders to our company between April 27 and July 17, 2014. We have reported the matter to law enforcement.Bartell Hotels
February 16, 2014 | Unauthorized Access
Abstract
We deeply value your business. The security of your personal information is our top priority which is why, as a precautionary measure, we are informing you of a data security incident which may involve certain credit card data, including your credit card number and name.Barbecue Renew Inc.
January 19, 2014 | Website Compromise
Abstract
Barbecue Renew, Inc., (“Barbecue Renew” or “us” or “we”), is an e-commerce retailer offering grill accessories, equipment and replacement parts through our website www.grillparts.com. You are receiving this notification because at some point in the past, you completed a purchase through our website which required you to provide us with your credit card information. We have determined that your cardholder data, which may include your first and last name, address, personal card account number, expiration date, and card security codes, may have been compromised as a result of a series of cyber attacks on our web server. This letter will explain how this compromise occurred, how you could potentially be affected, and what specific steps you may take in order to protect yourself from certain risks regarding any potential misuse of this informationBring it To Me, LLC
January 13, 2014 | Malware
Abstract
We value your business and respect the privacy of your information, which is why, as a precautionary measure, we are writing to let you know about a data security incident that may involve your personal or payment card information.Beacon Health System
November 19, 2013 | Email Compromise
Abstract
Beacon Health System is writing to notify you of data security event that may affect your personal and protected health information. Although there is no evidence that anyone has taken or misused your information, we are letting you know so can you take steps to monitor your identity, credit, and accounts.B&G Foods, Inc.
November 16, 2013 | Website Compromise
Abstract
On November 16, 2013, B&G Foods North America, Inc. discovered that an unauthorized third party had earlier that day attacked the online e-commerce website associated with our Maple Grove Farms brand. We are sending you this letter as a cautionary measure because we believe that certain information about you, which may have included your name, address, telephone number, and credit / debit card number, may have been accessed without authorization.Butler University
November 01, 2013 | Insider Threat
Abstract
On May 28, 2014, Butler University was contacted by California law enforcement and alerted to an identity theft investigation in which the suspect had in his possession a flash drive containing the personal information of certain Butler University employees. Upon learning of this, Butler University immediately notified the affected employees and launched an internal investigation.Board of Barbering and Cosmetology
August 23, 2013 | Computer Stolen
Abstract
On August 23, 2013, the Board's Fairfield Office was burglarized and a desktop computer was stolen. The burglary was reported to local law enforcement authorities. Through an investigation, it was determined that the computer may have contained a document with personal information of individuals who participated as models for applicants who were taking a cosmetology, barbering, manicure, esthetician, or electrology exam.Boomerang Tags
July 04, 2013 | Malware
Abstract
We recently learned that unauthorized individuals or entities installed malicious software on the computer server we use to host our Website. We believe the malware compromised the payment card data of visitors that made payment card purchases through the Website between July 4, 2013 and February 18, 2014, including name, address, payment card account number, card expiration date and security code. According to our records, you made a payment card purchase at the Website during that timeframe, and your information may be at risk.BEL USA LLC
March 01, 2013 | Website Compromise
Abstract
We wanted to notify you of a security incident involving the [[insert name of website here]] website, which is operated by BEL USA LLC. We have reason to believe that because you placed an order with us on this website or by phone between March 1, 2013 and July 15, 2013 that your personal information may have been obtained by unauthorized third parties. Upon learning that the website server may have experienced unauthorized access, we immediately commenced an internal investigation and then retained an independent expert to investigate this incident.Beachbody, LLC
March 01, 2013 | Website Compromise
Abstract
On April 17, 2013, Beachbody became aware that an unknown unauthorized individual(s) hacked into the Powder Blue website. Upon learning that the Powder Blue website had been compromised, Beachbody immediately commenced an internal investigation. Beachbody retained privacy and data legal counsel to assist in its investigations and response to this incident. Beachbody retained third-party forensic experts, Kroll Advisory Solutions (“Kroll”), to identify vulnerabilities on the Powder Blue website. Kroll also assisted Beachbody in identifying the specific data exposed and the individuals affected by this incident. At this time, Kroll determined that your credit card number, email address, mailing address, telephone number, first name, last name, and CVV number were potentially accessed. No social security numbers were in this database.Bailey’s Inc
January 01, 2013 | Website Compromise
Abstract
In January 2016, we sent our customers a notification that their credit card information and other personal information may have been stolen due to a cyber attack on our website, BaileysOnline.com. In that notice, we informed our customers that the compromise event began on September 25, 2015.Bellacor.com, Inc.
July 26, 2012 | Website Compromise
Abstract
We discovered that an unauthorized third party obtained unlawful access to certain temporary data files on our website. These temporary data files are used only to complete e-commerce transactions and are not otherwise retained by Bellacor. The information accessed in the temporary files included customer name, address, phone number and encrypted credit card information. The malicious code used by the unauthorized party was discovered and contained on July 26th, and we believe it was injected by the unauthorized third party around June 7th. While our investigation is ongoing, we believe that in certain limited circumstances the unauthorized third party was able to extract such information from the temporary data files. Your recent purchase occurred during the time period when the unauthorized third party was attempting to obtain this information about our customers. While we do not have evidence that your information was compromised, we are taking precautionary measures to protect your financial security and alleviate concerns you may have.Bank of America Merchant Services, LLC
January 02, 2012 | Third Party
Abstract
It has recently been brought to our attention that personal information about merchants who currently process with Bank of America Merchant Services (“BAMS”) had been shared outside of the company by our service provider, First Data Corporation (“First Data”). This information was provided to three firms in connection with First Data„s efforts to evaluate effective verification and anti-fraud services. BAMS believes there is little risk of harm to you, however, we sincerely regret this error, as the security of your information is one of our top priorities at BAMS.Belden Inc.
Abstract
On the evening of November 12, 2020, Belden IT professionals detected unusual activity involving certain company servers. We immediately triggered our cybersecurity incident response plan, deployed teams of internal IT specialists, and engaged leading third-party cybersecurity forensic experts and other advisors to identify the scope of the incident and move quickly to mitigate the impact. Forensics experts determined that we were the target of a sophisticated attack by a party outside the company. On or about November 15, 2020, we learned that the outside party accessed servers that contained personal information of some current and former employees.Backcountry Edge, Inc.
Abstract
Regrettably, we are writing to inform you that on June 3, 2019, we confirmed that a sophisticated cyberattack on our website may have resulted in the unauthorized access of your personal information by hackers.Bank of Hope
Abstract
We recently discovered that unauthorized individuals may have potentially gained access to certain personal information about a limited number of our account holders between the dates of June 28, 2018 through July 5, 2018. Based on our investigation, it appears you were one of the individuals whose information potentially may have been accessed and therefore your personal information could be affected by this incident. We immediately notified law enforcement and federal regulators, and our information security team is working in cooperation with the officials on this matter. Although the investigation is ongoing, we have not found any evidence that this incident involves any unauthorized access to or use of any of Bank of Hope’s internal computer systems or network, or that any other customer information was affected.Bombas, LLC
Abstract
We first started selling Bombas socks online using an outside vendor to develop and manage our website and a third party e-commerce platform for purchases. Malware in the code of the e-commerce platform was identified and initially removed from our website on January 15, 2015, and then finally removed on February 9, 2015.Big Fish Games
Abstract
I am writing to inform you of an incident we self-discovered on January 12, 2015, involving the theft of payment information from our online stores. An unknown criminal installed malware on the billing and payment pages of our websites that appears to have intercepted customer payment information. Your information may have been affected if you entered new payment details on our websites [rather than using a previously saved profile] for purchases between December 24, 2014 and January 8, 2015.Bay Area Bioscience Association
Abstract
It has come to our attention that sometime within the past two weeks the security of our online payment system was breached. We believe an intruder inserted files that captured the keystrokes of our visitors and may have captured credit card numbers in the process.Buckeye Check Cashing of California LLC
Abstract
On June 27, 2013, a laptop that may have contained your personal information was stolen from a locked vehicle in a smash-and-grab type of theft. The theft involved credit cards, a wallet and other personal property from the vehicle. The law enforcement investigation is ongoing, but the laptop has not been recovered. Though it is possible that your name, address, bank account information, and/or social security number may have been or may be accessed, at this time we have no reason to believe that the data on the laptop has been accessed.Bureau of Automotive Repair
Abstract
We recently learned that an unauthorized individual accessed the network of one of our service providers between May 2012 and March 2013. We are notifying you because the unauthorized individual may have had access to files containing bank account numbers and bank routing numbers belonging to Smog Check stations licensed with the BAR.Barnes & Noble Booksellers, Inc.
Abstract
We have detected a sophisticated criminal effort to steal credit and debit card information from our customers who have swiped their cards through PIN pads when they made purchases at certain retail stores. The tampered devices were capable of capturing information such as name, card account number, and PIN.C
Center for Autism and Related Disorders
October 16, 2020 | Unauthorized Access
Abstract
The Center for Autism and Related Disorders (“CARD”) recently discovered a data security incident that may have affected files containing limited sensitive information. There is no evidence that your personal information was accessed or misused in any way. However, because we are unable to determine with certainty what files may have been compromised, we are sending this advisory so you can take steps to minimize the possibility of misuse of your information.Abstract
The Center for Autism and Related Disorders (“CARD”) recently discovered a data security incident that may have affected files containing limited sensitive information. There is no evidence that your personal information was accessed or misused in any way. However, because we are unable to determine with certainty what files may have been compromised, we are sending this advisory so you can take steps to minimize the possibility of misuse of your information.California Physicians’ Services d/b/a Blue Shield of California
October 16, 2020 | Update Error
Abstract
On October 20, 2020, Blue Shield discovered that an error occurred when it updated its Medicare Advantage HMO provider directories. This error caused your Social Security Number to display as your provider identification number in the provider directories. Directories were displayed in PDF format on Blue Shield’s website, and that of its printing vendor, Arvato, between October 16-20, 2020. The directories were viewed, and in some cases, downloaded by brokers, members and prospects. A number of printed directories were also mailed to Blue Shield brokers and members during this time.CCPOA Benefit Trust Fund d/b/a Blue Shield of California
September 2, 2020 | Ransomware
Abstract
On September 2, 2020 the CCPOA Benefit Trust Fund’s IT Department discovered unusual activity within their IT environment. Upon discovery, all systems were shut down to investigate the event. The CCPOA Benefit Trust Fund engaged Stroz Friedberg, LLC, an Aon company, to conduct a thorough Cyber Forensic investigation. During the course of the investigation, the results uncovered that, despite precautionary measures, the CCPOA Benefit Trust Fund’s systems were compromised by a successful Ransomware attack. Additionally, on or about October 1, 2020 it was determined that data containing personally identifiable information had been successfully obtained during the attack.CCPOA Benefit Trust Fund
September 02, 2020 | Ransomware
Abstract
On September 2, 2020 the CCPOA Benefit Trust Fund’s IT Department discovered unusual activity within their IT environment. Upon discovery, all systems were shut down to investigate the event. The CCPOA Benefit Trust Fund engaged Stroz Friedberg, LLC, an Aon company, to conduct a thorough Cyber Forensic investigation. During the course of the investigation, the results uncovered that, despite precautionary measures, the CCPOA Benefit Trust Fund’s systems were compromised by a successful Ransomware attack. Additionally, on or about October 1, 2020 it was determined that data containing personally identifiable information had been successfully obtained during the attack.Cantella & Co
August 25, 2020 | Malware
Abstract
We are contacting you regarding a data security incident that has occurred on August 25, 2020 at Cantella & Co., Inc. This incident involved email threads which were used to entice recipients to open an attachment containing malware. Malware is a term used to describe any kind of computer software with malicious intent. Recipients of these malicious emails opened the attachments, believing them to be from a credible source, which in turn installed the malware. Unfortunately, this malware is very difficult to detect, and almost none of the virus scanners available out there today are able to do so. In total, we identified 23 infected computers across our organization. Regrettably, some of your personal information may have been contained within these infected computers as many of the emails were internal and therefore deemed to be secure. If you are an entity client, this may include your authorized persons’ personal information. It is important to note that we have no evidence to support any attempts to misuse private client information thus far, but there is a possibility that your name, address, social security number, and other identifying information may have been potentially exposed to others. We value your business and respect the privacy of your information. As such, we are providing you with complimentary credit monitoring for the next two years and we ask that you enroll by following the steps outline below.Cantella & Co., Inc.
August 25, 2020 | Malware
Abstract
We are contacting you regarding a data security incident that has occurred on August 25, 2020 at Cantella & Co., Inc. This incident involved email threads which were used to entice recipients to open an attachment containing malware. Malware is a term used to describe any kind of computer software with malicious intent. Recipients of these malicious emails opened the attachments, believing them to be from a credible source, which in turn installed the malware. Unfortunately, this malware is very difficult to detect, and almost none of the virus scanners available out there today are able to do so. In total, we identified 23 infected computers across our organization. Regrettably, some of your personal information may have been contained within these infected computers as many of the emails were internal and therefore deemed to be secure. If you are an entity client, this may include your authorized persons’ personal information. It is important to note that we have no evidence to support any attempts to misuse private client information thus far, but there is a possibility that your name, address, social security number, and other identifying information may have been potentially exposed to others. We value your business and respect the privacy of your information. As such, we are providing you with complimentary credit monitoring for the next two years and we ask that you enroll by following the steps outline below.Construction Bidboard, Inc.
August 12, 2020 | Email Compromise
Abstract
On August 12, 2020, the confidentiality of one of our employee's mailboxes was compromised. In this mailbox, there were possibly usernames and passwords of active members of the Construction BidBoard platform.Abstract
On August 12, 2020, the confidentuality of one of our employee's mailboxes was compromised. in this mailbox, there were possibly usernames and passwords of active members of the Construction BidBoard platform.Carnival Corporation and plc
August 4, 2020 | Unauthorized Access
Abstract
While the investigation is ongoing, early indications are that in early August an unauthorized third-party gained access to certain personal information relating to some of our guests, employees, and crew. For individuals who sailed with us, the information impacted may include the data routinely collected during the guest travel booking process, during the casino experience, or at the time of employment. That information may include names, addresses, phone numbers, passport numbers, and dates of birth. The investigation into the specific data impacted is ongoing, but in some limited instances, we anticipate additional information impacted may include data such as Social Security numbers, health information, or other personal information.Canon
August 4, 2020 | Ransomware
Abstract
We identified a security incident involving ransomware on August 4, 2020. We immediately began to investigate, a cybersecurity firm was engaged, and measures were taken to address the incident and restore operations. We also notified law enforcement and worked to support the investigation. We determined that there was unauthorized activity on our network between July 20, 2020 and August 6, 2020. During that time, there was unauthorized access to files on our file servers.California Dialysis Management Services, Inc.
August 3, 2020 | Unauthorized Access
Abstract
On August 3, 2020, the FBI notified us that it had arrested an individual who was in possession of some CDMS documents. We subsequently received a copy of the information and determined that the documents contained the personal information of some of our employees are currently cooperating with the law enforcement investigation and have hired a forensic firm to assist with our investigation into the matter. Although those investigations are ongoing, we wanted to notify you of the incident as soon as possible.Abstract
On August 3, 2020, the FBI notified us that it had arrested an individual who was in possession of some CDMS documents. We subsequently received a copy of the information and determined that the documents contained the personal information of some of our employees are currently cooperating with the law enforcement investigation and have hired a forensic firm to assist with our investigation into the matter. Although those investigations are ongoing, we wanted to notify you of the incident as soon as possible.Capital Lumber Company
July 27, 2020 | Service Compromise
Abstract
On September 5, 2020, Capital experienced a data security incident that disrupted access to certain systems. Upon discovering this, we immediately took steps to secure our network and launched an investigation with the assistance of cybersecurity experts to determine what happened and whether sensitive information may have been accessed or acquired. The investigation revealed that personal information stored on certain systems and Capital email accounts may have been accessed or acquired between approximately July 27 and September 6, 2020. On November 13, 2020 following a thorough review, we identified your information as potentially involved. We then worked diligently to identity up-to-date address information to notify you.Canon U.S.A., Inc.
July 20, 2020 | Ransomware
Abstract
We identified a security incident involving ransomware on August 4, 2020. We immediately began to investigate, a cybersecurity firm was engaged, and measures were taken to address the incident and restore operations. We also notified law enforcement and worked to support the investigation.California Western School of Law
July 16, 2020 | Ransomware
Abstract
A third party vendor, Blackbaud, Inc. (the company that stores our fundraising data and services thousands of non-profits globally) notified us of a ransomware attack on its hosting system. Blackbaud informed us of the incident on July 16, 2020. Our internal data storage systems were not affected by the security incident.Abstract
A third party vendor, Blackbaud, Inc. (the company that stores our fundraising data and services thousands of non-profits globally) notified us of a ransomware attack on its hosting system. Blackbaud informed us of the incident on July 16, 2020. Our internal data storage systems were not affected by the security incident.City Dental
June 1, 2020 | Network Compromise
Abstract
On the morning of Monday, June 1, 2020, we discovered our computer network had been hacked and our computer terminals could not be used.Collabera, Inc.
May 24, 2020 | Ransomware
Abstract
On June 8, 2020, Collabera identified malware in its network system consistent with a ransomware attack. We promptly restored access to our data from backup files, and immediately launched an investigation to determine the nature and scope of this event. On June 10, we became aware that the unauthorized party obtained some data from our system. We are working with outside experts and law enforcement to conduct a more detailed review of the incident.Crystal Stairs, Inc.
May 20, 2020 | Third Party
Abstract
Blackbaud reported that upon discovering this breach Blackbaud worked with security consultants to respond to the threat. Following its investigation, Blackbaud notified Crystal Stairs that the cybercriminal may have accessed or acquired Blackbaud customer data, before Blackbaud locked them out on May 20, 2020. Blackbaud informed us that the perpetrators told Blackbaud that the stolen data was destroyed. Based on the nature of the incident, the research Blackbaud performed, and analysis by third-party investigators, Blackbaud informed us that it has no reason to believe that the cybercriminals transmitted or disseminated any of the data publicly. Blackbaud has also hired a team of experts to continue monitoring for any such activity. Once Blackbaud notified Crystal Stairs, we immediately began an investigation to determine what, if any, sensitive stakeholder data was potentially involved.Central California Alliance for Health
May 7, 2020 | Email Compromise
Abstract
On May 7, 2020, the Alliance found that many Alliance employees’ email accounts were accessed illegally by an unknown person. These accounts were accessed for about one hour. The Alliance found the issue and immediately shut down the Alliance employees' email accounts that were accessed.California Department of Corrections and Rehabilitation
May 6, 2020 | Breach
Abstract
We are writing to you because of a recent security incident that was discovered May 7, 2020 in an Office of Peace Officer Selection SharePoint site. A domain group for all CDCR staff with intranet access was inadvertently given “read only” access to the SharePoint site that contained personal identifying information.March 03, 2014 | User Error
Abstract
On March 9, 2014, an employee roster was discovered within an unsecure desk drawer of Facility E Visiting, Custody Podium. This roster, which included your full name and the last 6-digits of your Social Security number, was used during the week March 3, 2014 thru March 7, 2014 for TB testing.July 26, 2013 | Misconfiguration
Abstract
On July 28, 2013, it was discovered that a file containing your name, date of birth, and Social Security number was saved to a location on our CEN server which is accessible to all CEN staff. This file was on the server between July 26, 2013 and July 29, 2013 before being removed.September 26, 2012 | Misconfiguration
Abstract
On September 26, 2012 it was discovered that a database file containing personal information for custody staff, which was located on the institutional server, was accessible to all SVSP staff. The database file contained your first and last name, Social Security number, personal phone number, address, and institutional-position information.Abstract
On May 7, 2015, we discovered that the Gate Clearance document you submitted to Mule Creek State Prison was electronically scanned and stored to a computer folder where employees outside of Plant Operations may have been able to read it. The document contained your name, Driver License number and Social Security number. Immediately upon discovery, access to the folder was secured to only allow access to the Plant Operations employees.Coast Financial Services
May 6, 2020 | Ransomware
Abstract
On May 6, 2020, Coast discovered that two servers had been encrypted and rendered inaccessible. Coast’s immediate concern was to contain the incident and secure our network systems. To that end, Coast engaged a digital forensics firm to investigate the cause and scope of the incident, and determine if any information stored within their systems had been affected. On July 7, Coasts’ investigation determined that an unauthorized individual accessed files containing certain personal information. The information that may have been accessed includes tax-related documents containing information that is included in tax returns, including names, mailing addresses, and Social Security numbers. Notably, Coast is not aware of any misuse of this information as a result of this incident.Combe Incorporated
May 6, 2020 | Malware
Abstract
Combe Incorporated (“Combe”) values and respects your privacy and is committed to keeping your information confidential. Our commitment to these values includes notifying individuals if we believe the confidentiality of their personal information might have been compromised. Accordingly, we are writing to advise you of a recent incident that may have involved some of your personal information.We recently learned that an unauthorized third party placed computer code that was capable of collecting information on the checkout page of our website from March 2, 2020 until April 10, 2020. Upon learning of the incident, we promptly removed the malicious code and conducted an internal investigation with the help of a leading computer forensic firm.
March 02, 2020 | Malware
Abstract
Combe Incorporated (“Combe”) values and respects your privacy and is committed to keeping your information confidential. Our commitment to these values includes notifying individuals if we believe the confidentiality of their personal information might have been compromised. Accordingly, we are writing to advise you of a recent incident that may have involved some of your personal information.CodeMetro
April 21, 2020 | Ransomware
Abstract
On April 21, 2020, CodeMetro systems suffered a ransomware attack, which was detected within hours of its deployment. Upon discovery, we took immediate steps to contain the threat and engaged a third-party forensic firm to investigate the incident and assist with remediation efforts. We also notified federal law enforcement authorities of the incidentCoalinga Valley Health Clinics, Inc.
April 17, 2020 | Insider Threat
Abstract
On April 17, 2020, we were notified by Coalinga Police Department that an employee allegedly had removed certain documents from our office.Cognizant Technology Solutions Corporation
April 09, 2020 | Ransomware
Abstract
We recently discovered that Cognizant was the victim of a ransomware attack carried out by international cyber criminals. On April 20, 2020, Cognizant learned that the attackers staged and likely exfiltrated a limited amount of data from Cognizant’s systems. Based on our investigation, we understand that this activity occurred between April 9 and 11.Chegg, Inc.
April 09, 2020 | Ransomware
Abstract
We recently discovered that Cognizant was the victim of a ransomware attack carried out by international cyber criminals. On April 20, 2020, Cognizant learned that the attackers staged and likely exfiltrated a limited amount of data from Cognizant’s systems. Based on our investigation, we understand that this activity occurred between April 9 and 11.Abstract
On September 19, 2018, we learned that, on or around April 29, 2018, an unauthorized party gained access to one of our databases that hosts user data. An investigation, supported by a third-party forensics firm, was commenced. We have determined that some of your account information may have been obtained, which is why you are receiving this notice.Claire’s Stores, Inc.
April 7, 2020 | Malware
Abstract
We recently began an investigation of our e-commerce websites, and on June 12, 2020 we identified and removed computer code that had been added to our site by an unauthorized person. The added code was capable of obtaining information entered by customers during the checkout process and sending that information out of our system. A security firm was engaged and we identified the specific transactions involved. We also reinforced the security of our site. Purchases made in our retail store locations were not involved.Cetera Financial Group, Inc.
April 6, 2020 | Email Compromise
Abstract
On April 6, 2020, an unauthorized person accessed an employee’s email account. We detected the unauthorized access immediately and within five minutes secured the account, reset passwords, and initiated an investigation. Our investigation was unable to confirm that no emails or attachments were viewed by the unauthorized person.CBD Industries, LLC
March 30, 2020 | Malware
Abstract
Like many online retailers, we recently determined the eCommerce platform underlying our online retail sales webpage, cbdmd.com, was modified to include malicious code. The malicious code created a risk that customer-input elements on the webpage may have been skimmed by an unauthorized third party. we notified federal law enforcement and have been cooperating with their investigationCatholic Charities, Diocese of San Diego
March 27, 2020 | Ransomware
Abstract
Catholic Charities was recently the victim of a ransomware attack. The attack was discovered on March 30, 2020. While we do not know for certain, presumably the ransomware was deployed sometime between the close of business on Friday, March 27, 2020 and early morning on Monday, March 30, 2020. Upon discovering the attack, we immediately shut down our entire system and began investigating. We notified the FBI and retained a forensic firm to conduct a thorough investigation. While we initially tried to recover the data from our backups, we were unable to do so. Ultimately, we ended up paying the attacker and recovering all of our data. We do not have any evidence that the attacker or anyone else has misused any of the data subject to the attack. However, we do know that an unauthorized person or persons had access to the data for a short period of time. Therefore, we are notifying you of the incident.City of Torrance, California
March 1, 2020 | Unauthorized Access
Abstract
On March 1, 2020, the City announced that it had experienced a cybersecurity incident that affected some of its computer systems. During the course of its investigation, the City learned that some data that was taken during the incident was accessible on the internet.City of Torrance
March 01, 2020 | Breach
Abstract
As you know, we recently experienced a cybersecurity incident that we initially identified on March 1, 2020. The investigation of the incident is still ongoing and includes both law enforcement and cybersecurity professionals. On April 21, 2020, we learned that some data, including information about employees was on the internet. We continue to investigate the incident and the source of this data, but we wanted to make you aware of this new information at this time.CK-12 Foundation
February 26, 2020 | Website Compromise
Abstract
In early June, we became aware of a report that mentioned Braingenie as one of a number of websites impacted by a potential security incident. We promptly commenced an investigation, with the assistance of outside forensic experts and law enforcement, to assess whether the incident affected any of Braingenie's user information.The investigation determined that beginning sometime in late February, our systems were accessed without authorization. On July 15, we were able to determine that unauthorized actors obtained a small amount of personal information from a Braingenie test (QA) database. Since discovering this, we have continued to assess what personal information was impacted and to identify affected individuals.
Community Memorial Health System
February 18, 2020 | Third Party
Abstract
We were notified by PaperlessPay Corporation (“PaperlessPay”) in a letter dated March 20, 2020, that on February 19, 2020, they were contacted by the Department of Homeland Security (“DHS”) regarding a possible breach of their systems. PaperlessPay is a vendor hired by CMHS to house pay stubs and assist with W-2 forms. DHS notified PaperlessPay that there was an unknown person purporting to sell “access” to their client database on the dark web. In response, PaperlessPay shut down their web server and SQL server to prevent potential unauthorized access. During this time, CMHS and its employees experienced an interruption in service for a short amount of time while their servers were offline.June 22, 2017 | Phishing
Abstract
On June 22, 2017, a CMHS employee’s CMHS e-mail account was compromised via a phishing e-mail. On June 23, 2017, the employee noticed anomalies in their e-mail account and called CMHS’ help desk, which resulted in their account password being reset. This also prompted CMHS to launch an investigation to determine the scope of the incident and identify personal information that could have been accessed or acquired as a result of the incident. On or around July 7, 2017, CMHS discovered that the subject e-mail account contained personal information, prompting CMHS to engage a forensic consultant to determine whether a breach may have occurred.CorePower Yoga, LLC
November 7, 2019 | Email Compromise
Abstract
CorePower previously became aware of suspicious activity occurring within an employee’s email account, changed the employee’s email account password. and commenced an investigation to identify the source of the activity. As part of the investigation into the incident, which was conducted with the assistance of a third-party forensic specialist, it was determined that multiple employee email accounts were subject to unauthorized access between November 7, 2019, and February 3, 2020. The investigation was unable to determine which, if any, emails and attachments within the email accounts were accessed or viewed. Therefore, the forensic specialist then undertook a time-consuming review of all the emails and attachments in the email accounts to determine whether they contained any sensitive information.The forensic specialist completed its analysis of the email accounts on August 13, 2020, and prepared a list of individuals whose information was determined to be present in the emails or attachments located in the email accounts and possibly viewed by the unauthorized person(s).
Corning Union Elementary School District
November 4, 2019 | n/a
Abstract
n/aChino Valley Unified School District
November 04, 2019 | Vulnerability
Abstract
The district uses the Aries Student information system to provide students and their parents with online access to information regarding school events and schedules. In late November 2019, Aeries learned that an unauthorized individual attempted to exploit a vulnerability in the Aeries software that would allow access to student and parent information. Aeries later determined that the exploit was successful. Upon discovery, Aeries began an investigation and law enforcement launched an ivestigation to identify the person responsible, who Aeries believes is now in police custody. On May 1, 2020, Aeries confirmed to us that this individual may have accessed the District's Aeries System. We then conducted our own investigation, and on May 1,2020, determined that the individual did access parent and student data within the District's Aeries System.Corning Union High School District
November 04, 2019 | Unauthorized Access
Abstract
The district’s Student Information System developer, Aeries Software, Inc. (DBA Eagle Software) was notified in late November 2019 of unauthorized attempts to access data through the Aeries SIS. In response, they immediately began an investigation into whether these attempts had been successful and, if so, how they had been accomplished, what impact on data, if any, and what steps they could take to thwart future unauthorized access to data through the Aeries SIS using the same or similar means. At the time, their investigation did not reveal any compromise of the Aeries SIS or data.Central School District
November 04, 2019 | Vulnerability
Abstract
The District uses the Aeries Student information system to provide students and their parents with online access to information regarding school events and schedules. In late November 2019, Aeries learned that an unauthorized individual exploited a vulnerability in the Aeries software that would allow access to student and parent information. Upon discovery, Aeries began an investigation and law enforcement launched an investigation to identify the person responsible, who Aeries believes is now in police custody. On April 27, 2020, Aeries notified us that this individual may have accessed the District's Aeries system hosted by Aeries software. This incident did not involve District system and we have no evidence that the District's network has been breached.Cadence Aerospace
October 24, 2019 | Ransomware
Abstract
On Thursday, October 24, 2019, Cadence was subjected to a sophisticated attack when a ransomware program was launched on our systems. The intent of the attack was to encrypt our files and demand payment to release them.Community Action Partnership of Kern
October 11, 2019 | Insider Threat
Abstract
Between October 2019 and December 2019 two authorized users of the tax preparation software TaxWise used by CAPK to facilitate the VITA program gained unauthorized access to the tax returns of 512 VITA clients. CAPK first learned of this incident on December 23, 2019, and our investigation is continuing. At this time, CAPK has no reason to believe that your information was or is being used for any illegal purpose.Concorde Investment Services
September 17, 2019 | Phishing
Abstract
We recently learned that a limited number of employee email accounts may have been compromised by an email phishing attack resulting in unauthorized access to these email boxes.Cucamonga Valley Water Ditrict
August 26, 2019 | Malware
Abstract
CVWD maintains an online payment system that allows customers to pay their water bills online using a credit card. On November 6, 2019, Click2Gov identified an unauthorized script placed in the code of its web payment portal. That means that certain customer personal information may have been exposed to an unauthorized party. This incident only affects you if you entered your card payment information into Click2Gov between August 26, 2019 and October 14, 2019. At this time, there is no evidence that your personal information was actually accessed or misused by any unauthorized partyCamrosa Water District
August 20, 2019 | Server Compromise
Abstract
On August 13, 2020, Camrosa Water District discovered a criminal cyber-attack that resulted in data on certain devices becoming encrypted. We immediately began to investigate, a cybersecurity firm was engaged to assist, and measures were taken to address the incident and restore operations. The investigation that was recently concluded found evidence that there was unauthorized access to files on Camrosa Water District’s file servers between August 20, 2019 and August 13, 2020.Capital Planning Advisors, LLC
July 30, 2019 | Email Compromise
Abstract
We recently became aware of unusual activity related an employee email account. We immediately began an investigation and with the assistance of third-party forensic experts, we determined that a single employee email account may have been accessed without authorization between July 30, 2019 at approximately 10:02pm and August 1, 2019 at approximately 5:07pm. While the investigation did not determine that specific information within the account was viewed by an unauthorized actor, we engaged in a comprehensive review of the email account to identify potentially affected personal information. Through this process, we determined that some of your personal information was present in the email account at the time of the incident. To date, we are unaware of any actual or attempted misuse of this information as a result of this incident.City of Bakersfield
July 30, 2019 | Malware
Abstract
After receiving reports that fraudulent activity was detected on payment cards used legitimately on our website, Bakersfield immediately launched an investigation. Through our investigation, we determined that an unauthorized party had inserted unauthorized code into Bakersfield’s online payment system, Click2Gov, which is developed by a third-party vendor, CentralSquare Technologies (“CentralSquare”). The unauthorized code was designed to capture payment card data and other information entered on Bakersfield’s Click2Gov online payment system between the dates of July 30, 2019 and September 5, 2019. Upon learning of the unauthorized code, Bakersfield began working with CentralSquare to remove the unauthorized code from our website’s Click2Gov online payment system. Bakersfield has also updated its computer systems to protect against future insertion of the unauthorized code. We are notifying you because you made a payment on Bakersfield’s Click2Gov online payment system during this time period.August 11, 2018 | Malware
Abstract
After receiving reports that fraudulent activity was detected on payment cards used legitimately on our website, The City immediately launched an investigation. Through our investigation, we determined that an unauthorized party had inserted unauthorized code into The City’s online payment system, Click2Gov, which is developed by its third-party vendor, CentralSquare Technologies (“CentralSquare”). The unauthorized code was designed to capture payment card data and other information entered on The City’s Click2Gov online payment system between the dates of August 11, 2018 and October 1, 2018. Upon learning of the unauthorized code, The City began working with CentralSquare to remove the unauthorized code from our website’s Click2Gov online payment system. We are notifying you because you made a payment on The City’s Click2Gov online payment system during this time periodCentral Valley Regional Center
July 25, 2019 | Email Compromise
Abstract
On July 29, 2019, CVRC learned that an unauthorized third party may have gained access to an employee’s email account. Once discovered, CVRC disabled access to the account, immediately began an investigation, and engaged a digital forensics firm to assess the scope of the incident and evaluate whether any personal information was affected. The investigation determined that the incident may have occurred as early as July 25, 2019 until August 2, 2019.Coyuchi
June 20, 2019 | Malware
Abstract
Coyuchi discovered malicious code had been placed on our site that was designed to collect information entered at checkout such as payment card details and the user’s name, email address and address. We discovered this through an anti-virus alert on July 18th and the code was immediately removed from the site. Our security investigation indicates that the intrusion began on June 20, 2019 and as stated, was promptly removed on July 18, 2019 as soon as it was discovered.C&S Wholesale Grocers, Inc.
June 18, 2019 | Laptop Stolen
Abstract
On June 18, 2019, a Company-issued laptop was stolen in a car burglary. A police report was filed and the company immediately began an investigation and review to determine what information may have been stored on the laptop.California Department of Food and Agriculture
May 14, 2019 | User Error
Abstract
I am writing to you because of a recent security incident that occurred on May 14, 2019, at the California Department of Food and Agriculture (CDFA). A data file containing specific information about your annual or provisional license, and specific information regarding the status of your license being credentialed to use the California Cannabis Track-and-Trace system (CCTT) was inadvertently provided to an email address associated with a state-licensed cultivator. Most of the licensing information in the data file shared is currently available publicly.Collie Accountancy
April 18, 2019 | Ransomware
Abstract
On April 18, 2019, our office was hit with Ransomware. We immediately launched an investigation. During the length of the attack, April 18th to April 20th, the perpetrators could have gained access to client's data. It does not appear that was the intent, but the possibility exists.Carnival Corporation & PLC
April 11, 2019 | Email Compromise
Abstract
In late May 2019, we identified suspicious activity on our network. Upon identifying this potential security issue, we engaged cybersecurity forensic experts and initiated an investigation to determine what happened, what data was affected, and who was impacted. It now appears that between April 11 and July 23, 2019, an unsanctioned third party gained unauthorized access to some employee email accounts that contained personal information regarding our guests.Capistrano Unified School District
April 11, 2019 | Misconfiguration
Abstract
Total Registration LLC (“Total Registration”) facilitates exam registration for Aliso Niguel, Capistrano Valley, Dana Hills, San Clemente, San Juan Hills, and Tesoro High Schools, students, including Advanced Placement examinations. On May 10, 2019, Total Registration informed us that it had received notice of a misconfigured server that allowed for the potential unauthorized access to some of the information that Total Registration stores on its systems. Total Registration was informed of this issue on the evening of April 11, 2019 by a security researcher and reporter who wanted to make sure that Total Registration’s information was not improperly accessed or misused.Cornerstone Building Brands, Inc.
April 01, 2019 | Email Compromise
Abstract
Our ongoing investigation into a security incident determined that an unauthorized person accessed two employees’ email accounts. Upon learning of the incident, we immediately took steps to secure the accounts, launched an investigation, and a cybersecurity firm was engaged to assist. Our investigation determined that an unauthorized person accessed the email accounts at various times between April 1, 2019 and April 2, 2019 and may have accessed or viewed certain emails and attachments in the email accounts.Carl’s Golfland, Inc.
March 25, 2019 | Website Compromise
Abstract
We are writing to inform you that we recently had a breach in our online shopping website. This came to our attention through a bank inquiry in late June and we immediately notified authorities.Capital One
Abstract
TBDJanuary 27, 2017 | Insider Threat
Abstract
Capital One takes compliance with all states’ individual security breach laws seriously, and we periodically conduct testing of our performance against these requirements. It has come to our attention that we inadvertently neglected to notify your office of a recent security incident that involved personal information of our customers who are California residents. The details of the incident are included in the attached documents.Abstract
As we have discussed with you recently, someone made or attempted to make unauthorized transactions on your Capital One account(s) by logging in with your username and password, which we believe were stolen from one of these websites. This is a follow-up letter to provide you with notice of what happened and ensure all of your questions have been addressed.California Natural Products
March 21, 2019 | Phishing
Abstract
We value and respect the privacy of your information, which is why California Natural Products (“CNP”) is writing to you today. We want to follow up with you regarding a recent phishing attack on CNP’s email system that potentially compromised sensitive employee information from approximately March 21, 2019 to April 4, 2019. We became aware of this incident on April 4, 2019 and took immediate steps to both contain and thoroughly investigate this attack. Although we have no evidence of actual misuse of any of your information, we are notifying you out of an abundance of caution because this incident, by its nature, could have allowed a third party to access, use, and/or disclose your information. Federal law enforcement has also been notified.Calibre CPA Group
March 11, 2019 | Email Compromise
Abstract
? Calibre recently became aware of suspicious activity related to certain employee email accounts, as well as one of our computer servers. We immediately launched an investigation to determine the full nature and scope of the email activity and what information may have been affected. With the assistance of computer forensics experts, we learned that one of our computer servers as well as certain Calibre employee email accounts were accessed without authorization between March 11, 2019 and May 7, 2019.CafePress Inc.
February 19, 2019 | Unauthorized Access
Abstract
CafePress recently discovered that an unidentified third party obtained customer information, without authorization, that was contained in a CafePress database. Based on our investigation to date, this may have occurred on or about February 19, 2019.CorVel Enterprise Comp Inc.
February 14, 2019 | User Error
Abstract
On February 14, 2019, we learned that one of our employees inadvertently and mistakenly sent an email with a report attached to the wrong email recipient on February 14, 2019. The error was immediately recognized and the recipient confirmed that the report was never opened and that the email and report have been deleted and were not retained, used, or further disclosed. There is no evidence to suggest that there has been any attempt to misuse any of your personal information.City College of San Francisco
February 11, 2019 | Email Compromise
Abstract
On April 18, 2019, we learned that an unauthorized individual may have accessed an employee’s email account that contained some of your personal information. When we first learned of this incident, we took immediate steps to secure the information, changed our employees’ account passwords, and disabled self-service changes to the direct deposit system. A thorough investigation by a forensic security firm was conducted to determine what happened, who was impacted and what information may have been affected. We wanted to let you know this occurred and to assure you we take it very seriously.Abstract
On April 15, 2016, we learned that an employee had responded to a “phishing” email thinking that it was a legitimate request.1 When we learned of this, we immediately secured the email account, reset passwords and began an investigation of the incident.Centinela Valley Union High School District
January 29, 2019 | Phishing
Abstract
On January 31, 2019, we learned that one of our employees received a phishing email designed to appear as if it came from one of our other employees. Upon discovery, we immediately began an investigation to determine the scope of the incident and to verify what information may have been affected. We also notified the IRS, state tax boards, and federal law enforcement authorities, and we are cooperating with their ongoing investigation.Covenant Care California, LLC, on behalf of relevant affiliated nursing facilities
January 22, 2019 | Email Compromise
Abstract
Covenant Care California, LLC (“Covenant”) is an affiliated company that provides support services, including administrative and resources assistance, for [ClientDef1(Nursing Facility Name)]. On January 29, 2019, Covenant learned of suspicious activity related to an employee email account. We immediately commenced an investigation to determine the nature and scope of the incident. Working with third-party forensic investigators, we determined that an unauthorized actor(s) gained access to the employee’s email account between January 22, 2019 and January 29, 2019. We then undertook a diligent review and analysis of the email account to determine what records were present in the account at the time of unauthorized access, to whom those records relate, and what information the records contained. Through this review, on February 13, 2019, we determined that certain patient records were present in the account at the time of the unauthorized access. Based on our investigation, we determined your information was present in the account. While, to date, we are unaware of any actual or attempted misuse of information potentially affected by this incident, we are providing you this notification out of an abundance of caution.CJGO Fulfillment, Inc. DBA CoffeeAM
January 16, 2019 | Malware
Abstract
In October of this year we identified and eliminated a malicious script on the checkout page of our website. The script was added to our website by an unauthorized third party, and went undetected despite our use of industry-standard malware scanning and anti-virus technology. We began investigating this incident immediately after suspecting a problem, and worked diligently to resolve it. We were able to locate and eliminate the unauthorized script and have fully restored our systems.Centrelake Medical Group, Inc.
January 09, 2019 | Malware
Abstract
On February 19, 2019, Centrelake discovered its information system had been infected with a virus that prohibited its access to its files. Centrelake immediately worked to restore its information system and launched an investigation, with the assistance of third-party forensics, to determine the nature and scope of the incident. As part of Centrelake’s ongoing investigation, it determined this virus was introduced by an unknown third-party that had access to certain servers on its information system which contain personal and protected health information relating to current and former Centrelake patients. After a review of available forensic evidence, Centrelake determined that suspicious activity began on its network on January 9, 2019, lasting until the virus infection on February 19, 2019.Carmel Unified School District
January 05, 2019 | Phishing
Abstract
We recently learned that an outside individual sent a “phishing” email to certain District employees that resulted in unauthorized access to some District employees’ email accounts. One of those accounts contained a limited number of documents that included certain personal information. While the District does not have any way to determine whether or not any particular information within the account was accessed, we are providing notice to all individuals whose information was stored in the account out of an abundance of caution.Cherrydale Fundraising
October 28, 2018 | Unknown
Abstract
TBDBCitrix Systems, Inc.
October 13, 2018 |Network Compromise
Abstract
On March 6, 2019, the FBI informed Citrix that the FBI had reason to believe that international cyber criminals gained access to Citrix’s internal network. Following receipt of this information, we immediately launched an investigation, which remains ongoing. We currently believe that the cyber criminals had intermittent access to our network between October 13, 2018 and March 8, 2019 and that they removed files from our systems, which may have included files containing information about our current and former employees and, in limited cases, information about beneficiaries and/or dependents. Out of an abundance of caution, we are providing this letter to current and former employees of Citrix to alert them of this incident. We will notify you if your beneficiaries or dependents were impacted.Clinical Pathology Laboratories, Inc.
August 01, 2018 | Website Compromise
Abstract
On May 15, 2019, we were notified that AMCA experienced a data security incident that involved the payment page on AMCA’s website and unauthorized access to an AMCA database containing information belonging to CPL’s patients. AMCA is a vendor that assisted CPL with the collection of unpaid accounts. The security of CPL’s systems was not affected by this incident. Upon receiving notification about this incident, we immediately began an investigation to identify the affected individuals and the nature of affected information. We are utilizing cyber security experts to assist us in our investigation. Although we are unaware of the misuse of any of your personal information, out of an abundance of caution, we are notifying you about this incident and providing you information about steps you can take to protect your personal information.CBLPath, Inc.
August 01, 2018 | Website Compromise
Abstract
On May 15, 2019, we were notified that AMCA experienced a data security incident that involved the payment page on AMCA’s website and unauthorized access to an AMCA database containing information belonging to CBLPath’s patients. AMCA is a vendor that assisted CBLPath with the collection of unpaid accounts. The security of CBLPath’s systems was not affected by this incident. Upon receiving notification about this incident, we immediately began an investigation to identify the affected individuals and the nature of affected information. We are utilizing cyber security experts to assist us in our investigation. Although we are unaware of the misuse of any of your personal information, out of an abundance of caution, we are notifying you about this incident and providing you information about steps you can take to protect your personal information.CNG Financial Corporation, Inc. and its administrative services entity Axcess Financial Services, Inc
July 11, 2018 | Device Lost
Abstract
On July 11, 2018, CNG sent confidential customer information via courier service to a third-party vendor. The vendor performs routine auditing services for CNG. On July 16, 2018, the vendor reported that the package was delivered by the courier service in a damaged state, and that the device containing the confidential information was missing. CNG immediately launched an investigation with the assistance of the courier service to determine what happened and to try to recover the missing information. Based on our investigation to date, we have not yet located the missing informationCenterstone Insurance and Financial Services d/b/a BenefitMall
June 13, 2018 | Phishing
Abstract
On October 11, 2018, we became aware that Centerstone Insurance and Financial Services, d/b/a BenefitMall, (the “Company”) was the target of an email phishing attack that exposed employee email login credentials. Our investigation revealed that unauthorized access to the compromised employee mailboxes may have exposed some of your personal information. While the dates of the unauthorized access vary, the issue generally occurred between June 2018 and the discovery date.California Physicians’ Service d/b/a Blue Shield of California
May 22, 2018 | Server Compromise
Abstract
Sharecare Health Data Services (“Sharecare”), formerly known as “BACTES”, provides medical records management services to one or more of your doctors or other health care professionals. At times, Blue Shield needs to obtain information contained in your medical records to pay claims related to your treatment or for other healthcare operations purposes. Your doctor requires that Blue Shield obtain copies of these medical records from Sharecare. On December 31, 2018, Sharecare notified Blue Shield that between May 21, 2018 and June 26, 2018, an unknown third party was able to access its servers which contained your personal information and transfer that data to locations outside of the United States. Sharecare discovered the problem on June 26, 2018 and took immediate steps to prevent further access to your information and increase the security of its servers.Citrus Valley Health Partners
May 08, 2018 | Third Party
Abstract
We received a letter from Jobscience on September 5, 2018 informing us that an unauthorized third party gained access to its computer server on or around May 8, 2018. Jobscience informed us that the unauthorized third party took all of the data located on the server. Law enforcement is aware of the incident, but this notification was not delayed as a result of a law enforcement investigation.Cancer Treatment Centers of America at Western Regional Medical Center
May 02, 2018 | Unknown
Abstract
TBDBComplyRight, Inc.
April 20, 2018 | Vulnerability
Abstract
On or about May 22, 2018 we initially learned of a potential issue involving our website. Upon learning of the potential issue, we disabled the platform and remediated the issue on the website.Colorado Bankers Life Insurance Company
March 28, 2018 | Phishing
Abstract
On June 20, 2018, CBLife completed its investigation of a data security incident that involved a targeted phishing attack that compromised some of its employees’ cloud-based email accounts at various times between the dates of March 28, 2018 and April 13, 2018. Upon discovery, we secured employee email accounts, changed account settings to enhance security, and engaged a leading cyber security firm to assist with the investigation. CBLife undertook a comprehensive review of the emails and attachments in the accounts. The investigation confirmed that CBLife’s internal network and systems were not affected.City of Oxnard
March 25, 2018 | Breach
Abstract
On May 22, 2018, the city received a call from a banking institution advising that some of their credit card holders experienced fraudulent purchases on their accounts and these were the same cards used to pay their City of Oxnard utility bills with its Click2Gov (Superion) online payment system.California Department of Public Health
March 12, 2018 | Laptop Stolen
Abstract
On March 12, 2018, a CDPH contractor who performs health facilities inspections on behalf of the department’s vehicle was broken into and some documents and a laptop were stolen. The police were immediately notified and a report was taken and documented. Your personal and health information, which we obtained as part of health surveys/inspections, was stolen from the contractor’s vehicle.August 20, 2013 | User Error
Abstract
On August 20, 2013, a contracted Madera County WIC employee mistakenly gave WIC paper records about you to another participant. Upon discovering the mistake, the participant immediately notified the Madera County WIC office and returned your records.May 08, 2012 | User Error
Abstract
On or about May 7-8, 2012, after conducting a survey at the Bakersfield Memorial Hospital, an L&C employee mistakenly left the survey binder in an unattended vehicle. Later, the vehicle was broken into and the survey binder was stolen. As of today, the documents have not been recovered.Abstract
A roll of microfiche containing 2,000 State of California birth records for 1974 was found at an unsecure non-State owned location. The birth records are only of persons born or a parent of a person born in certain months in 1974 in nine specific counties. Thus the total number of people whose personal information may have possibly been revealed is limited to approximately 6,000. If you were not a child or the parent of a child born in the months of May, June, July, August or September of 1974 in either Santa Clara, Santa Cruz, Shasta, Siskiyou, Solano, Sonoma, Stanislaus, Sutter or Tehama counties, then your records were not on this roll of microfiche. Other than being found in an unsecure non-State owned location, there is no evidence that any of the records have been compromised or seen by anyone.Center for Orthopaedic Specialists
February 18, 2018 | Network Compromise
Abstract
A third-party technology vendor provides COS with information technology (IT) services. We recently received notice from the IT vendor that an unauthorized party had illegally accessed COS’s computer network. Working with the IT vendor, we immediately launched an investigation into the matter. The investigation determined that the unauthorized party began attempting to access our system beginning Feb. 18, 2018. The IT vendor indicated that the affected system was permanently taken offline before any patient information could be removed by the unauthorized party.CA Dept. Developmental Services
February 11, 2018 | Physical Intrusion
Abstract
On Sunday, February 11, 2018, unknown persons broke into the Department’s legal and audits offices, ransacked the offices and paper files, vandalized property, and started a fire. The fire set off the building’s sprinklers, which caused water damage to many documents and computer workstations. Law enforcement is investigating the incident.Creation Entertainment, Inc.
February 01, 2018 | Unauthorized Access
Abstract
After learning that some of our customers reported fraudulent activity with a credit or debit card, we engaged computer experts to investigate whether information on our systems was at risk. In March, our forensic consultants observed suspicious activity surrounding credit or debit card numbers that were in our ordering system used on our website between February 1, 2018, and October 10, 2018. We previously provided updates from our investigation on our website and social media pages, and are sending this email to notify customers whose payment card information was potentially compromised.California College of the Arts
January 19, 2018 | Laptop Stolen
Abstract
On Friday January 19, 2018, a California College of Arts (the “College”) laptop used by one of our employees was stolen out of the employee’s vehicle. The employee promptly reported the theft to College staff and to local law enforcement. The College quickly began to investigate and take steps to respond. The user’s passwords were changed to prevent access to the College’s computer systems. The College also began to monitor for signs that the laptop was active to remotely wipe the device. To date, the College has not seen any signs that laptop has connected to the internet. Since learning of the theft, the College has been identifying and reviewing files that may have been contained on the laptop at the time of the theft to determine what information may have been accessible on the device. To date, we have no evidence of any actual or attempted misuse of information as a result of this incident.Coty, Inc.
January 12, 2018 | Phishing
Abstract
In January and February of this year, hackers using ‘phishing’ techniques accessed a number of Coty employee email accounts. A phishing email is designed to trick recipients into clicking on a link or revealing their login details. As a result, the emails within those accounts may have been seen or downloaded. We became aware of the incident on January 12, 2018, and immediately took steps to stop the hackers, and initiated an investigation to understand what had happened and the extent of the breach. After thorough analysis, our security experts have confirmed that the incident has been contained and that the additional security measures we have implemented will help guard against similar incidents in the future.Capitol Administrators, Inc.
January 07, 2018 | Phishing
Abstract
On March 30, Capitol learned through a forensic investigation of a phishing email incident that certain emails and attachments had been accessed by an unauthorized person. Upon first learning of the phishing incident, Capitol took immediate steps to secure the account, conduct an internal investigation, and enhance the security of its system. Capitol also engaged a leading cyber security firm to perform an investigation. That investigation determined that an unauthorized individual accessed certain emails and attachments in a small number of Capitol employees’ email accounts.City of Thousand Oaks
January 04, 2018 | Unauthorized Access
Abstract
On February 28, 2018, we learned that an unauthorized individual may have gained access to the computer used by the City’s vendor to process credit card transactions. Upon discovery, we immediately began an investigation and hired a third-party forensic firm to determine what happened and what information may have been affected.November 21, 2017 | Unauthorized Access
Abstract
On February 28, 2018, we learned that an unauthorized individual may have gained access to the computer used by the City’s vendor to process credit card transactions. Upon discovery, we immediately began an investigation and hired a third-party forensic firm to determine what happened and what information may have been affected. On April 23, 2018, the City’s vendor provided information suggesting that additional transactions may have been exposed. Even though our own investigation did not confirm this conclusion, we decided to notify you as a precaution.Compass Bank
January 01, 2018 | User Error
Abstract
Please be advised that an external BBVA comparess contractor improperly accessed some of the personal and/oraccount information of a limited number of bank customers and prospects in violation of the bank's policies and procedures. The time period during which the external contractor's unauthorized access occurred is under investigation and ended no later than july 2, 2018. while it is early in our discovery of this situation and our investigation continues, from what we have seen so far it appears the number of records the external contractor actually misused is limited. We wanted to let you know of this incident as soon as it was practical to do so. we sincerely apologize for this incident and for any concern this matter may cause you. We are standing by to help and answer any questions you have.CBS Interactive, Inc.
January 01, 2018 | Unauthorized Access
Abstract
On May 21, 2018, we determined that between January and May 2018, an unauthorized party had gained access to information submitted by users to TVShowsonDVD. As a result, certain registration information that you submitted to the site, which may have included your name, username, password, or date of birth, may have been compromised. If you used the same password for TVShowsonDVD.com for other websites, we strongly recommend you change those passwords and monitor your accounts for any suspicious activity. Please note that we will never email you a direct link to update your settings or ask for your password.California State University, Fresno
December 22, 2017 | Physical Intrusion
Abstract
A break-in occurred in the Athletics Department sometime in the last week of December 2017, during the campus holiday closure. Once discovered, the matter was immediately reported to Campus police, and an internal investigation was initiated to determine what, if any, personal information may have been stored on those devices. On January 12, 2018, we learned that an unencrypted hard drive was among the items that were stolen.CareMeridian, LLC
December 21, 2017 | Device Lost
Abstract
On December 21, 2017, [entity] discovered that an unencrypted disk sent by a third-party software provider containing documents that included sensitive information appeared to have been lost in the mail. [entity] immediately launched an investigation to determine the nature and scope of this incident, the types of information involved and the individuals who may be affected. We retained a third-party expert to assist us with these ongoing investigations. We continue to have no evidence of actual or attempted misuse of information as a result of this incident.CPT Group, Inc.
December 08, 2017 | Phishing
Abstract
CPT is a class action settlement administrator. We send settlement notices to class members, answer questions class members may have, and process settlement payments. To accomplish this function, we are provided with necessary data about class members, including certain types of personal information.Corporation Service Company
November 25, 2017 | Network Compromise
Abstract
During routine security monitoring, we detected that an unauthorized third party accessed parts of our network and certain systems. On April 5, 2018, we determined an unknown actor exfiltrated a database table from our network on November 25, 2017 that contained certain information relating to you.Cruzstar LLC.
November 05, 2017 | Malware
Abstract
Our cybersecurity team has determined that the timeframe of this incident was from November 5, 2017 to November 28, 2017 and impacted only certain transactions. We have learned that the malware was contained to ONLY the Desktop ordering site of the version that you are using and certain payment gateways. Thus, this incident was contained to a part of our system and did NOT impact the Mobile ordering site or any other MenuDrive versions.Cheddar’s Scratch Kitchen (a concept acquired by Darden Restaurants in 2017)
November 03, 2017 | Unauthorized Access
Abstract
On August 16, 2018, Cheddar’s Scratch Kitchen (a concept acquired by Darden Restaurants in 2017) learned that between November 3, 2017 and January 2, 2018, an unauthorized person or persons gained access to the Cheddar’s Scratch Kitchen network and were able to access and potentially obtain payment card information used to make purchases in certain Cheddar’s Scratch Kitchen restaurants in the following states: Alabama, Arizona, Arkansas, Delaware, Florida, Illinois, Indiana, Iowa, Kansas, Louisiana, Maryland, Michigan, Missouri, Nebraska, New Mexico, North Carolina, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia, and Wisconsin.California Physicians’ Service, d/b/a Blue Shield of California
November 01, 2017 | Insider Threat
Abstract
On March 23, 2018, the Blue Shield of California (Blue Shield) Privacy Office received confirmation that your Protected Health Information had been shared with an insurance broker who was not authorized to receive it. The disclosure occurred in November 2017, during the 2018 Medicare Annual Enrollment Period, when a Blue Shield employee emailed a document containing your PHI to an insurance broker in violation of Blue Shield policies. We sincerely apologize for this incident and regret any inconvenience it may cause you.May 09, 2015 | Programming Error
Abstract
Between May 9, 2015 and May 18, 2015, your PHI may have been disclosed to an otherwise authorized user of the secure website that Blue Shield maintains for use by our group health benefit plan administrators and brokers. Authorized users may access the website (the “Website”) to manage information about their own health benefit plan members. As the (unintended) result of a computer code update Blue Shield made to the Website on May 9, three users who logged into their own Website accounts simultaneously with (at the exact same time as) another user were able to view member information associated with the other user’s Website account. This issue was reported to the Blue Shield Privacy Office on May 18. The Website was promptly taken off line to identify and correct the problem. The Website’s faulty code was identified and corrected and the Website was returned to service on May 19. Our investigation revealed that this was the result of human error on the part of Blue Shield staff members, and the matter was not reported to law enforcement authorities for further investigation.Chapman University
Abstract
Last week an external hard drive went missing from Chapman University’s Harry and Diane Rinker Health Science Campus. The employee who was assigned the external drive had access to several University network drives. Chapman University cannot determine the actual contents of the missing external disk drive but it is treating the entire content of all drives that the assigned employee had access to as potential content on the missing external drive.February 27, 2013 | Misconfiguration
Abstract
On February 27, 2013 Chapman University officials learned that certain electronic documents containing personal information could have been viewed by authenticated users of the Chapman University system. These documents were never available to the general public, and only authenticated users of the on-campus network who were logged into the system could have accessed them. As a precautionary measure you are being notified of this matter.Corovan Corporation
September 14, 2017 | Misconfiguration
Abstract
On October 17, 2017, we became aware that certain Company files containing sensitive information that were stored on a Company server had become browsable for a brief period of time through a directed search on the Google search engineCabrillo Community College District
September 04, 2017 | Server Compromise
Abstract
On September 5, 2017, we learned that an unauthorized person gained accessed to one of our servers. We immediately disabled the server, began an investigation, and determined that the server contained a database that maintained student orientation information.CJ Products Inc.
August 30, 2017 | Malware
Abstract
After noticing an unusual code imbedded within our website, on April 18, 2017, we hired a specialized forensic IT firm to investigate. On January 28, 2019, the specialized forensic IT firm determined that there was unauthorized access to our website code from a foreign IP address between August 30, 2017 and April 9, 2018. The code was immediately removed from the site and measures were immediately implemented to prevent further access to customer information. As a result of this access, Credit Card data inputted by customers is considered at risk of exposure. Accordingly, we are notifying everyone whose information passed through our system out of an abundance of caution.ClubSport San Ramon and Oakwood Athletic Club
July 31, 2017 | Phishing
Abstract
On July 31, 2017, we discovered that an employee was the subject of a phishing attack when they received an email that appeared to be from an executive, requesting copies of employees W-2 wage and tax statements. In response to that email, individual employee W-2 information was sent to an unauthorized email address. From our investigation, it appears that this contained your personal information, including your name, address, Social Security number, and wage and tax information from 2016. This DID NOT include personal banking or financial account information. Local law enforcement and the IRS have been notified of this incident and we are cooperating with their investigations.Cohn Handler Sturm
July 29, 2017 | Device Lost
Abstract
On July 29, 2017, a partner’s pin protected cell phone was stolen from his person. Upon the robbery, the partner’s work account log-in information was changed and his email account was instructed to remotely delete from his phone immediately when connecting to the internet.Cheddar’s Casual Café, Inc. d/b/a Cheddar’s Scratch Kitchen
July 21, 2017 | Physical Intrusion
Abstract
Early on July 21, 2017, there was a break-in at locked corporate facility for Cheddar's Scratch Kitchen in Texas that resulted in the theft of several laptops and a hard drive containing personal some team members' personal information and very limited guest information. The incident was promptly reported to the police and their investigation is ongoing.CoreLogic Credco
July 21, 2017 | Unauthorized Access
Abstract
Credco learned that between July 21, 2017 and August 7, 2017 an individual obtained access to Credco’s system to obtain your consumer information without proper authorization. Upon notification of this incident, on August 7, 2017, Credco immediately disabled the individual’s access the same day and conducted a review of our internal controls and safeguards to prevent a recurrence.CBS Consolidated Inc.
July 10, 2017 | Unauthorized Access
Abstract
On July 10, 2017, during our routine review of our system logs, we discovered an account on our server that we did not recognize. We examined the account and determined that it was downloading information stored on our server, including personal information about Certified Medical Supplies's patients.Chiorini, Hunt & Jacobs
July 01, 2017 | Email Compromise
Abstract
On September 27, 2017, we became aware that some clients received an e-mail that appeared to be from David Jacobs, but it was not. All firm email credentials were immediately changed and we began an investigation into the matter, including hiring a third-party IT firm. After a thorough investigation, the IT firm has determined that the [email protected] email account credentials were compromised and used on July 1, 2017 and September 27, 2017, to access our externally hosted email server. The attacker had access to email boxes for [email protected], [email protected] and [email protected] Because of this breach, we are notifying you out of an abundance of caution. However please note there was no access to our internal network, servers, or the data within those systems.City of Hope
May 31, 2017 | Phishing
Abstract
Despite all of the measures that we implement to protect our patients’ information, we recently learned that City of Hope was the target of a phishing email. A phishing email is an attempt to acquire personal information such as account usernames and passwords by sending an email that looks like it is coming from a trustworthy source. This incident occurred on May 31st and June 2nd. Unfortunately, this incident resulted in unauthorized access to the email accounts of four staff members.Campbell Union High School District
April 03, 2017 | Server Compromise
Abstract
Sometime between 03/30/2017 and 4/6/2017 district computers were tampered with allowing unauthorized access to district file servers.Canyon Bakehouse LLC
March 29, 2017 | Malware
Abstract
Canyon recently discovered that unknown third parties gained unauthorized access to the computer system supporting our website and installed malware that compromised the security of some customer payment card information. Specifically, our investigation determined that payment card information that customers entered on the "check out" page of the website from February 12-19, 2019, was obtained without authorization. The investigation further determined that some information that customers submitted to the website between March 29, 2017, and January 9, 2019, also may have been obtained without authorization.California State University East Bay
March 27, 2017 | Website Compromise
Abstract
On September 17, 2018, the University discovered that unauthorized access to your personal information occurred between March 27, 2017 and September 2, 2018. Upon discovery of the incident, we immediately commenced an internal investigation. Based on our findings to date, the University has learned that an unknown third-party broke into a University web application using an overseas IP address and a software tool designed to secretly access information on the server. The particular campus application affected was used to store various certification and program participant information managed by the College of Education and Allied Studies, including a small number of applicants. The compromised application has been removed from our server and vulnerabilities have been mitigated.Char-Broil, LLC
March 22, 2017 | Malware
Abstract
On April 21, 2017, we discovered that an unauthorized third party uploaded malicious computer code to the system that hosts Charbroil.com. Upon discovering this attack, we took immediate action to protect customer information. We removed the code, notified law enforcement of the criminal activity, and engaged leading forensic experts to assist our company in investigating the security incident. Based on the investigation, we believe that the code was present when customers made purchases via the online store during approximately March 22, 2017 and April 21, 2017, and that the code may have been used to obtain customer payment card transaction information for a limited number of transactions during that time. You are receiving this notice because our records indicate that you made a payment card purchase during that time.Campbell Taylor & Company
January 27, 2017 | Ransomware
Abstract
After noticing some unusual activity on our network including a possible ransomware attempt, on February 13, 2017, we hired a specialized forensic IT firm to investigate. On February 23, 2017, the specialized forensic IT firm determined that there was unauthorized access to our main network drive from a foreign IP address between January 27, 2017 and February 2, 2017, however the firm cannot determine which files were accessed. Accordingly, we are notifying everyone whose information was on our system out of an abundance of caution.CCHCS
January 23, 2017 | User Error
Abstract
On January 26, 2017, California Correctional Health Care Services (CCHCS) was informed that on January 23, 2017, a CCHCS staff member inadvertently sent an email containing your personal information to a staff member at another California State department.Caliber Home Loans, Inc.
January 18, 2017 | Unauthorized Access
Abstract
Based upon a extensive investigation conducted by a leading forensic firm, it appears that beginning on approximately January 18, 2017, unauthorized individuals gained the ability to access a limited number of electronically-stored loan files, and may have had access to other documents containing personally-identifying information. In addition, the unauthorized individuals may have had access to sufficient information in order to gain access to certain customers' online caliber account, if the customer had not previously set up such an account.Castro Valley Health, Inc.
January 01, 2017 | User Error
Abstract
The incident occurred when certain information about Castro Valley Health, Inc.’s patients inadvertently was transferred during 2016-2017 to a third-party website called Docker Hub. Castro Valley Health, Inc. first became aware of this incident on April 21, 2020, and promptly removed the information from the Docker Hub site. The transferred information was heavily coded and therefore not readable without significant decoding.City of Indio/Indio Water Authority
January 01, 2017 | Third Party
Abstract
We recently learned of unauthorized access to Click2Gov, an outside vendor that provides our online payment system for processing credit card transactions. We immediately launched an investigation and worked with a third-party forensic firm to determine what information may have been affected.Claremont University Consortium
November 15, 2016 | Laptop Stolen
Abstract
On November 15, 2016, several items, including a password-protected laptop, were stolen from a Claremont University Consortium employee’s locked vehicle. The theft was discovered the same day and the employee promptly notified the College and the Berkeley Police Department. We have been working with law enforcement but, to date, they have been unable to locate the suspects or the stolen items.Catholic United Financial
November 12, 2016 | Website Compromise
Abstract
On September 6, 2017, Catholic United Financial became suspicious that there may have been an intrusion on its web server and was concerned that such an intrusion may have led to the unauthorized access to personally identifiable information of Catholic United Financial’s members. On that same day, Catholic United Financial hired outside forensic investigators to assess the situation and determine whether such an intrusion had occurred. Catholic United Financial immediately removed all potential access to personally identifiable information on its web server and secured the web server from any possible further intrusion.Children’s Hospital Los Angeles
October 18, 2016 | Laptop Stolen
Abstract
On December 21, 2016, we learned that a laptop that was stolen from the locked vehicle of a Children’s Hospital Los Angeles Medical Group physician who practices at Children’s Hospital Los Angeles was unencrypted.Abstract
On November 29, 2017, Children's Hospital Los Angeles (“CHLA”) learned that your child's confidential health information was inadvertently transmitted to the wrong insurance payor.California Community Colleges Chancellor’s Office (submitted c/o Pearson VUE)
October 01, 2016 | Phishing
Abstract
person VUE provides Nurses's Aide assessment and licensure services for the state of califorina. Pearson VUE discovered that certain california Nurses' Aide information may have been improperly forwarded to an unauthorized account due to email phishing of an account related to our provision of these services between October 206 and september 2017. we notified the chancellor's office in August 2018 that you are a potentially-affected individual.Christian Louboutin LLC
August 28, 2016 | Website Compromise
Abstract
On August 28, 2016, unknown individuals gained access to the U.S. website of the Company’s online boutique, http://us.christianlouboutin.com, through unauthorized use of an administrative password from a third party website manager. Unfortunately, the intruders were able to access information associated with online purchases made through this website between August 28, 2016 and October 3, 2016. The compromised information includes card holders’ names, card holders’ billing addresses debit and credit card numbers, passwords, security codes and expiration dates. While not all debit and credit cards used during this time period were necessarily affected, out of an abundance of caution we are notifying you of this incident. We believe that the intruders accessed approximately 666 debit and credit card numbers and related information affecting approximately 549 California customers.Cisco Systems, Inc.
August 18, 2016 | Misconfiguration
Abstract
As part of Cisco’s commitment to trust and transparency, we are writing to inform you about an incident potentially involving your personal information. An independent security researcher discovered that a limited set of job application related information from the Cisco Professional Careers mobile website was accessible. Cisco’s investigation found this to be the result of an incorrect security setting following system maintenance. The issue was immediately fixed and passwords to the site have been disabled. Because Cisco takes its responsibility to protect information seriously, and since many people use the same passwords on multiple websites, we wanted to alert you to this incident.CalOptima
August 17, 2016 | Insider Threat
Abstract
On or about August 17, 2016, a departing CalOptima employee downloaded data, which included protected health information, to an unencrypted USB flash drive. Shortly after, the departing employee returned the USB flash drive to CalOptima. While we are still investigating the contents of the flash drive, we do not believe the information was shared.Club Quarters Hotels
August 10, 2016 | Server Compromise
Abstract
We were notified in June by Sabre that an unauthorized intruder was able to gain access to Sabre’s systems and view certain reservation information during the time period between August 10, 2016, and March 9, 2017, when the unauthorized access terminated.Curtis F. Robinson, M.D. Inc.
July 26, 2016 | Third Party
Abstract
On August 22, 2016, we received confirmed notice from our electronic medical record provider that their electronic system was subject to a malware attack on July 26, 2016. They became aware of the incident on July 27, 2016, and we are informed that they promptly took action to secure their systems.County of Los Angeles
May 13, 2016 | Phishing
Abstract
On May 13, 2016, the County experienced a phishing email attack that affected approximately 108 out of 120,000 County employee email accounts. A phishing email tries to trick someone into giving up important information (in this case, email account usernames and passwords) by appearing to come from a trustworthy source. Email accounts are used by County employees to communicate about and coordinate County services. As a recipient of County services, information concerning you described below was identified in one or more of these email accounts and may have been compromised. Due to the ongoing investigation by law enforcement, we were advised to delay notifying you of this incident until now, as public notice may have hindered their investigation.Abstract
On April 3, 2015, during the execution of a search warrant served at the home of a Hawkins’ employee unrelated to County business, law enforcement discovered and seized items that contained confidential patient information of about 900 Hawkins’ patients, treated between 2011 and 2015. Law enforcement is assisting the County with their investigation.City of Vallejo
May 09, 2016 | Accident
Abstract
Your Social Security number was accidentally disclosed on May 9, 2016. The City takes the security of your personal information very seriously, and I apologize for any inconvenience this incident may cause. Please know that we are taking actions to ensure a similar disclosure does not happen in the future.CDCR - California Health Care Facility
May 02, 2016 | User Error
Abstract
We are writing to you because of a security incident that occurred on May 2, 2016 at the California Health Care Facility. An employee inadvertently e-mailed a document containing your personal information to the wrong person.Community Family Care Medical Group IPA, Inc
February 29, 2016 | Third Party
Abstract
CFC has recently become aware that one or more of our contracted Provider’s, possibly including your primary care provider Roy Medical Group (Dr.s Ahdoot, Amor-Roy, Antonio, Kankar, Faustina, Shamsa, Sirajullah, Uy and Wilson), may have provided a limited amount of CFC member information to individuals working for or on behalf of the Heritage Provider Network or one of its affiliates, including Regal Medical Group, Lakeside Medical Organization, and Sierra Medical Group. If the information was provided it was without the knowledge or authorization of CFC, and in violation of our rules and contracts concerning the disclosure or use of CFC member information. Though we only recently learned of it, we suspect that the incident may have occurred sometime in July 2016.California Correctional Health Care Services
February 25, 2016 | Laptop Stolen
Abstract
On April 25, 2016 California Correctional Health Care Services (CCHCS) identified a potential breach of your Personally Identifiable Information and Protected Health Information that occurred on February 25, 2016. An unencrypted laptop was stolen from a CCHCS workforce member’s personal vehicle. The laptop was password protected in accordance with state protocol.June 19, 2013 | Files Lost
Abstract
On June 19, 2013, dental records were reported missing from a California Correctional Health Care Services (CCHCS) staff member’s possession while off the premises of a correctional institution. The missing documents contained information such as patient name, CDCR number, date of birth, and dental treatment plan. It is possible that your dental record may have been included in the missing documents. CCHCS has conducted an investigation of this incident and is taking steps to locate the missing documents.June 20, 2012 | User Error
Abstract
On June 20, 2012, a staff member at California Correctional Health Care Services (CCHCS) inadvertently included your Social Security Number (SSN) when sending leave balance information via email to staff members within California Department of Corrections and Rehabilitation (CDCR) institutions. Recall request for the email was made to prevent opening and reading the message; however, it cannot be determined whether or not some recipients read the email.Central Concrete Supply Co. Inc.
February 23, 2016 | Phishing
Abstract
On February 24, 2016, we became aware of a data breach by which we believe a third party obtained access to copies of your 2015 W-2 income and tax withholding statements. This information was stolen through a sophisticated social engineering scheme in which an outside party posing as another person convinced an employee of Central Concrete Supply to provide copies of the documents by email on February 23, 2016. The data was not obtained through any breach of the Company’s information technology systems.Calpine Corporation
February 09, 2016 | Laptop Stolen
Abstract
A Calpine employee’s laptop, which contained confidential employee information, was stolen from a car. We learned from law enforcement that the car that was broken into is one of several cars broken into on the same day, in the same general vicinity. We believe that the theft was likely conducted by someone interested in the value of hardware stolen as opposed to information or files on the computer. In addition, the computer was password protected and contained software that would cause the computer to be immediately wiped if the unauthorized user connected to the Internet. Also, the financial information on the laptop was maintained in a format that would make it difficult for a bad actor to exploit.CertifiKid LLC
January 25, 2016 | Malware
Abstract
On March 25, 2016, CertifiKid discovered malicious software code that was inserted by unknown individuals into the server of its e-commerce website between the dates of January 25, 2016 and March 19, 2016. We immediately began investigating the issue to determine what, if any, impact this vulnerability had on our customers. We engaged third party experts to assist us with this response. Subsequently, we determined that your personally identifiable information may be at risk.County of San Diego
December 17, 2015 | User Error
Abstract
The County of San Diego's Benefits Division became aware of an issue involving Wells Fargo Health Savings Accounts (HSA) on December 17, 2015. Data regarding County employees who elected to set up HSAs was sent to Wells Fargo. In addition, however, to the information of the employees who elected this benefit option, your information was inadvertently sent to Wells Fargo as well. Consequently, an HSA was set up in your name and a debit card for the account was mailed to your home address, along with a welcome packet.California Virtual Academies
December 09, 2015 | Vulnerability
Abstract
On December 9, 2015, a data security researcher notified California Virtual Academies (CAVA) of a vulnerability in a data storage system. CAVA, with support from its education and technology services provider, K12 Inc., identified the vulnerability and secured the data within hours of the initial notification. The information that was accessed was not on servers owned or operated by K12 Inc. or the CAVA schools.Cotti Foods California, Inc.
December 02, 2015 | Third Party
Abstract
Wendy’s recently reported additional malicious cyber activity involving some franchisee-operated restaurants. The Company believes this criminal cyberattack resulted from a service provider’s remote access credentials being compromised, allowing access – and the ability to deploy malware – to some franchisees’ POS systems. Soon after detecting the malware, Wendy’s identified a method of disabling it and thereafter has disabled the malware in all franchisee restaurants where it has been discovered. The investigation has confirmed that criminals used malware believed to have been effectively deployed on some Wendy’s franchisee systems starting in late fall 2015.Cottage Health
October 26, 2015 | Misconfiguration
Abstract
We are writing to let you know of a security incident that resulted in the exposure of certain Protected Health Information (“PHI”) of patients of Cottage Health’s (“CH”) affiliated hospitals including Goleta Valley Cottage Hospital, Santa Ynez Valley Cottage Hospital and Santa Barbara Cottage Hospital. Our preliminary investigation indicates that your PHI may have been included in the exposure. However, we have no indication that your information, or any patient’s information, has been misused.California Department of Motor Vehicle (CA DMV)
September 28, 2015 | User Error
Abstract
On September 28, 2015, a DMV employee was sending a file containing your personal information to the Santa Clara Transportation Agency as part of the agency’s Employer Pull Notice (EPN) program. The EPN program provides agencies with a means of promoting driver safety through the ongoing review of driver records.CSAC-EXCESS INSURANCE AUTHORITY
September 03, 2015 | Third Party
Abstract
CSAC-Excess Insurance Authority (CSAC-EIA) is an insurance risk sharing program for California public entities, such as counties, cities, and school districts. CSAC-EIA provides excess insurance coverage to its members when individuals bring worker’s compensation, general liability, or medical malpractice claims against the member. Because of the importance of protecting information provided by individuals, CSAC-EIA is writing to inform you of an incident involving information associated with a claim you have/had with .Community Catalysts of California
August 31, 2015 | Device Lost
Abstract
We are writing to inform you of a data security incident that may have resulted in the disclosure of your personal information, including your name, address, diagnosis, date of birth, age, gender and telephone number. Your Social Security number, financial account numbers, medications or universal client identification number were not exposed and remain secure. We take the security of your personal information very seriously, and sincerely apologize for any inconvenience this incident may cause. This letter contains information about steps you can take to protect your information.CM Ebar LLC
August 12, 2015 | Malware
Abstract
On November 3, 2015, Elephant Bar was alerted to a potential security incident by its card processor. Based upon an extensive forensic investigation, it appears that unauthorized individuals installed malicious software on our payment processing systems at certain restaurant locations designed to capture payment card information. These locations included 20 in California: Bakersfield, Burlingame, Campbell, Citrus Heights, Concord, Cupertino, Daly City, Downey, Dublin, Emeryville, Fremont, Fresno, Hayward, La Mirada, Lakewood, Montclair, Sacramento, San Marcos, Torrance and West Covina; three in Colorado: Colorado Springs, Lakewood and Greenwood Village; two in Arizona: Chandler and Peoria, and one each in Orlando, Florida, St. Louis, Missouri, Albuquerque, New Mexico, and Henderson, Nevada. We believe the malware could have compromised payment card data – including name, payment card account number, card expiration date, and verification code – of customers who used a payment card at the affected locations. Although the timing of the incident varies by location, the forensic investigation has indicated that this incident may have impacted individuals who made payment card purchases between August 12, 2015 and December 4, 2015. Please visit www.elephantbar.com/incident for a list of the affected locations, the specific time frame for each location during which we believe payment card data could have been affected, and some other helpful resources.County of Sacramento
August 08, 2015 | Programming Error
Abstract
We are writing to let you know about an information security situation that potentially could affect you, and to share the steps we’ve taken to address it.Combat Brands, LLC
July 01, 2015 | Malware
Abstract
On October 6, 2017, while in the process of running routine scans, we identified some unusual code that was running on our website. On that same day, we discovered that we were the victim of a sophisticated cyber-attack that resulted in the potential compromise of some customers’ debit and credit card data used at www.fightgear.com, www.fitness1st.com, www.ringside.com, and www.combatsports.com between July 1, 2015 and October 6, 2017.CiCi Enterprises, LP
June 30, 2015 | Malware
Abstract
While this matter is still under investigation, we wish to report what we currently know. In early March of 2016, we received notice from several of our restaurant locations that their Point of Sale (POS) systems were not working properly. Our POS Vendor began an investigation to assess the problem and initiated heightened security measures. When the POS Vendor found malware on the POS software at some Cicis restaurants, we immediately began a restaurant by restaurant data security review and remediation. We also retained a third party cyber security firm to perform a forensic analysis to determine what, if any, information might have been compromised and to verify that all threats have been eliminated. The forensic firm reported its findings on July 19, 2016 confirming that a malicious software program had been introduced by a hacker to the POS system used by some Cicis restaurant locations. The threat of that malware to our restaurants has been eliminatedChoice Hotels International, Inc.
June 01, 2015 | Misconfiguration
Abstract
Choice recently learned of a technical issue that only occurred in a specific circumstance. The cause of the issue has been addressed. The issue involved information entered by a visitor to Choice’s website being inadvertently accessible to third parties, with whom Choice has a business relationship, when the visitor’s web browser crashed while on the site. Choice uses technology to track activities that occur on its website (e.g., cookies), and that technology sends data to companies that provide services to Choice. For visitors to Choice’s website who used the Safari web browser, if Safari crashed and restarted, Safari would put information that had been typed by the visitor on the page into the website address for that page. Tracking technology reads the website address of pages on Choice’s website and sends the data to third parties. Except in a Safari crash circumstance, the page address does not contain information entered by visitors. We believe this occurred because of how the code for Safari was written. This specific issue occurred approximately 88,000 times from June 2015 through November 12, 2019.Consolidated Tribal Health Project, Inc.
April 28, 2015 | Insider Threat
Abstract
CTHP has become aware of a data security event involving unauthorized access by a former employee to certain CTHP systems and information maintained by CTHP. CTHP has been working to understand the nature and scope of the incident, and has engaged third-party data forensics experts to assist with its investigation. Law enforcement is also actively investigating this matter, and CTHP is cooperating with this criminal investigation. While the investigations into this incident are ongoing, we determined that the security of some current and former patient, responsible party, and employee information may be affected including your [PII Data Elements: name, address, medical information, health insurance information, date of birth, Social Security number, telephone number, financial information and driver's license number].Clif Bar Family Winery & Farm, LLC
April 01, 2015 | Third Party
Abstract
We are writing to inform you that Missing Link Networks, Inc. (MLN), Clif Family Winery’s third-party ecommerce provider, was recently the subject of a data security incident. MLN notified us of this incident on May 27, 2015. You are receiving this letter because your payment card information may have been among the data involved.Copart Inc.
March 31, 2015 | Website Compromise
Abstract
We are writing to inform you of an incident that may have affected information you provided to Copart. On March 31, 2015, we discovered that an unauthorized person gained access to our computer network. Upon learning of the access, we quickly worked to block any further unauthorized access and engaged a leading cybersecurity firm to help determine what occurred and assist us in implementing enhanced security measures. Based on the investigation, we determined that the unauthorized person may have accessed your name, address, driver’s license number, telephone number, e-mail address, and the username and password for your Copart.com account.Charles Komar & Sons, Inc.
March 01, 2015 | Malware
Abstract
On or around December 1, 2016, we received reports of suspicious activity from our third party e-commerce partner. We immediately began to investigate these reports to identify what happened and what information was impacted. Third-party computer forensic investigators were retained to assist with the investigation into what happened and what data was impacted. The investigation initially identified suspicious files on the system. In an abundance of caution, all user passwords were reset as this incident was initially determined to impact only name, address, email address, and encrypted passwords. Further investigation identified a malicious code inserted into the e-commerce website. Upon identifying the malicious code, Cuddl Duds and its partner quickly took steps to remove the code and prevent further unauthorized access. A review of the code determined that it was capable of collecting information provided by customers on the checkout page of Cuddl Duds.Compass Group USA, Inc.
February 02, 2015 | Malware
Abstract
Based upon an extensive forensic investigation, it appears that unauthorized individuals installed malicious software designed to capture payment card information on certain NEXTEP self-serve kiosks, including those in use at the locations identified above. Your payment card information (including name, payment card account number, card expiration date and the CVV security code) may be at risk if you used a payment card at a NEXTEP self-service kiosk at one of the on-site dining locations identified above between February 2, 2015 and March 9, 2015. There is no indication that any other point-of-sale or network systems were impacted by this incident.CP Franchising, LLC
January 30, 2015 | Malware
Abstract
CP Franchising received information on February 2, 2015, indicating that some information may have been compromised, and we confirmed on February 4, 2015, a potential computer hacker intrusion. Through the investigation that followed, CP Franchising has determined that an unauthorized person gained access to its servers on or about January 30, 2015, and by inserting and running a malicious piece of computer code, may have obtained information stored by CP Franchising in an encrypted fashion.California Department of Business Oversight
January 05, 2015 | User Error
Abstract
The California Public Records Act (PRA) requires the Department of Business Oversight (DBO) to provide the public copies of the non-confidential portions of our electronic licensing records upon request. To process these requests, DBO utilizes the records contained in the Financial Industry Regulatory Authority’s (FINRA) Central Registration Depository (CRD). Fields clearly designated as containing personal identifying information within the FINRA CRD are then redacted by DBO prior to its release. However, despite our efforts, DBO recently learned that, pursuant to one or more PRA requests, the personal identifying information of a number of registered investment advisers and broker-dealers was inadvertently disclosed to persons not authorized to receive such information.Cathrine Steinborn DDS
January 05, 2015 | Server Stolen
Abstract
As you know, our office was burglarized on January 5, 2015. Among other things, the intruder(s) took a server containing patient and responsible party information. While our investigation into this incident is ongoing, we’ve determined that your address, [date of birth], [telephone number], [Social Security number], [insurance information], [medical information], [treatment information], [billing information] and name were stored on the server at the time of the theft. The server did not contain your bank account or credit/debit card information, as we do not store this information.Contra Costa Health Plan
December 01, 2014 | Third Party
Abstract
We value and respect the privacy of information which is why Contra Costa Health Plan (CCHP) is writing to notify you regarding a potential unauthorized access to health plan records by a CCHP contractor (Contractor). The Contractor worked under a series of contracts with CCHP beginning on December 1, 2014 to perform services related to utilization management. During the Contractor’s time with CCHP, the Contractor had access to certain portions of your information. On May 22, 2018, CCHP was made aware that the Contractor had falsified her identity to obtain a contract to provide services to CCHP. Immediately upon CCHP’s knowledge of the false identity and related Department of Health Care Services investigation, CCHP terminated the contract with the Contractor, along with her access to CCHP’s internal records. CCHP conducted a thorough forensic audit trail, and at the time of this notice there is no current evidence of any improper access, use, or disclosure of your information by the Contractor. Although we have no evidence of actual misuse of any of your information, we are notifying you due to the nature of the current investigation.County of Napa, Health and Human Services Agency, Comprehensive Services for Older Adults
August 27, 2014 | Device Lost
Abstract
We are contacting you to inform you of a privacy incident related to the In Home Supportive Services (IHSS) program. On August 27, 2014, the Comprehensive Services for Older Adults (CSOA) Division of Health and Human Services Agency (HHSA) discovered that a portable data storage device (commonly referred to as a "thumb" or "flash" drive) was missing from our locked offices located at 900 Coombs Street in Napa. This discovery was made in aftermath of the Napa earthquake on August 24, 2014, during the recovery and cleanup process; our offices were severely damaged and are not being occupied at this time.Community Technology Alliance
July 28, 2014 | Laptop Stolen
Abstract
You are receiving this letter because your personal information was on a laptop that was stolen on July 28, 2014. At this time, there is no indication that this was anything more than a random theft of a laptop or that your personal information on the laptop has actually been accessed or misused. However, we want to make you aware of the incident because, in the wrong hands, your personal information can be used to steal your identity to open up credit cards and make charges on them, acquire passports and other false identification, and engage in other illegal activities in your name. Please read this letter carefully. It includes information about what you can do to try to prevent someone from misusing your personal information and to protect yourself from identity theft.Cedars-Sinai Health System
June 23, 2014 | Laptop Stolen
Abstract
Although there is no indication of any actual or attempted unauthorized access to or use of your health information, we are writing to inform you of the theft of a password-protected Cedars-Sinai-issued laptop computer that may have contained certain information relating to you. There is no indication this laptop computer contained your complete medical or billing records.Costco Photo Center
June 19, 2014 | Malware
Abstract
As you may be aware, the company that hosts the online Costco Photo Center suffered a security compromise that caused our photo site to be taken offline for several weeks. Although we do not know the exact date of Costco's compromise, and unauthorized party appears to have accessed the host company's system from June 19, 2014 to July 15, 2015. At some point, the unauthorized party deployed malware within the host company's systems. Several retailers were impacted, but we do not know the extent of that impact.CVS Pharmacy, Inc.
June 19, 2014 | Third Party
Abstract
In July 2015, CVS Pharmacy, Inc. (“CVS”) learned of reports of unusual activity involving payment cards used on the CVSPhoto.com website, which is managed and hosted by an independent vendor, PNI Digital Media (“PNI”). We promptly took down the website, and began working with PNI to investigate the reports. We continue to actively investigate the matter, working with PNI and experienced forensic investigators.CareFirst BlueCross Blueshield
June 19, 2014 | Database Compromise
Abstract
I am writing to inform you that we have discovered that CareFirst has experienced a sophisticated cyberattack that potentially allowed attackers to gain access to a limited portion of your personal information. This letter describes what happened, what we are doing about it and what we think you should do.College of the Desert
June 05, 2014 | Insider Threat
Abstract
The College of the Desert, located at 43-5-- Monterey Avenue, Palm Desert, CA 92260, experienced a data security breach on Thursday, June 5, 2015. The data security breach involved the release of the following types of your personal information: your name, social security number, date of birth, gender, home zip code, the titles of positions you held at the College (including start and end date of each position held) ...City of Encinitas 7 San Dieguito Water District
May 13, 2014 | Misconfiguration
Abstract
Regrettably, I am writing to inform you that the City of Encinitas and San Dieguito Water District recently were made aware that a Cal-PERS payment document containing social security numbers with corresponding employee and former employee names had inadvertently been made accessible to the public on the City’s website on or about May 13, 2014 to July 3, 2014. Based on our research, we found the exposure has been limited to (16) people that accessed the document during that period. Immediately after becoming aware, the document was removed and is no longer accessible. We have taken necessary steps to improve our processes and systems to prevent this from happening again.Cyberswim, Inc.
May 12, 2014 | Malware
Abstract
On September 24, 2014 we confirmed that unauthorized individuals or entities installed malicious software on the computer server hosting our website and took certain personal information entered by our customers. We understand that other e-commerce websites may have also been attacked in a similar manner and the threat was not specific to [INSERT SITE NAME]. The malicious software could have compromised the personal information and other information of visitors that made purchases through the website between May 12, 2014 and August 28, 2014, including name, address, website username and password, payment card account number ...Community Health Systems Professional Services Corporation
April 10, 2014 | Malware
Abstract
In July 2014, CHSPSC confirmed that its computer network was the target of an external, criminal cyber attack sometime between April and June. CHSPSC believes the attacker was an “Advanced Persistent Threat” group originating from China which used highly sophisticated malware and technology to attack CHSPSC’s systems. This attacker was able to bypass the Company’s security measures and successfully copy and transfer some data existing on CHSPSC’s systems, which is described in more detail belowChipotle Mexican Grill, Inc.
March 24, 2014 | Malware
Abstract
The investigation identified the operation of malware designed to access payment card data from cards used on point-of-sale (POS) devices at certain Chipotle restaurants between March 24, 2017 and April 18, 2017. The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device. There is no indication that other customer information was affected. A list of affected Chipotle restaurant locations and specific time frames is available here. Not all locations were involved, and the specific time frames vary by location.Craftsman Book Company
March 09, 2014 | Website Compromise
Abstract
On Tuesday, May 27, we discovered unauthorized activity on a website maintained by our company, Craftsman Book Company. On May 28 we sent a message recommending a change of your password on the Craftsman site: http://craftsman-book.com/products/index.php?main_page=login.Cole Taylor Bank
February 07, 2014 | Misconfiguration
Abstract
Protecting the privacy and security of your personal information is extremely important to us. We are writing to let you know about a recent incident in which certain personal information related to your mortgage load serviced by Cole Taylor Mortgage, a division of Cole Taylor Bank, was inadvertently made accessible to employees of another federally regulated bank.California Pacific Medical Center
October 15, 2013 | Insider Threat
Abstract
California Pacific Medical Center (CPMC) recently notified 844 patients of its discovery that a pharmacist employee may have accessed their records without a business or treatment purpose.CITGO Petroleum Corporation
October 09, 2013 | User Error
Abstract
On Oct. 9, 2013, we discovered a folder on one of CITGO's computer networks containing your personal information, including social security numbers and financial information. Storing this data in that location was not in accordance with CITGO's procedures for handling this type of information. Upon discovery of the general accessibility of the Intranet site, we immediately restricted access to this subfolder and its stored documents to only those employees who have a legitimate need to access such documents.California State University, East Bay
August 23, 2013 | Website Compromise
Abstract
On August 11, 2014, the University discovered that unauthorized access to your personal information occurred on August 23, 2013. Upon discovery of the incident, we immediately commenced an internal investigation. Based on our findings to date, the University has learned that an unknown third-party broke into a University web server using an overseas IP address and a software tool designed to secretly access information on the server. The particular campus server affected was used to store various employment transaction records and some extended learning course information. The malicious files have been removed from the server and vulnerabilities have been mitigated.Citi Prepaid Services
June 02, 2013 | Programming Error
Abstract
On behalf of Citi Prepaid Services, I am writing to inform you about a recent incident that may have involved your personal information. We recently discovered that a code change to our prepaid cardholder website impacted the security features that we use to authenticate cardholders logging into their accounts between June 2 and June 13. Based on our records, your online account was accessed during that time. While we do not have evidence that it was accessed by an individual other than you, we cannot confirm that fact.California Department of State Hospitals
May 08, 2013 | User Error
Abstract
DSH discovered that an employee roster containing confidential personal information was placed on the Patton State Hospital intranet website by mistake. The personal information was the first name, middle initial and last name, social security number, DSH position number and title, and Bargaining Unit of DSH-Patton employees, including you. This was on the intranet website for approximately 6 hours on May 8, 2013 until the mistake was discovered and corrected.Cogent Healthcare, Inc.
May 05, 2013 | Third Party
Abstract
Cogent Healthcare, Inc. manages various physician groups across the United States, including physicians who provide medical services to patients at a hospital or long term care facility in which you received treatment in the past. The complete list of affected physician groups is attached as Exhibit A. Cogent Healthcare, Inc. contracted with M2ComSys (M2), a medical transcription company, to provide services to some of these physician groups. M2’s job was to transcribe, or put into writing, patient care notes dictated by physicians. In connection with providing these services, M2 stored these notes, which included protected health information (PHI), on what was supposed to be a secure Internet site. A security lapse by M2, however, allowed some of these notes, including your PHI, to be accessed through that Internet site.Crescent Health Inc. - A Walgreen Company
December 28, 2012 | Computer Stolen
Abstract
I am writing to notify you of a theft that occurred at our Anaheim Billing Center, which is part of Crescent Healthcare, Inc. - A Walgreens Company, located at 888 South Disneyland Drive in Anaheim, California. This theft occurred the night of Friday, December 28, 2012, when an unknown person (or persons) gained unauthorized access to the Center and stole certain desktop computer hardware and other paper records.Crafts Americana Group
December 21, 2012 | Server Compromise
Abstract
We are writing to inform you of a recent incident during which your personal information may have been accessed without your authorization. On January 25, 2013, we discovered that a file on our internet servers containing your name, address, phone, and credit card number had been potentially accessible to outsiders without authorization for several weeks. The credit card number in the file was used on Knitpicks.com, ArtistsClub.com, or ConnectingThreads.com.Calif. Department of Health Care Services
December 10, 2012 | Programming Error
Abstract
We are writing to you because of recent information security incident at the Department of Health Care Services (DHCS). In order to move your child's enrollment to Medi-Cal from the Healthy Families program, DHCS mailed our your child's new Beneficiary Identification Card (BIC). Unfortunately, a computer programming error occurred during this mailing. Because of this error, your child's BIC card was accidentally mailed to the wrong person.California Department of Healthcare Services
November 05, 2012 | Misconfiguration
Abstract
This is to inform you that the Department of Health Care Services (DHCS) received notification on November 14, 2012, about an incident involving your name and Social Security number (SSN) as a provider of In-Home Supportive Services (IHSS). IHSS is a benefit received through the state Medi-Cal Program and all eligible providers of IHSS are considered a Medi-Cal provider. DHCS is a state department that oversees the Medi-Cal Program.Calvin Schuster, M.D.
November 04, 2012 | Computer Stolen
Abstract
The security, confidentiality, integrity and privacy of patient personal information are highly valued at our office. Unfortunately, we are writing you because of a recent theft. Our office received notice on Monday. November 5, 2012, that there had been a burglary and that an office computer had been stolen, which contained patient personal information. A police report was filed with the Reedley Policy Department. Regrettably, the stolen property has not yet been recovered.Churchill Downs Technology Initiatives Company dba TwinSpires
August 03, 2012 | Website Compromise
Abstract
We value our customers and respect the privacy of your information, which is why we are writing to inform you of an intrusion into the computer records of TwinSpires.com that occurred on August 3, 2012, that exposed some of your personal information. Immediately upon learning of this intrusion, a third-party forensic investigation was initiated to contain and assess the situation.California Correctional Health Care Services (CCHCS)
June 11, 2012 | Physical Intrusion
Abstract
On June 11, 2012, a kiosk mail box located at the California Correctional Health Care Services (CCHCS) Regional Administration building in Fresno, California was discovered to have been broken into. Mail that may have been lost included prospective employment candidate responses to employment inquiries with personally identifiable information contained in California State Employment Application forms and applicable documents. This information may have included name, social security number, driver’s license number, residential address, date of birth, telephone number, e-mail address, and employment and education history of prospective candidates.Cigna Dental
March 23, 2012 | Insider Threat
Abstract
I am writing to inform you of a matter that the Cigna Enterprise Privacy Office was made aware of on March 27, 2012. On March 23, 2012, in violation of Cigna corporate policies, a Cigna employee emailed an unencrypted document containing Cigna Dental customers’ first names and social security numbers to her home email address and to the email address of her son. The document was created by Cigna for internal use by our Dental Customer Service Agents. It included your first name and social security number, but it did not contain any other personal information about you (such as your address or health information).CMI Marketing, Inc. d/b/a Cafe Media
January 01, 2011 | Email Compromise
Abstract
Our investigation showed that email addresses and passwords for CafeMom accounts created before July 2011 were compromised at some point in the past. At this time, we have found no evidence of unauthorized access or wrongdoing and the systems that powered cafemon.com in 2011 are no longer the systems that run the site today.Centric Group LLC
August 01, 2010 | Website Compromise
Abstract
On approximately December 13, 2012, Centric Group, L.L.C. learned that certain [Card Brand] credit card information that you provided to purchase items on our website (www.accesscatalog.com), including name, credit or debit card number, expiration date and card verification code, may have been accessed without authorization by a third party, beginning in August 2010.City of Fullerton
Abstract
We became aware of unauthorized posts on a public website which contained confidential City information. We immediately began an investigation to identify the source of the activity and to confirm the security of our network, and we worked with a third-party forensic investigator to determine the nature and scope of this event. During our investigation, we discovered an internal data storage account was accessed by unauthorized users on multiple occasions from about 2016 through June 21, 2019. The investigation further revealed the data included copies of emails and attachments that contained certain protected information. As a precaution, the entire contents of the storage account was reviewed to identify the information that may have been accessible within the account. We provided written notice to those individuals whose information was found in the data storage account. However, a small number of files that were present in the data storage account at the time of the access were not recovered and were unable to be reviewed.Checkers Drive-In Restaurants, Inc. (“Checkers”)
Abstract
After becoming aware of a potential issue, we retained data security experts to understand its nature and scope. Based on the investigation, we determined that malware was installed on certain point-of-sale systems at some Checkers and Rally’s locations, which appears to have enabled an unauthorized party to obtain the payment card data of some guests.California Department of Fish and Wildlife
Abstract
We are writing to notify you of a recent security incident within the California Department of Fish and Wildlife (CDFW). The incident was discovered on 12/22/2017. A former employee downloaded personally identifiable information to an unencrypted personal device and took the data outside of CDFW’s secure network.County of Humboldt
Abstract
The Humboldt County Sheriff’s Office recovered County of Humboldt payroll documents on September 7, 2017 while serving a search warrant in Trinity County. As soon as we were notified, we immediately launched an investigation in conjunction with the Sheriff’s Office.City of Oceanside
Abstract
The City of Oceanside maintains several online payment systems that allow customers to pay their utility (water, sewer and trash) bills online using a credit card. On Monday, August 14, 2017, the City was first notified by a consumer that the credit card used to process payment on the “Utility Bill Payment” link on the City’s Online Payment Services webpage was compromised. The City contracted with a leading cybersecurity expert, and the resulting forensics report identified that malicious code had infiltrated this vendor supported online payment system.CoPilot Provider Support Services, Inc.
Abstract
CoPilot maintains a particular website, www.monovischcp.com,1 used by physicians to help determine whether insurance coverage is available for ORTHOVISC® and MONOVISC® injections. This website may have been used by your physician’s office to make an inquiry about your insurance coverage for these injections. On December 23, 2015, CoPilot received complaints claiming that personal information submitted to the site, including health information, was accessible for downloading from the website. CoPilot immediately launched an investigation and retained a leading cybersecurity consulting firm to assist in its investigation of what occurred.California State University Northridge
Abstract
On April 5, 2016, CSUN officials learned that online records containing information relating to CSUN Educational Opportunity Programs (“EOP”) student applicants were potentially accessible online to outside parties. CSUN immediately began an investigation and discovered that an ID and password were mistakenly published on an internal-facing CSUN staff resources webpage that was visible to anyone with the specific website address, potentially allowing access to personal information of CSUN EOP applicants. We also immediately reconfigured the relevant website and deactivated the ID and password at issue. CSUN and outside security experts have found no evidence to suggest that this incident was the result of a malicious act or “hacking” attempt.Charles Schwab & Co., Inc.
Abstract
We are contacting you to alert you to unusual login activity on your account(s), which began on or after March 25, 2016. We believe someone may have obtained your username and password from a non-Schwab account or website that you use and tried them successfully on Schwab.com. This type of account access can occur when you use the same username and password on multiple sites.CBC Restaurant Corporation
Abstract
We value and respect the privacy of your information, which is why we are writing to advise you of a recent incident that may have involved certain of your personal information. On November 10, 2015, we received a call from someone who alleged that an ex-employee of Corner Bakery possessed a file containing personal information of other company employees and expressed concern that the ex-employee may use that information for purposes of identity theft.Charles Krug Winery (C. Mondavi & Family)
Abstract
We greatly value your business and respect the privacy of your information, which is why we are writing to inform you that our consumer direct sales systems provider, Missing Link Networks, Inc., (“Missing Link”) notified us on May 27, 2015, of a security incident involving credit and debit card data. Missing Link has advised us that during the window of April 1, 2015 to April 30, 2015, a third party might have gained access to certain personal information, including customer names, card numbers, related payment addresses, passwords, and dates of birth. We are working proactively and aggressively with Missing Link to address the issue. Missing Link has notified the credit and debit card companies and supplied them detailed information on the affected accounts, and we’ve been assured that these accounts are being monitored for fraud. They have also assured us that the security breach has been contained, and customers may safely use their credit and debit cards.Corison Winery
Abstract
Missing Link has advised us that during the window of April 1, 2015 to April 30, 2015, a third party might have gained access to certain personal information, including customer names, card numbers, related payment addresses, passwords, and dates of birth. We are working proactively and aggressively with Missing Link to address the issue. Missing Link has notified the credit and debit card companies and supplied them detailed information on the affected accounts, and we’ve been assured that these accounts are being monitored for fraud. They have also assured us that the vulnerabilities in their system have been mitigated, and customers may safely use their credit and debit cards.Cain Vineyard and Winery
Abstract
We are writing to tell you that our eCommerce provider, Missing Link Networks, Inc., (“Missing Link”) has notified us on May 27, 2015 of a security incident involving credit and debit card data. Missing Link advised us that during the period of April 1, 2015 to April 30, 2015, a third party might have gained access to certain personal information, including customer names, passwords, card numbers, related payment addresses and dates of birth.Cement Masons Southern California Health and Welfare Trust Fund
Abstract
We have been notified by Anthem, Inc. ("Anthem") that , on January 29, 2015, it discovered it was the victim of a sophisticated cyber-attack in which an unauthorized person or persons gained access to Anthem's IT systems and obtained personal information relating to consumers who were or are covered by Anthem or other independent Blue Cross and Blue Shield plans that utilized Anthem's services.CICS Employment Services, Inc.
Abstract
I am writing to inform you of an incident that may affect the security of your personal information. We were recently notified by the Federal Bureau of Investigation (the FBI) that personal information we processed regarding an application you made for employment may have been accessed without authorization. This information included your name, address, date of birth and Social Security number. We do not know how or when the alleged unauthorized access may have occurred. The FBI’s forensic examinations of relevant portions of our computer network, database and third party storage provider revealed no evidence of any compromise. However, because of the credible nature of the alleged unauthorized access, we are taking the notification seriously and informing you. Out of an abundance of caution, and at our expense, credit monitoring services will be provided to you as explained below.Corday Productions, Inc.
Abstract
As you are most likely aware, Sony Pictures Entertainment (“Sony”) recently became the victim of a malicious cyber attack during the last week of November where confidential personnel and business information was stolen. Because Sony administers payroll and sometimes pays reimbursements for Corday Productions, Inc. (“Corday”), we were immediately concerned regarding the privacy and security of personal information that is maintained by Sony regarding our employees and independent contractors, as well as employees of contractors who provide services to Corday.ClamCase LLC
Abstract
There was unauthorized access of our website by an undetermined third party. This third party accessed variety of information, including some or all of your personal information. Our security procedures were in place and enabled us to detect and terminate the unauthorized access. We are diligently working with third party experts and appropriate law enforcement agencies to address the matter. No law enforcement investigation delayed notifying you of this matter.Castle Creek Properties, Inc., dba Rosenthal the Malibu Estates
Abstract
We recently learned that unauthorized individuals or entities installed malicious software on computer systems used to process credit card transactions at the Rosenthal wine shop. The incident may have compromised payment card data of visitors that made payment card purchases at the wine shop tasting room including name, address, payment card account number, card expiration date and security code. While we do not know whether a particular customer’s personal information has been or will be misused, as a precaution we are providing this notice to tell customers about the incident and call their attention to some steps they may take to help protect themselves.Cottage Health System
Abstract
On December 2, 2013, Cottage Health System received a voicemail message informing us that a file containing personal health information of certain patients may be available on Google. We immediately investigated this situation, and discovered that a third party vendor for Cottage Health System and its affiliated hospitals, Goleta Valley Cottage Hospital and Santa Barbara Cottage Hospital ("CHS") appeared to have, without CHS's knowledge, removed electronic security protections from one of the servers, resulting in the exposure of certain information stored on the server.Computer Sciences Corporation
Abstract
CSC is a contractor for the State of North Carolina. In the course of performing services for the State, we put information from the Medicare Exclusion Database on a thumb drive. This information included your name, Social Security Number (SSN), federal tax Employer Identification Number (EIN), and date of birth. It also included other information from the database that is publicly available. In early March, we discovered the loss of this thumb drive in CSC facilities in Raleigh, North Carolina. Although not discovered until March, the thumb drive containing this information is believed to have been lost in late February. We notified the State of this loss. We consider resolution of this incident to be a top priority of our company, and we are investigating it thoroughly, including an ongoing search for the thumb drive.Citi
Abstract
This letter is to inform you of a matter involving your personal information. You are receiving this letter because you are currently, or were previously, a party in a bankruptcy proceeding involving a loan from Citi. Citi filed legal documents in court related to that loan in which certain personally identifiable information was, pursuant to court rules, intended to be concealed from the publicly available versions of the documents to prevent access to that information by members of the public who search electronic court records.CARMICHAEL COMPANY
Abstract
I am writing because of an incident that has occurred. I was informed by the U.S. Postal Inspection Service that an electronic filing report from my office was found by the Postal Service in a raid on a criminal who has been arrested. This report included your name, social security number. If you had filed a joint return, your spouse’s information was not on the report. The Postal Service Inspector confirmed on 9-6-2012 that the list was from my office, I have no specific date of the actual unauthorized release.Comerica Bank
Abstract
Specifically, Global Payments informed Comerica in June that their ongoing investigation revealed potential unauthorized access to its servers that contain merchant application data. Global Payments recently provided Comerica with the details regarding the individuals potentially affected. As part of our Merchant Card services, you provided personal information on your merchant application submitted both to Comerica Bank and Global Payments. The merchant application was provided by you so Global Payments could engage in credit underwriting for Comerica Bank and Global Payments. The personal information on your merchant application may have included your name, social security number and the business bank account number(s) designated for the deposit of merchant processing proceeds.California Department of Social Services
Abstract
We are writing to inform you of a security incident involving your personal information relating to the In Home Supportive Services program (IHSS). A package containing your personal information was in transit between the Hewlett Packard (HP) processing center and the State Compensation Insurance Fund (SCIF). On May 1, 2012, the package arrived, was noted as damaged, and some of the contents were determined missing. The State is continuing to work with HP and the SCIF to recover the information, but, to date, it has not been recovered.California Department of Justice / CATCH
Abstract
In November 2011, hackers affiliated with the group Anonymous accessed and released private email accounts belonging to a retired agent for the Department of Justice who was a member of the Computer and Technology Crime High-Tech Response Team (CATCH). CATCH is a multi-agency task force that was formed to apprehend and prosecute criminals who use technology to prey on the citizens of San Diego, Imperial Valley, and Riverside Counties. Some of emails that the hackers released included data that contained your personal information including, but not limited to, your name, address, date of birth, and Social Security number (SSN).Choice Hotels International
Abstract
Choice Hotels maintains a database that facilitates guest reservations and other guest programs. To protect the security of personal information that might be necessary to make a reservation, Choice Hotel's policy requires information such as a credit card number to be entered into an encrypted field in the database. Choice Hotels has learned that, for a small percentage of guest stays, guest information that should have been entered in the encrypted field was not. Because Choice Hotels was not aware of these limited instances, when Choice Hotels or one of its marketing partners sent something to you by mail, personal information ...D
DJO Global, Inc.
November 08, 2020 | Server Compromise
Abstract
We have conducted an investigation, with the assistance of a leading cybersecurity firm, into a cyberattack carried out by cyber criminals that has targeted our systems. On November 16, 2020, DJO learned that the attacker staged and likely exfiltrated a limited amount of data from DJO’s systems. We investigated and reviewed the affected data and learned on November 25, 2020 that your personal information was affected. Based on our investigation, we understand that this activity occurred between November 8, 2020 and November 9, 2020. We do not believe that your personal information has been be misused against you.Dyson, Inc
July 31, 2020 | Website Compromise
Abstract
Dyson constantly monitors activity on our websites to ensure the safety and security of your data. As part of this monitoring, we have been made aware of an incident that occurred outside of Dyson that has impacted the Dyson US website (www.dyson.com). This incident has provided a third-party access to your Dyson account.Dave, Inc.
June 23, 2020 | Third Party
Abstract
As a result of a breach at a former third-party service provider, an unauthorized party illegally accessed and stole certain customer data at Dave between June 23 and July 1, 2020. As soon as we became aware of this incident on July 1, 2020, our security team quickly took steps to secure our systems including our customers’ accounts. We immediately began an investigation, retained a leading cybersecurity firm, and notified law enforcement, including the Federal Bureau of Investigation (“FBI”).After the compromise at Dave’s service provider, the unauthorized party was able to gain temporary access to Dave’s systems and obtained certain Dave customer data. It appears this data is now posted online as available for sale on, or download from, illicit online marketplaces, which the FBI is aware of and is investigating. You are receiving this notice because we determined that your records are among those that may have been impacted.
Dr. Ann Hale, D.D.S.
May 24, 2020 | Unauthorized Access
Abstract
Dr. Ann Hale (Hutton & Hale, D.D.S., Inc.) has discovered a data security breach that occurred that may affect the privacy of your personal information. The purpose of this letter is to offer our apologies and to describe the breach, its potential impact on you, and the steps that you can take to minimize the harm to your privacy.The breach occurred on May 25, 2020, when an individual gained unauthorized access to our databases and systems containing personal health information and medical records on you and other patients of our office.
Dr. Ann Hale, D.D.S. / also known as Hutton & Hale, D.D.S.
May 24, 2020 | Database Compromise
Abstract
Dr. Ann Hale (Hutton & Hale, D.D.S., Inc.) has discovered a data security breach that occurred that may affect the privacy of your personal information. The purpose of this letter is to offer our apologies and to describe the breach, its potential impact on you, and the steps that you can take to minimize the harm to your privacy.Dynasplint Systems, Inc.
April 29, 2020 | Unauthorized Access
Abstract
On May 16, 2020, DSI experienced a data security incident. Upon discovering this incident, DSI immediately launched an investigation and engaged a digital forensics firm to determine whether personal information may have been accessed. On June 4, 2020, the investigation determined that certain customer information was accessed without authorization during the incident.Douglas M. Smith & Co. CPA
March 25, 2020 | n/a
Abstract
Between March 31, 2020 and April 1, 2020, four (4) electronically filed tax returns were rejected by the Intuit Lacerte tax preparation software, which Lacerte reported was due to the fact that returns were previously filed for those taxpayers. We immediately reported this incident to the IRS, Secret Service, Fresno Police and FBI, and, working with Lacerte, identified a total of 30 fraudulent returns. You are not among the individuals identified on the 30 fraudulent returns. We also immediately retained forensic investigators to conduct an investigation, and, to date, we have found no evidence that any unauthorized individual has accessed our computer systems, where your personal information is stored.Dynavax Technologies Corporation
February 28, 2020 | Phishing
Abstract
Our ongoing investigation into a phishing email incident recently determined that an unauthorized individual gained access to a Dynavax employee’s email account for a brief period of time on February 28, 2020. Upon identifying the incident, we immediately secured the account and a leading computer forensic firm was engaged to assist with our investigation. A review of available data shows no further unauthorized access to the account occurred. While we have identified employee information in the email account, our investigation has not shown that the unauthorized person stole or misused or attempted to misuse any personal information from the account.Diocese of Charlotte
February 20, 2020 | Third Party
Abstract
We are contacting you to inform you of a data incident experienced by a third-party vendor for Cathedral Catholic High School (“CCHS, school”) that involved your personal information. To provide peace of mind, the vendor is offering free credit monitoring and fraud assistance services.August 20, 2019 | Third Party
Abstract
Blackbaud Inc. is an international provider of fundraising and financial software for charitable and nonprofit organizations, which hosts a variety of databases for CCHS. On Sept. 29, 2020, Blackbaud notified us that a security incident the company detected in May included several school files containing sensitive personal information. CCHS requested information detailing which of our constituents’ information may have been compromised. We received that information and after additional analyses are sharing it with you today.Duben & Associates, Inc.
February 11, 2020 | Service Compromise
Abstract
We experienced a higher than normal rate of Internal Revenue Service e-file rejections that led us to believe some of our clients’ 2019 tax returns had been fraudulently filed.Dent Wizard International
January 22, 2020 | Phishing
Abstract
As a result of a phishing incident, we have learned that an unauthorized party may have obtained access to a small portion of Dent Wizard employee email accounts between January 22, 2020 and February 4, 2020.DoorDash, Inc.
May 04, 2019 | Third Party
Abstract
We take the security of our community very seriously. Earlier this month, we became aware of unusual activity involving a third-party service provider. We immediately launched an investigation and an outside security expert was engaged to assess what occurred. We were subsequently able to determine that an unauthorized third party accessed some DoorDash user data on May 4, 2019. We took immediate steps to block further access by the unauthorized third party and to enhance security across our platform.Decron Properties Corporation
April 28, 2019 | Email Compromise
Abstract
Decron became aware of unusual activity in certain Decron email accounts. In response, Decron worked with an outside forensics expert to investigate the nature and scope of the activity. Through this investigation, Decron confirmed that certain email accounts were accessed without authorization on April 28, 2019. Although the investigation was unable to determine whether any information contained in email messages or file attachments stored in the email accounts was actually accessed by an unauthorized actor, we cannot rule out whether that type of activity occurred. In an abundance of caution, Decron performed a thorough review of the information contained within the impacted email accounts, and on October 24, 2019, determined that your personal information was potentially accessible by the unauthorized actor. Extra4 Variable Sentence- Tenant Language Extra4 Variable Sentence- Tenant Language Extra4 Variable Sentence-Tenant Language Extra4 Variable. We continued reviewing our files to obtain contact information for all impacted individuals through December 24, 2019.Dr. T.Y. Steven Ip M.D. F.A.C.S.
February 06, 2019 | Ransomware
Abstract
Dr. Ip values and respects the privacy of your information, which is why we are writing to advise you of a recent data security incident that may have involved some of your personal information. On February 20, 2019, our office was hit with a ransomware attack and, as part of that attack, the criminal had access to the data on our network. Upon learning of the incident, we promptly notified law enforcement and have retained a leading forensic security firm to investigate the incident.Department of Rehabilitation
January 09, 2019 | Misconfiguration
Abstract
On Wednesday, January 9, 2019, a spreadsheet containing employees’ classification information and Social Security numbers was saved to a folder on the internal G drive, to which only DOR employees have access. On Monday, January 14, 2019, a DOR employee accessed the spreadsheet in the regular course of business and promptly reported that the file included Social Security numbers. Immediately upon notification, the spreadsheet was deleted and access to the folder on the G drive was restricted.David B. Cheatham, CPA
December 08, 2018 | Device Lost
Abstract
On December 8, 2018, a computer hard drive containing some of our clients’ information was stolen from our office. While the hard drive was password-protected, it is possible that the person responsible for the theft may have been able to access the data on the hard drive if he or she was able to circumvent the password protection.Don Best Corporation, a subsidiary of Scientific Games Corporation
October 12, 2018 | Malware
Abstract
On November 1, 2018, Scientific Games Corporation (“Scientific Games”) acquired Don Best. On December 21, 2018, while integrating the newly acquired Don Best network with that of Scientific Games, we learned that unauthorized individuals may have accessed the Don Best network. We immediately began an investigation and learned that between October 12, 2018 and October 28, 2018 Don Best suffered a malware attack.Discover Financial Services
August 13, 2018 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems.January 02, 2018 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems.July 16, 2017 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems.April 27, 2017 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems.September 04, 2016 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems.August 10, 2016 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsJune 04, 2016 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsJune 02, 2016 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsJune 01, 2016 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsFebruary 26, 2016 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsJanuary 31, 2016 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsJanuary 02, 2016 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsNovember 29, 2015 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsNovember 24, 2015 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsOctober 27, 2015 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsAugust 02, 2015 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems.July 31, 2015 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsJune 21, 2015 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsMay 01, 2015 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsMarch 08, 2015 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsMarch 02, 2015 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsDecember 06, 2014 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsNovember 18, 2014 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsNovember 02, 2014 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsOctober 22, 2014 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsSeptember 11, 2014 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsJuly 01, 2014 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsJune 19, 2014 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsMay 04, 2014 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsApril 10, 2014 | Breach
Abstract
We have been advised that your Discover card account information may have been compromised. This incident did not involve any Discover card systems, and there is no evidence that an unauthorized individual is using this account numner.February 19, 2014 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems.January 01, 2014 | Breach
Abstract
We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systemsAbstract
We have been advised that your current Discover card account information may have been compromised, This incident did not involve any Discovery card systems, and there is no evidence that an unauthorized individual is using this account number.DC International
July 20, 2018 | Malware
Abstract
On September 9th, 2018, one of our internal security analysts identified a data security issue while reviewing logs of Leatherology.com, which may have affected select customers between July 20th and September 9th, 2018. This malicious code intended to capture personal and credit card data prior to the data being transmitted to the payment gateway. Your credit card data is used only to complete your transaction and never stored on our servers.Denise M. Bowden, LAc
April 28, 2018 | Computer Stolen
Abstract
Over the weekend of April 28, 2018, my office was burglarized and a computer used by my reception staff was stolen. The password protected computer contained your name, address and contact information, and possibly itemized receipts with dates of service, diagnosis codes and procedure codes. When I discovered this incident the following Monday morning, I immediately contacted the San Francisco police department and took steps to identify anyone who was potentially impacted.Delicato Vineyards
April 26, 2018 | Server Compromise
Abstract
In June 2018, we discovered that your personal information might have been accessed by an individual outside of Delicato through the VINES system, an internal information system where Delicato maintains your employee profile (the “Incident”). Delicato promptly responded to the situation and changed the VINES credentials so that outside parties can no longer access the information.Dollar Shave Club, Inc.
March 21, 2018 | Website Compromise
Abstract
In the wee hours of the morning on March 21, 2018, through our routine monitoring and security protocols, our tech team identified attempts by a third party system using email and password combinations obtained elsewhere (not from Dollar Shave Club) to log in to certain Dollar Shave Club customers’ ecommerce accounts. Dollar Shave Club’s tech team blocked the inbound requests of the suspicious IP addresses within a few hours of the monitoring alert (yep, they got out of bed at 3:30 am and hit the ground running), and investigated and confirmed which of the attempts resulted in a login to online accounts. You are receiving this notice because we determined your account credentials were improperly used on our website.Deephaven Mortgage LLC
January 10, 2018 | Phishing
Abstract
On March 25, 2018, Deephaven Mortgage received reports of unusual activity related to an employee’s email account. We immediately began an investigation to determine the nature and scope of this event. Our investigation revealed that Deephaven Mortgage was the victim of an email phishing attack resulting in unauthorized access to and acquisition of the contents of certain employee email accounts. It appears that these email accounts were subject to unauthorized access from January 10, 2018 to March 25, 2018. The investigation also revealed that the affected accounts contained emails with personal information of some consumers, including you.Drury Hotels Company, LLC
December 28, 2017 | Third Party
Abstract
For most hotels, there are two ways to make a reservation – directly with the hotel or indirectly through third-party online booking websites (websites run by other companies that compare rooms and rates at different hotels). For reservations that are made through online booking websites, many hotels use a technology service provider to collect the reservation data from the online booking company and enter it into the hotel’s property management system. On March 26, 2019, we were notified by the company that provides that service to us and other hotel companies that it was conducting an investigation to determine if there had been unauthorized access to its network. The service provider reported that it had hired a cybersecurity firm to conduct an investigation. Since then Drury Hotels has worked closely with the service provider to get updates on its investigation.Dameron Hospital
November 17, 2017 | Unknown
Abstract
TBDBDelta Air Lines, Inc.
September 26, 2017 | Vulnerability
Abstract
On March 28, 2018, [24]7.ai notified Delta that [27]7.ai had been involved in a cyber security incident impacting an online chat tool [24]7.ai provides on the desktop version of delta.com. While [24]7.ai advised that the incident was contained and stopped on October 12, 2017, Delta immediately launched its own investigation and engaged federal law enforcement and forensics teams. Delta's investigation to date had revealed that the incident occurred at [24]7.ai from September 26, 2017 to October 12, 2017, and that during this time certain customer payment information for [24]7.ai clients, including Delta, may have been accessed.Droege Computing Servi ces
September 26, 2017 | Server Compromise
Abstract
We recently became aware that our StampAuctionNetwork (SAN) server was hacked on September 26, 2017. The attack did not target StampAuctionNetwork directly, we have SSL security there which protects from external attacks. The breach was made through our main offices and they were able access SAN from there. We took immediate steps to stop the access and respond to the situation. Based on our review of the systems, we have discovered that some of your personal data may have been compromised. This data includes your name and payment card information.Dignity Health - Mercy San Juan Medical Center
September 08, 2017 | Programming Error
Abstract
From September 8 to 12, 2017, a software error in the ESS system exposed some employee personal information to other Dignity Health internal staff.Driscoll’s, Inc.
July 17, 2017 | Phishing
Abstract
On or about July 28, 2017, Driscoll’s determined that some employees’ payroll log-in credentials were compromised when the employees responded to a phishing email. Driscoll’s launched an investigation and, with the help of a third-party forensic provider, later determined that some employees’ email accounts had also been subject to unauthorized access as a result of the phishing email. The forensic investigator then reviewed the contents of these email accounts to determine whether they contained any sensitive personal information. On December 18, 2017, we confirmed that sensitive information was located in one or more of the email accounts. On January 17, 2018, the forensic investigator completed the review of the affected email accounts and provided Driscoll’s with a list of employees whose protected information was contained within the email accounts. The unauthorized access may have occurred between July 17, 2017 and August 18, 2017.Deli Management, Inc. (d/b/a Jason’s Deli, Inc.)
June 08, 2017 | Breach
Abstract
On December 22, 2017, Jason’s Deli was notified by payment processors that credit card security personnel had informed it that a large quantity of payment card information had appeared for sale on the “dark web,” and that an analysis of the data indicated that at least a portion of the data may have come from various Jason’s Deli locations. Jason’s Deli’s management immediately activated its response plan, including engagement of a leading threat response team, involvement of other forensic experts, and cooperation with law enforcement. The Company released a preliminary public statement on December 28, 2017 describing the situation and its initial response.Da Vinci Schools
April 04, 2017 | Third Party
Abstract
Wiseburn Unified School District and Da Vinci Schools use a school data platform operated by Schoolzilla PBC Inc. DBA Schoolzilla Inc. (“Schoolzilla”) to manage and store information about our students, together with information about their performance on certain exams. In April, we received a Notice of Data Breach from Schoolzilla that described what happened as follows:D’Angelo & Associates, APC
March 25, 2017 | Vulnerability
Abstract
On Tuesday, April 4, 2017, we encountered suspicious electronic activity in our tax program. We immediately contacted our local IT firm who disabled remote access. An investigation into the matter was commenced and that same day, we notified the IRS and Franchise Tax Board of our findings. We further notified the FBI, and hired a specialized forensic IT firm for additional investigation.DLD Accountancy, LLP
March 03, 2017 | Service Compromise
Abstract
We are contacting you regarding a data security incident that occurred on or about March 3, 2017 at DLD Accountancy, LLP . This incident may have involved some of your personal information. Unfortunately, this has become more common over the last few years and has happened to hundreds of CPA firms. We have been advised that this year particularly the IRS has seen a huge increase in fraudulent attempts than years prior. The IRS has been on high alert to review and address all fraudulent attempts. Please be assured that we have taken every step necessary to address the incident, and that we are committed to fully protecting all of the information that you have entrusted to us. Please review the information provided in this letter for some steps that you may take to protect yourself against any potential misuse of your information.Delta Career Education Corporation
February 13, 2017 | Email Compromise
Abstract
On March 30, 2017, Delta Career completed an investigation regarding suspicious activity in its computer network. The suspicious activity was detected on February 13th in one of its email accounts. Delta Career immediately began an internal investigation and engaged a leading computer security firm to determine the nature and extent of the incident. The investigation recently determined that unauthorized persons may have accessed information relating to some of our current and former employees.DBM Global, Inc.
January 07, 2017 | Laptop Stolen
Abstract
On January 7, 2017, our Phoenix office was burglarized and one employee laptop was stolen. We contacted law enforcement and conducted an investigation.Department of Justice
October 14, 2016 | User Error
Abstract
On October 14, 2016, during the course of responding to California Public Records Act for information pertaining to Certified California Firearm Safety Instructors, the Department inadvertently released your name, date of birth, California Driver's License number, and/or California Identification Card number.Darwin’s Natural Pet Products
September 27, 2016 | Service Compromise
Abstract
On or about March 8 2019, Darwin’s was made aware that some credit cards used on its online new customer platform were potentially compromised. Darwin’s immediately launched an investigation, with the assistance of a third-party forensic firm, to determine the nature and scope of the compromise. On or about May 7, 2019, the forensic investigation determined that customer credit and debit card information for transactions that occurred on Darwin’s new customer check out page between September 27, 2016, and March 16, 2019, may have been subject to unauthorized access and/or acquisition. Darwin’s is notifying you because we have confirmed that your credit or debit card was used for a transaction on our website during the relevant time period, and your information may be affected.Dover Federal Credit Union
September 20, 2016 | Insider Threat
Abstract
On September 20, 2016, DFCU learned that an employee had transferred DFCU files to the employee’s personal Dropbox account to access the information from the employee’s home computer for business purposes. Although DFCU had no indication that any of the transferred information was compromised, DFCU managers immediately began an investigation to determine what information had been transferred. DFCU hired a computer forensic firm to help investigate the incident. The investigation determined on November 18, 2016, that it was unlikely that any information was accessed by any unauthorized person, as the employee was the only authorized user of the Dropbox account and did not provide the Dropbox credentials to any other individual. DFCU determined on November 23, 2016, that the files transferred to the employee’s Dropbox account included personal information of all DFCU members.Denihan Hospitality
August 10, 2016 | Third Party
Abstract
The Sabre Hospitality Solutions SynXis Central Reservations system (CRS) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following an examination of forensic evidence, Sabre notified us on or about June 6, 2017that an unauthorized party gained access to account credentials that permitted unauthorized access to unencrypted payment card information, as well as certain reservation information, for a subset ofhotel reservations processed through Sabre’s CRS.Disney Consumer Products and Interactive Media (DCPI)
July 09, 2016 | Website Compromise
Abstract
The unauthorized party acquired the usernames, email addresses, and passwords for playdomforums.com accounts, as well as the Internet Protocol (IP) addresses collected during user registration on playdomforums.com. Please be assured that the Playdom Forum website does not collect credit card numbers or other sensitive personal information, such as Social Security numbers. The investigation concluded that no other Disney websites or apps have been affected in any way.Dutch, LLC
June 09, 2016 | Website Compromise
Abstract
We have been investigating unusual files on our e-commerce website with third-party forensic investigators to determine what the files are and how they were placed on our e-commerce site. On or around June 9, 2017, we determined that those files were signs of a sophisticated cyber-attack that resulted in the potential compromise of some customers’ debit and credit card data. On or around July 7, 2017 it was determined that debit or credit cards used at www.joie.com between December 25, 2016 and January 26, 2017 could be impacted by this incident. This incident only relates to purchases made on our website and did not affect in-store purchases at any Joie locations.Desmond Foods, L.P.
December 02, 2015 | Malware
Abstract
Wendy’s recently reported additional malicious cyber activity involving some franchisee-operated restaurants. The Company believes this criminal cyberattack resulted from a service provider’s remote access credentials being compromised, allowing access – and the ability to deploy malware – to some franchisees’ POS systems. Soon after detecting the malware, Wendy’s identified a method of disabling it and thereafter has disabled the malware in all franchisee restaurants where it has been discovered. The investigation has confirmed that criminals used malware believed to have been effectively deployed on some Wendy’s franchisee systems starting in late fall 2015.Dependable Foods
December 02, 2015 | Malware
Abstract
Wendy’s recently reported additional malicious cyber activity involving some franchisee-operated restaurants. The Company believes this criminal cyberattack resulted from a service provider’s remote access credentials being compromised, allowing access – and the ability to deploy malware – to some franchisees’ POS systems. Soon after detecting the malware, Wendy’s identified a method of disabling it and thereafter has disabled the malware in all franchisee restaurants where it has been discovered. The investigation has confirmed that criminals used malware believed to have been effectively deployed on some Wendy’s franchisee systems starting in late fall 2015.Dungarees, LLC
October 15, 2015 | Website Compromise
Abstract
On November 20, 2015, we first became aware of a possible breach when we discovered that our website had been manipulated by hackers. After this discovery, we took immediate action to secure our website, and we engaged a forensic IT firm to assist us in determining how this occurred.March 26, 2015 | Website Compromise
Abstract
On May 15, 2015, we first became aware of a possible breach when we discovered that our website had been manipulated by hackers. After this discovery, we took immediate action to secure our website and we engaged a forensic IT firm to assist us in determining how this occurred. The forensic IT firm discovered that the hackers made additional manipulations to our website that were not apparent on May 15th.Dominican Hospital
July 16, 2015 | User Error
Abstract
Dominican Hospital regularly meets with community providers and health plans for assistance in the coordination of care for patients that have relationship with both the provider and the hospital. On July 28, 2016, we discovered that a Microsoft Excel workbook was transmitted using our secured (encrypted) email system to a local health plan containing an excessive number of patients, some of whom may not be covered by or associated with the health plan.Digital Theatre, LLC
April 19, 2015 | Malware
Abstract
Although our independent forensic investigation is ongoing, at this time, we believe that between late April 2015 and late September 2015 unauthorized individuals installed malicious software on a computer server hosting the Website. According to our records, you made a payment card purchase on the Website during that timeframe and your information may be at risk. While Digital Theatre does not store credit card information, we believe the malware could have compromised the personal information (name, address, payment card account number, card expiration date, and payment card security code) of customers that made credit card purchases through the Website.DutchWear
November 07, 2014 | Website Compromise
Abstract
On Saturday, December 6th, 2014, we received information that raised suspicion of an unauthorized breach of our website that was exposing the payment information for some customers of DutchWear. In order to best protect our customers, we immediately took down our e-commerce site shop.dutchbros.com and conducted an extensive investigation of our computer systems.Department of Social Services
July 16, 2014 | User Error
Abstract
We are writing to inform you of a security incident involving your personal information. On July 17, 2014, the California Department of Social Services (CDSS) was informed of the unauthorized release of documentation that may have included your personal information. Confidential documents were accidentally discarded and removed from the office for disposal prior to shredding. The documents may have contained your name, mailing address, date of birth and Social Security number. The incident was immediately investigated and determined to be accidental in nature; however, the documents could not be retrieved. These documents were associated with children's residential and senior care facilities in various counties of California.Department of Managed Health Care
May 16, 2014 | User Error
Abstract
On May 16, 2014, the DMHC discovered that Blue Shield of California had inadvertently included provider Social Security numbers (SSNs) in the rosters Blue Shield provided to the DMHC in February, March and April, 2013. Because they did not recognize their error, Blue Shield did not mark the rosters as confidential or otherwise alert the DMHC to the inclusion of the SSNs. The DMHC’s subsequent investigation revealed that the DMHC had produced the rosters in response to ten PRA requests made to the DMHC between March 2013 and April 2014. In addition to the SSNs, the rosters included providers' names, business addresses, business telephone numbers, medical groups, and practice areas.Department of Child Support Services
April 07, 2014 | User Error
Abstract
We are writing to you because of a situation that occurred which may have resulted in the unauthorized disclosure of your personal information. On April 7, 2014, several letters from the Solano County Department of Child Support Services were misplaced while in the custody of a contracted courier who was transporting mail to the US Post Office. Although many of the letters were subsequently recovered, there is no way to determine if all of the letters misplaced reached their destination.Department of Resources Recycling and Recovery
January 24, 2014 | User Error
Abstract
On January 23, 2014, the Human Resources Office (HR) was notified that the Leave Activity and Balances Report that contained your first initial, middle initial, last name, and Social Security Number were sent electronically to your Personnel Liaison.DecisionDesk, Inc.
October 28, 2013 | Unknown
Abstract
TBDBDaVita, a division of DaVita HealthCare Partners Inc.
September 06, 2013 | Laptop Stolen
Abstract
We regret to inform you that on September 6, 2013 a laptop was stolen from a teammate’s (employee’s) vehicle. Although DaVita maintains a company-wide program and policy requiring encryption of laptop computers, we discovered that the encryption technology on this particular device had been unintentionally deactivated.Deltek Inc.
July 13, 2013 | Website Compromise
Abstract
On March 13, 2014, Deltek discovered that, despite the security protocols that we have in place within GovWin IQ, we, along with a number of U.S. governmental agencies, were one of thousands of organizations that were subject to a sophisticated cyber attack. Based on the evidence we have, we believe the cyber attack on Deltek’s GovWin IQ website occurred sometime between July 3, 2013, and November 2, 2013. We have learned that a hacker gained unauthorized access to Deltek’s GovWin IQ website and was able to obtain certain personal information about you, and we wanted to notify you of this situation. Deltek is cooperating with law enforcement’s investigation into this matter, and I am pleased to report that the individual believed primarily to be responsible has been arrested. While we have received no indication that any information that was unlawfully accessed has been misused, see below for more information on protecting your credit and obtaining credit monitoring services. The information that we believe was accessed includes:Dun & Bradstreet
April 02, 2013 | Database Compromise
Abstract
We are writing to inform you of an incident that may have involved your personal information. Dun & Bradstreet (D&B), a provider of business information, recently learned that it was one of several victims of a criminal cyberattack.Based on our investigation of the incident to date, we believe the attack primarily occurred during a fifteen (15)day period in March and April 2013 and potentially resulted in unauthorized access to our environment, including one of our commercial information databases. The potentially exposed information is generally available from public sources. In some circumstances this information may have included certain personal information provided in a business context. This letter has not been delayed by a law enforcement investigation.
Datapak Services Corporation
March 05, 2013 | Malware
Abstract
Datapak recently learned that malware was placed on our systems on March 5, 2013 and could have been used to access personal information. Upon learning of this incident we immediately contained and secured the potentially affected parts of the system. We launched an internal investigation and we retained independent, third-party security experts. Working with these security experts, we took steps to further contain and secure the potentially affected parts of the system. The investigation is ongoing and we are cooperating with the credit card companies and law enforcement.Desert AIDS Project
April 12, 2012 | Computer Stolen
Abstract
On Thursday, April 12, 2012, a thief gained unauthorized access to D.A.P.’s offices and stole the computer assigned to the receptionist. We reported the incident to the Palm Springs Police Department promptly after discovering the theft the next morning. D.A.P. is cooperating fully in the investigation.DHI Mortgage Company, Ltd., LP
February 10, 2012 | Website Compromise
Abstract
We have reason to believe that the integrity of your personal information may have been compromised due to a security breach of the DHI Mortgage Loan Prequalification Website. On the evening of Friday, February 10, 2012, DHI Mortgage became aware that a software security breach by unknown external sources occurred in its Internet Loan Prequalification system.Dominion Dental Services, Inc., Dominion National Insurance Company, and Dominion Dental Services USA, Inc. (hereinafter referred to collectively as “Dominion National”).
August 25, 2010 | Server Compromise
Abstract
On April 24, 2019, through our investigation of an internal alert, with the assistance of a leading cyber security firm, we determined that an unauthorized party may have accessed some of our computer servers. The unauthorized access may have occurred as early as August 25, 2010. After learning of this, we moved quickly to clean the affected servers and implement enhanced monitoring and alerting software. We also contacted the FBI and will continue to work with them during their investigation.Delta Health Systems
Abstract
A TID billing statement containing your personal information was inadvertently made available on the internet for an unknown period of time that ened on April 18, 2019. Upon learning that the statement was publically accessible, the DHS information technology team ("IT") immediately removed the document from our website. Thereafter, we launched an investigation, which subsequently revealed that this incident was caused by a configuration error made by a third party website developer. More specifically, the developer applied two conflicting permissions to the billing statement link, one allowing general access and the other restricting access to the document. This conflict resulted in the billing statement, and your personal information, being publically accessible via the internet.Dawn Food Products, Inc.
Abstract
We learned that an outside individual sent emails to certain Dawn Foods employees soliciting their login information to our email system. The individual appears to have been able to use this information to gain unauthorized access to the employees’ mailboxes, which contained certain information about a limited number of employees, customers and other individuals.Del Taco LLC
Abstract
On January 28, 2019, we learned through an investigation that certain information of Del Taco company team members may have been acquired without authorization as a result of a computer scheme known as “phishing,” where user credentials/passwords are inadvertently disclosed to an unauthorized party. Since learning of the incident, we immediately began our investigation into the attack, blocked further attempts, and implemented additional security measures.Dunkin’ Brands Inc.
Abstract
On October 31, 2018, we learned from one of our security vendors that a third-party may have attempted to log in to your DD Perks account. We believe that these third-parties obtained usernames and passwords from security breaches of other companies. These individuals then used the usernames and passwords to try to break in to various online accounts across the Internet. Our security vendor was successful in stopping most of these attempts, but it is possible that these third-parties may have succeeded in logging in to your DD Perks account if you used your DD Perks username and password for accounts unrelated to Dunkin’.DecisionHR Holdings, Inc.
Abstract
We have learned that, between November and December 2017, an unknown third party accessed the corporate email boxes of three DecisionHR employees without authorization. As part of their jobs, the employees received personal information through email from a variety of sources, such as on-the-job accident reports, payroll documents, tax forms, employment forms, and insurance documentation.Dorian Business Systems, LLC
Abstract
On July 17, 2018, we became aware that information from a database table used by our Charms Office Assistant had been found on a third-party website. Upon learning of this, we investigated and determined that an unauthorized party had likely taken the information from our systems and posted it to the website without our knowledge or permission. We immediately took steps to block any further unauthorized access to our systems, and we instructed the third-party website to take down the content. We have reported the matter to law enforcement and are cooperating in their investigation.Delaware North Companies, LLC.
Abstract
Sabre indicated that confidential payment card and other guest reservation data from August 10, 2016 to March 9, 2017, that was held in their reservation system was unlawfully accessed by an unauthorized person. They have further indicated that your booking information was on Sabre’s server during that period of time, and, as a result, your information may have been at risk. Sabre has not indicated how many individuals were impacted by the breach overall, or how many individuals were impacted from your state.DEBOER INCOME TAX
Abstract
We are notifying you that our data system may have been breached. We have observed an increased rate of e-file tax returns being rejected by the IRS due to the client's social security number having been already submitted in another tax return. Normally we may have one or two of our clients experience this identify theft problem during a tax season and this year we have already experienced seven of these rejections.dōTERRA International, LLC
Abstract
We are writing to notify you today that a third-party vendor that provides dōTERRA with data hosting and software services recently informed us that an intruder had accessed some of the vendor’s systems.E
Eaze Technologies, Inc.
September 24, 2020 | Account Compromise
Abstract
Based on our investigation, it looks like an unauthorized user illegally acquired your credentials from a third party, and then tried to login to your Eaze account using them. This means you're probably using the same username/password on multiple sites - and one of these other sites may have been compromised.Etz Hayim Holdings, SPC. d/b/a Lazarus Naturals
September 05, 2020 | Website Compromise
Abstract
On September 14, 2020, we identified suspicious activity on our website and immediately began an investigation with the assistance of third-party forensic specialists to assess the nature and scope of the incident. Through the investigation, it was determined that malicious code was inserted by an unauthorized party on the checkout page of our website from September 5, 2020 to September 14, 2020 which may have had the ability to capture customer information while making a purchase.EyeMed Vision Care LLC
June 24, 2020 | Email Compromise
Abstract
On July 1, 2020, EyeMed discovered that an unauthorized individual gained access to an EyeMed email mailbox and sent phishing emails to email addresses contained in the mailbox’s address book. On the same day, EyeMed took immediate action to block the unauthorized individual’s access to the mailbox and secured the mailbox. EyeMed immediately launched an investigation into the incident and engaged a cybersecurity firm to assist in its efforts. It was determined that the unauthorized individual first gained access to the mailbox on June 24, 2020, and that access terminated on July 1, 2020. EyeMed initially notified Covered Entity of possible impact on July 30, 2020 and confirmed impact to Covered Entity’s members on August 14, 2020.Energy One Federal Credit Union
June 4, 2020 | Ransomware
Abstract
On June 4, 2020, EOFCU experienced an incident that involved the unauthorized encryption of certain files on some devices on EOFCU’s computer network. On the same day we discovered the incident, we immediately took steps to secure the network and a forensic investigation was started. The investigation determined that in addition to encrypting certain files on EOFCU’s network, the actor may have accessed some information stored in EOFCU’s computer systems, including files with EOFCU member information.Enloe Medical Center
May 14, 2020 | Ransomware
Abstract
Blackbaud reported that, in May 2020, it experienced a ransomware incident that resulted in encryption of certain Blackbaud systems. Blackbaud reported the incident to law enforcement and worked with forensic investigators to determine the nature and scope of the incident. Following its investigation, Blackbaud notified its customers that an unknown actor may have accessed or acquired certain Blackbaud customer data. Blackbaud reported that the data was exfiltrated by the threat actor at some point before Blackbaud locked the threat actor out of the environment on May 20, 2020. Upon learning of the Blackbaud incident, Enloe immediately commenced an investigation to determine what, if any, sensitive Enloe data was potentially involved. This investigation included working diligently to gather further information from Blackbaud to understand the scope of the incident. The Blackbaud event affected thousands of organizations across many different states and countries. Although not the target of the ransomware incident, Enloe was one of the countless organizations that were impacted.Eagle Community Credit Union
February 24, 2020 | Email Compromise
Abstract
Eagle Community Credit Union (“Eagle CCU”) is committed to the privacy of individuals and takes the protection of personal information that is entrusted to us seriously. This commitment extends to notifying individuals when their personal information may be at risk. Although we have no reason to believe that your information has been used to commit fraud or identity theft, we are writing to make you aware of a recent data security incident that may have involved some of your personal information. We recently discovered that, on February 24, 2020, someone outside of Eagle CCU temporarily accessed an Eagle CCU’s employee email account without authorization. Upon learning of the situation, we promptly contained the incident the morning of February 24, 2020 by securing the employee email account to prevent further access and began an initial internal investigation into the incident. We also hired a leading forensic security firm to further investigate the incident and confirm the security of our computer systems and network. The security firm’s investigation showed no internal wrongdoing and verified Eagle CCU computer systems and network are secure.Emanate Health
February 19, 2020 | Third Party
Abstract
We received notice from PaperlessPay on March 20, 2020 informing us that an unauthorized person gained access to its computer server. PaperlessPay learned of the incident on February 19, 2020 when the Department of Homeland Security (“DHS”) contacted PaperlessPay to inform them that an unknown person was purporting to sell “access” to the PaperlessPay database on the dark Web.Emanate Health Foundation
February 7, 2020 | Ransomware
Abstract
On July 16, 2020, the Foundation was notified by its third-party provider, Blackbaud, of a security incident which involved your personal information. Blackbaud notified us that it discovered a ransomware attack on its systems around May 20, 2020. Blackbaud retained independent forensics experts and notified law enforcement. Shortly after the discovery, Blackbaud expelled the cybercriminal from its system. However, Blackbaud determined that before being locked out the cybercriminal had removed a copy of the Foundation’s backup file maintained on Blackbaud’s servers, which contained your personal information. Blackbaud believes the cybercriminal accessed this file initially on February 7, 2020 and retained access until May 20, 2020. We understand that Blackbaud confirmed that the backup file copy had been destroyed. Based on the nature of the incident, Blackbaud’s research, and third-party (including law enforcement) investigations, Blackbaud does not believe that any data went beyond the cybercriminal, was misused, or will be further disseminated.Episcopal Community Services
February 7, 2020 | Ransomware
Abstract
On July 16, 2020, ECS was notified by Blackbaud, Inc., one of our third-party service providers, of a security incident. At this time, we understand Blackbaud discovered and stopped a ransomware attack. After discovering the attack, the service provider’s cyber security team—together with independent forensics experts and law enforcement—successfully prevented the cybercriminal from blocking their system access and fully encrypting files; and ultimately expelled them from their system. But before locking the cybercriminal out, the cybercriminal removed a copy of a backup file containing some constituent information. This occurred at some point beginning on February 7, 2020 and could have been in there intermittently until May 20, 2020.Electrical Training Institute
December 23, 2019 | Email Compromise
Abstract
On April 3, 2020, we completed our investigation into a business email compromise incident. Upon learning of the incident, we secured the affected email account and launched an investigation, and a cybersecurity firm was engaged to assist.eImprovement, LLC
December 14, 2019 | Website Compromise
Abstract
On February 3, 2020, eImprovement received a phone call from a customer who stated that they had experienced fraudulent activity on their credit card after shopping on eFaucets.com. This was confirmed a few days later by a report from VISA. We hired a top forensics consulting firm to assist with our ongoing investigation of this matter. They confirmed on February 10, 2020 that there had been an attack on eFaucets.com in which malicious scripts copied information entered on the checkout page, then shared the information with a domain named fontsawesomes.org. While the actual date of the breach cannot be confirmed, the investigation team discovered that fontsawesomes.org was registered on December 14, 2019.Evergreen Union School District
November 15, 2019 | Unauthorized Access
Abstract
The District uses the Aeries Student Information System to provide students and their parents with online access to information regarding school events and schedules. In late November 2019, Aeries learned that an unauthorized individual attempted to exploit a vulnerability in the Aeries software that would allow access to student and parent information. Aeries later determined that the exploit was successful. Upon discovery, Aeries began an investigation and law enforcement launched an investigation to identify the person responsible, who Aeries believes is now in police custody. On April, 2020, we learned that this individual may have accessed the District's Aeries System. We then conducted our own investigation, and on May 6, 2020, determined that the individual did access parent and student data in the District's Aeries System.Evolucion Innovations Inc.
November 08, 2019 | Malware
Abstract
On December 3, 2019, we learned that an unauthorized code had been installed on evo.com. Immediately upon learning of the issue, we launched an investigation and removed the unauthorized code. A leading cybersecurity firm was also engaged to assist. Our investigation determined that the unauthorized code was designed to capture information entered during the checkout process, and that it may have been present at various times between: Nov. 8 – 21, 2019; Nov. 27 – Dec. 3, 2019; and for a brief period on Dec. 5, 2019.El Dorado County Office of Education
November 06, 2019 | Service Compromise
Abstract
On May 6th, 2020, we were informed that there may have been unauthorized access to the Aeries® SIS on November 4th, 2019 which may have revealed Parent and Student Login information, physical residence addresses, emails addresses, and password hashes. Even though a password hash is an encrypted password (not visible), unauthorized persons may be able to deconstruct weak, common or simple passwords, which would enable the person to access unauthorized Parent and Student Accounts and data stored in the Aeries® SIS. Based on the report we received from Aeries, no other data stored in our AERIES database was affected, including grades, credits, & transcripts.EmployBridge
September 03, 2019 | Unauthorized Access
Abstract
We recently determined that an unauthorized individual may have gained access to imaged garnishment documents containing your personal information on or about September 3, 2019. We then took steps to notify EmployBridge of this matter. We are unable to confirm which, if any, garnishment documents were subject to unauthorized access, but identified that your personal information was found within the imaged garnishment documents.Entercom Communications Corporation
August 04, 2019 | Third Party
Abstract
In September 2019, Entercom experienced a cyber-attack. We immediately began an investigation with assistance from outside data privacy and computer forensics specialists to determine the nature and scope of the incident. As part of our investigation into that attack, we became aware of unauthorized activity relating to third-party cloud hosting services, which we use to store information relating to Radio.com users.EatStreet, Inc.
May 03, 2019 | Database Compromise
Abstract
On May 3, 2019, an unauthorized third party gained access to our database, which we discovered on May 17, 2019. The unauthorized third party was able to acquire information that was in our database on May 3, 2019. We were able, however, to promptly terminate the unauthorized access to our systems when we discovered the incident. The database contained, among other things, information about our delivery partners.Eversana Life Sciences Services, LLC
April 01, 2019 | Email Compromise
Abstract
EVERSANA has been working with third party cybersecurity specialists to investigate unusual activity relating to EVERSANA’s email environment. The investigation confirmed that certain email accounts were subject to unauthorized access by an unknown party. EVERSANA has since commenced a comprehensive and timeconsuming review of the full contents of all impacted email accounts to determine what data, if any, may have been present and accessible to the unauthorized actor. We received the results of the account review on February 6, 2020. While our analysis of the results is ongoing, our preliminary review of the potentially impacted data shows that personal information, relating to EVERSANA employees and certain family members of EVERSANA employees, was potentially accessible within the accounts on separate occasions between April 1 and July 3, 2019.Eshel, Aminov & Partners LLP
March 10, 2019 | Email Compromise
Abstract
Eshel, Aminov & Partners LLP was the victim of a business email compromise incident during which a cyber attacker gained access, without our permission, to the confidential business email accounts of our employees as a result of an email phishing scheme.Evite, Inc.
February 22, 2019 | Service Compromise
Abstract
Evite became aware of a data security incident involving potential unauthorized access to its systems on April 15, 2019. Evite immediately engaged one of the leading data security firms and launched a thorough investigation. The investigation potentially traced the incident to malicious activity starting on February 22, 2019. On May 14, 2019, the investigation determined that an unauthorized party had acquired an inactive data storage file associated with Evite user accounts.EmCare, Inc., Sheridan Healthcorp, Inc. and their affiliates
September 24, 2018 | Breach
Abstract
Based on our records, you may currently be, or may have previously been, employed by or engaged with Emcare, Inc., Sheridan Healthcorp, Inc. or one of their affiliates. We value and respect the privacy of your information, which is why we are advising you of a recent incident that may have involved some of your personal information. We are investigating the incident and implementing measures to prevent future occurrences. We have no reason to believe that your information has been misused to commit fraud or identity theft; however, we are providing guidance on how you can protect yourself.Eye Buy Direct, Inc.
September 01, 2018 | Unknown
Abstract
TBDBEvergreen Alliance Golf Limited, L.P.
August 15, 2018 | Malware
Abstract
After we received a report suggesting that there may have been unauthorized access to data from payment cards that were legitimately used at certain Arcis Golf locations, the Company immediately launched an investigation and engaged a leading computer security firm to assist. On January 16, 2019, findings from the investigation identified the operation of malware designed to access payment card data from cards used on point-of-sale (POS) devices at certain Arcis Golf locations. It is possible that data from cards used at the locations involved may have been accessed between August 15, 2018 and February 4, 2019.Envision Healthcare Corporation
July 17, 2018 | Email Compromise
Abstract
We recently learned that some Envision email accounts containing personal information may have been accessed by an unauthorized third party in July, 2018. We conducted an investigation into this matter, including hiring a leading forensic firm to assist us.Earl Enterprises
May 23, 2018 | Unknown
Abstract
TBDBElmcroft Senior Living, Inc.
May 10, 2018 | Server Compromise
Abstract
On May 10, 2018, an unauthorized third party accessed our servers which included files containing personal information about you or your family member. We became aware of the incident on May 12, 2018 and immediately terminated the third party’s unauthorized access. We promptly initiated an investigation to determine how the access occurred, and what information was or may have been accessed. We have also notified local and federal law enforcement agencies and are cooperating with those entities as they investigate this incident.El Centro Regional Medical Center
May 08, 2018 | Third Party
Abstract
In late-August we were notified by Jobscience, a vendor we contract with to help us process job applications, that they experienced an intrusion into their systems and that information relating to ECRMC job applicants may have been impacted. Jobscience said they were continuing their investigation and would provide additional information. In early-October, Jobscience notified us that, based on their investigation, electronic information that job applicants had submitted when filling out online job applications and applying for positions at ECRMC, had been stolen from their server by an unknown third party. The theft occurred between May 8, 2018 and May 11, 2018. We then worked with Jobscience and an outside forensic vendor to determine what individuals were impacted.Edward D. Jones & Co, L.P.
April 21, 2018 | Third Party
Abstract
On April 26, 2018, we were informed that PricewaterhouseCoopers LLP (“PwC”), which maintains some of our clients’ information to provide tax services to Edward Jones, mistakenly provided a file containing some of our clients’ information to another financial services company via a secure, encrypted online portal. The file was accessed or downloaded by only one senior employee of the other company for only a few minutes, at which time this person realized the data was of Edward Jones clients.Eye Safety Systems, Inc. (ESS)
November 21, 2017 | Email Compromise
Abstract
Eye Safety Systems (“ESS”) was recently notified by a third-party developer of unusual activity in email logs and determined that emails had been sent from the server hosting our website, esseyepro.com (“Site”), to an unauthorized email address. You are receiving this notice because our records show that your information may have been affected by this incident.Employer Leasing Company
September 14, 2017 | Misconfiguration
Abstract
On October 17, 2017, we became aware that certain Company files containing sensitive information that were stored on a Company server had become browsable for a brief period of time through a directed search on the Google search engineE. & J. Gallo Winery
August 18, 2017 | Insider Threat
Abstract
On August 30, 2017, Gallo learned that a former employee recently obtained employee data without authorization. Upon learning that this had occurred, we immediately contacted the person and recovered the data. We also reported the matter to law enforcement authorities. Although there is no evidence that the data was used, out of an abundance of caution, we wanted to inform you of this incident and encourage you to utilize the information below and the services being offered to protect your personal information.Equifax Inc.
May 13, 2017 | Website Compromise
Abstract
On July 29, 2017, Equifax discovered that criminals exploited a U.S. website application vulnerability to gain access to certain files. Upon discovery, we acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm which has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017.Equitable Tax Service
March 16, 2017 | Email Compromise
Abstract
On the evening of March 16, 2017, Jill Dykes, the owner of ETS, experienced issues logging into her Comcast email account, which she used for professional services on behalf of ETS. THe next day, Ms. Dykes contacted the technical support department, who informed Ms. Dykes that the password to her email account had been changed the previous day. THis password change occurred without Ms. Dykes' knowledge or consent, indicating potential unauthorized access to her email account and a potential unauthorized disclosure of the data contained in that email account. This incident accurred despite ETS spending time and resources, including over the last 6 months, to maximize security of ETS information.Extreme Reach, Inc.
February 08, 2017 | Phishing
Abstract
On February 8, 2017, a small number of employees were targeted by a phishing email, which resulted in those employees' email credentials being compromised. We immediately launched an investigation, with the assistance of third-party forensic investigators, to determine what happened and what information, if any, may have been accessed or accessible by an unauthorized individual. As part of this investigation, which is ongoing, we determined on February 15, 2017 that certain employee email accounts were accessed without authorization for a brief period of time.eHealthInsurance Services, Inc.
January 20, 2017 | Phishing
Abstract
On January 20, 2017, we learned that one of our employees had received a phishing eamil, which the employee mistakenly believed to be a legitimate email from an eHealth executive. As a result of the phishing email, copies of 2016 employee W-2 forms were provided before we discovered that the request was made from a fraudulent account. Since we discovered this incident, we have been working to investigate and mitigate its potential impact.Easy Breathe, Inc.
January 04, 2017 | Website Compromise
Abstract
On February 10, 2017, we learned that an unknown individual may have accessed your credit or debit card information used to make purchases at our online store. We immediately took action to secure our system and commenced an investigation to determine what information may have been accessed. We determined that the unknown individual may have accessed customer payment card information, including name, address, telephone number, and credit/debit card information. None of your health information (for example, social security number, insurance member ID number, etc.) was present or at risk.El Paso – Los Angeles Limousine Express, Inc.
December 09, 2016 | Programming Error
Abstract
On September 10, 2018, Wells Fargo informed us that our website handling our company’s online ticket sales (https://ims.eplalimo.com) was a common point of purchase for some unauthorized credit card transactions with other merchants and that there may have been a possible compromise of our website. We immediately began an investigation with the assistance of a leading computer security firm. On September 13, 2018, the vendor that we hired to manage and host our online reservations determined that a coding error by a developer had created the potential for unauthorized access to payment card data stored on our website. Specifically, information you provided during checkout including name, address, email address, payment card number, expiration date, and printed card security code, was accessible to unauthorized parties. Based on our investigation, we believe the incident only involved customers who bought or attempted to buy tickets on our website between December 9, 2016 and September 13, 2018. We are notifying you because you bought or attempted to buy a ticket during that time period using a payment card.East Valley Community Health Center, Inc.
October 18, 2016 | Ransomware
Abstract
We are sending this letter to you as part of East Valley Community Health Center’s (EVCHC) commitment to patient privacy. We take patient privacy very seriously, and it is important to us that you are made fully aware of a potential privacy issue. We learned that your personal information, including name, date of birth, address, medical record number, health diagnosis codes and insurance account number may have been compromised. However, information such as social security number and/or CA identification/driver license number was not included. On October 18th, an unknown individual logged into an EVCHC server without authorization and installed Troldesh/Shade, encrypting (locking) the files that were stored on the server, this is also known as a ransomware attack. One of the files that was encrypted had patient health information on it, which came from claims that were submitted to health plans.EmblemHealth
October 03, 2016 | User Error
Abstract
Earlier this month, GHI mailed you a copy of your Medicare Prescription Drug Plan Evidence of Coverage (a document that describes the health care benefits covered by your plan and how your plan works). On October 13, 2016, we learned of an unintentional disclosure of your Health Insurance Claim Number (HICN) as a result of this mailing.Eileen Fisher
September 09, 2016 | Website Compromise
Abstract
Our records show that you made a purchase on eileenfisher.com between Wednesday, September 7 – Monday, October 24, 2016. In late October, we were informed of a possible data security incident that affected our website during that timeEye Institute of Marin
July 26, 2016 | Third Party
Abstract
On or about August 22, 2016, we received confirmed notice from our electronic medical record provider that their electronic system was subject to a malware attack on July 26, 2016. They became aware of the incident on July 27, 2016, and we are informed that they promptly took action to secure their systemsEastwood Company
May 29, 2016 | Website Compromise
Abstract
On July 22, 2016, Eastwood learned that malicious software code may have been inserted into its e-commerce website. We immediately removed the malicious software, began an investigation and hired a third-party cybersecurity firm to assist us. Findings from the investigation show that if a customer placed an order on our website from May 29, 2016 to July 22, 2016, information associated with the order being placed may have been obtained by an unauthorized third-party.Edgar & Associates LLP
Abstract
After experiencing unusual activity during this filing season with an escalated number of rejected returns and a few clients receiving letters from the IRS telling them that someone had filed or attempted to file a 2016 tax return that we had not prepared, we immediately hired IT consultants to investigate. On March 13, 2017, a specialized forensic IT firm determined that hackers had gained unauthorized access to our system from a foreign IP address. After a thorough investigation we have discovered that the unauthorized access occurred on April 1-2, 2016, and occurred through Remote Desktop Protocol between September 28, 2016 and November 3, 2016.Essex Property Trust, Inc.
March 17, 2016 | Phishing
Abstract
We are following up on the announcement we made last Friday, March 18, 2016, that we had fallen victim to a phishing scam. A “phishing” scam is one where an intruder impersonates someone in order to gain access to information they would not otherwise be entitled to. As a result of the incident, W-2 tax forms for 2015 were released to unknown persons outside the company. If you received a W-2 for the 2015 tax year, we believe you were affected.Eddie Bauer, LLC
January 02, 2016 | System Compromise
Abstract
We recently learned that point of sale systems at Eddie Bauer retail stores may have been accessed without our authorization. We immediately initiated a full investigation with third-party digital forensic experts. On August 11, 2016 we received confirmation that your payment card information used at one or more of our retail stores (payment card ending in [ClientDef1(Payment Card Number)]) may have been accessed without authorization. This may have occurred on various dates between January 2, 2016 and July 17, 2016. Not all cardholder transactions during this period were affected, but out of an abundance of caution, we are notifying you of the incident and offering you identity protection services. Payment card information used for online purchases at eddiebauer.com was not affected.Eastbay Equities
December 02, 2015 | Unknown
Abstract
East Bay Perinatal Medical Associates
June 01, 2015 | Insider Threat
Abstract
We hope this letter finds you well. We are writing to inform you that on June 2, 2015, we were contacted by the Berkeley Police Department regarding an employee. During the course of their investigation on an unrelated matter, an officer identified that a patient list was on the employee’s personal laptop. This list was created as part of the employee’s duties for cataloguing our 2012 records. The laptop was retained at Berkeley PD and the officer contacted East Bay Perinatal Medical Associates (EBPMA). The extent of the information pertaining to EBPMA was determined, and this information was permanently deleted from the employee’s hard drive by EBPMA’s Information Technology Security Consultant.Epic Foods dba Bistro Burger (Market Street)
January 04, 2015 | Malware
Abstract
We recently confirmed that unauthorized individuals or entities installed malicious software on computer systems used to process credit card transactions at our Market Street Bistro Burger location, located at 865 Market Street, San Francisco, CA 94103. The incident may have compromised payment card data of visitors that made payment card purchases at the Market Street location between January 4, 2015 and March 13, 2015, including name, payment card account number, card expiration date and security code. While we do not know whether a particular customer’s personal information has been or will be misused, as a precaution we are providing this notice to tell customers about the incident and call their attention to some steps they may take to help protect themselves.EMCOR Services Mesa Energy Systems
November 25, 2014 | Laptop Stolen
Abstract
We recently became aware of the theft of a company laptop computer that may have contained some of your personal information. Although we are still investigating the incident, the following information may have been on the stolen laptop: <<ClientDef1(your name, Social Security number, date of birth, date of hire, address, salary, gender, and ethnicity.)>> Upon learning of the theft, which occurred on around November 25, 2014, we took immediate steps to address the situation, including reporting the incident to law enforcement. We intend to continue our ongoing efforts to enhance our information security policies and procedures in light of this incident to minimize the risk of such incidents in the future.Empi, Inc./DJO, LLC
November 07, 2014 | Laptop Stolen
Abstract
Recently you received an orthopedic product from DJO LLC/Empi, Inc. for your rehabilitation, pain management and/or physical therapy. We are writing to notify you that on November 7, 2014, we discovered that, on that same day, a backpack containing a laptop computer was stolen from a locked car belonging to a DJO consultant parked at a coffee shop in Roseville, Minnesota.Evans Hotels
September 01, 2014 | Malware
Abstract
Several years ago, we began using card readers that encrypt payment card data when the card is swiped. We kept the previously used card readers as a backup for IT disaster recovery reasons. However, during the investigation, we learned that the backup readers were being used in addition to the current system during the check-in of large groups.East West Bank-CA Impacted Customers-Kmart Data Breach
September 01, 2014 | System Compromise
Abstract
Kmart reported unauthorized access to payment data systems in their stores between September 1 and October 9, 2014. Kmart has an on-going investigation into this matter and has not yet determined whether any cardholder data was in fact stolen. East West Bank takes the protection of your account information seriously, and as a result of this information, we have determined that your debit card was used at one of Kmart’s store locations during this time period.East West Bank
June 22, 2014 | Unauthorized Access
Abstract
AB Acquisition LLC, which operates Albertsons Stores, Acme Markets, Jewel-Osco, Shaw’s and Star Markets reported unauthorized access to payment card data in some of their stores between June 22 and July 17, 2014. AB Acquisition LLC has an on-going investigation into this matter and has not yet determined whether any cardholder data was in fact stolen. East West Bank takes the protection of your account information seriously, and as a result of this information, we have determined that your debit card was used at one of AB Acquisitions’ store locations during this time period.April 11, 2014 | Unauthorized Access
Abstract
As you have likely heard, Home Depot reported unauthorized access to payment card data from their US and Canadian stores between April 11 and September 7, 2014. This data breach includes customer names, debit card numbers, account address, and card expiration dates. East West Bank takes the protection of your account information seriously, and as a result of this information, we have reviewed your account activity and have determined that your debit card was used at a Home Depot store during this time period.November 27, 2013 | Unauthorized Access
Abstract
As you have likely heard, Target experienced unauthorized access to payment card data from their US Target stores between November 27 and December 15, 2013. This data breach includes customer names, credit card numbers, expiration dates and PINs. East West Bank takes the protection of your account information seriously, and as a result of this information, East West Bank has reviewed your account activity and has determined that your credit card was used at a Target store during this time period.East Bay Municipal Utility District
February 05, 2014 | Third Party
Abstract
On May 25, 2018, staff learned that unauthorized individuals may have accessed ersquared.org, the third-party hosting environment for Marconi. Upon this discovery, staff, in conjunction with the Multi-State Information Sharing and Analysis Center (MS-ISAC), immediately began investigating the system to determine what happened and what District information may have been affected. Although there is no evidence that personal information was accessed or that any other District systems were compromised, the District is notifying you as a precaution. The period during which employee information may have been accessed is February 5, 2014 through June 4, 2018.eMinor Incorporated d/b/a/ ReverbNation
January 31, 2014 | Unauthorized Access
Abstract
ReverbNation was recently contacted by law enforcement and alerted that an individual had illegally sought to gain unauthorized access to some of our customer’s user data. In January 2014, an individual, who has since been identified and charged, illegally accessed a ReverbNation vendor’s computer systems and ultimately gained unauthorized access to user information contained in a backup of our database.Easter Seal Society of Superior California
December 10, 2013 | Laptop Stolen
Abstract
On December 10, 2013, an Easter Seal Society of Superior California (“Easter Seals”) employee’s vehicle was broken into and a number of items, including a work-issued laptop computer, were stolen. Upon learning of this incident on December 10, 2013, Easter Seals immediately launched an internal investigation, hired specialized data security counsel to assist in the response to this incident, and retained external forensics experts to assist in determining the scope of this event. These investigations revealed that although the computer was powered off, password protected, and not connected to the internet at the time of theft, emails containing the health information of certain Easter Seals clients and potential clients could still be accessed.Easton-Bell Sports, Inc.
December 01, 2013 | Server Compromise
Abstract
With much regret, I am writing to make you aware that Easton-Bell Sports, Inc. (“Easton-Bell”), which includes Easton, Bell, Riddell, Giro, Blackburn and Easton Cycling, recently discovered that servers at one of our vendors were subject to a malicious software (“malware”) computer intrusion. We believe the incident may have begun on December 1, 2013. The servers that were accessed contained Easton-Bell information and may impact customers who made online purchases between December 1, 2013 and December 31, 2013. This may have included personal information you provided to us, such as your name, address, telephone number, email, and credit card number along with the 3 or 4 digit credit card security code on your card. On January 9, 2014, Easton-Bell determined that this malware intrusion may have resulted in an unauthorized individual having accessed your information. Upon discovery, we immediately shut down the affected servers and took steps to prevent further access to your information, including cleaning and rebuilding the affected servers. We have also hired a highly experienced computer forensic specialist to conduct an exhaustive investigation of this matter. We are also working with our vendor on additional measures that can be taken to prevent such incidents in the future.EDD
September 30, 2013 | Computer Stolen
Abstract
This letter is to notify you of a recent equipment theft of personal computers that involves the Unemployment Insurance (UI) records of the Employment Development Department (EDD). A locked, secure EDD facility was broken into and personal computers were stolen.Eureka Internal Medicine
September 25, 2013 | User Error
Abstract
From about September 25, 2013, until about October 9, 2013, when it was discovered, a janitorial service for Eureka Internal Medicine, was mixing paper recycling containing patient information with the regular trash at night, instead of moving it to the locked shredding bin, where it belonged. As a result, the paper containing patient information was thrown out with the regular trash, which was picked up and handled by the waste management company in the usual manner, instead of locked in a shred bin until picked up for secure shredding.Employment Development Dept.
September 14, 2013 | User Error
Abstract
This letter is to notify you that some of your confidential information may have been released by the Employment Development Department (EDD) in a notice mailed to an employer for whom you did not work. Our analysis of records shows that between September 14, 2103, and October 9, 2013, your full name and social security number (SSN) may have been mailed to an incorrect employer.Exelixis
July 30, 2013 | Device Lost
Abstract
The privacy of individual personal data is important to Exelixis. As a result, we are writing to inform you that on July 30, 2013, we learned of a theft of company equipment that contained such data. Following an investigation, we have determined that the data may have included your name, address, birth date, financial account number, and social security number.Edgewood Partners Insurance Center
July 17, 2013 | Laptop Stolen
Abstract
In the evening hours of July 16 to July 17, 2013, five password protected unencrypted laptops were stolen from EPIC's office located at 135 Main Street, 21st Floor, San Francisco, CA 94105. EPIC learned of this incident on July 17, 2013.Ellison Systems, Inc. d.b.a Shoplet.com
December 20, 2012 | System Compromise
Abstract
On January 11, 2013, we learned that a hacker may have accessed our systems. We immediately took steps to secure our systems, and implemented increased security controls to prevent this from happening in the future, including hiring a computer forensic investigator to determine what happened, installing a hardware firewall and moving our database server to a more secure zone. Law enforcement has been notified and we are cooperating with their investigation. Unfortunately, the hacker may have accessed the names, addresses, and credit card information of customers who purchased an item on our website. We are notifying you so that you can be aware of this situation and take steps to protect yourself from any harm, including contacting your bank and/or credit card company. It is important to carefully review your account statement over the next 12 to 24 months, and promptly report any suspect transactions to your credit card company. Please see the enclosed insert for more information.East San Gabriel Valley Regional Occupational Program
December 11, 2012 | User Error
Abstract
On December 11, 2012, we learned that an employee sent a career placement e-mail to students regarding open positions which inadvertently included an attachment containing student information.ECS Tuning
May 06, 2012 | Unauthorized Access
Abstract
We value the relationship with you and we look forward to serving your future needs. Regrettably, we must inform you that between May 6th and May 10th, 2012, unauthorized access by an unknown third party concerning customers' personal information associated with pending and recently shipped orders occurred. Accessed personal information includes your name, address, email address, phone number, ECS customer account password, debit or credit card number, credit or debit card expiration date, and debit or credit card security code or access code. We have taken prompt action to secure the system to prevent any further compromises.Emory Healthcare, Inc.
February 20, 2012 | Device Lost
Abstract
On February 20, 2012, we discovered that 10 backup data discs containing information from some of our surgical patients, prior to May 2007, were missing from their storage location in a surgery support office at Emory University Hospital.ELS Language Services, Inc.
Abstract
We recently learned that a former employee of ELS Santa Monica is currently under FBI investigation for suspected theft of certain credit card information and other personal data from our customer records. This individual is no longer employed by ELS.Empathia, Inc.
Abstract
On January 30, 2016, we discovered spam files on one of our data servers. We removed the spam and immediately launched an investigation to determine the nature of the access and what data may have been stored on that server. We also hired a third party forensic investigator to supplement our investigation. The forensic investigation revealed that the spam spread to a second domain on the same server. That server contained a file with your information which you provided to Empathia when you submitted a request for a credit check in 2003 or 2004. We have no evidence that your data was accessed by an unauthorized individual, and we are not aware of any actual or attempted misuse of your information. What’s more, there is no indication the unauthorized access was for any purpose other than using our servers to spread spam emails. However, we are providing this notice to you out of an abundance of caution.Evolution Nature Corp. d/b/a The Evolution Store (Evolution”)
Abstract
Evolution received a complaint of credit-card fraud from a customer and immediately initiated a thorough investigation, supported by a top-tier and globally recognized third-party data forensics expert, Stroz Friedberg, LLC (“Stroz”). During this investigation, on September 16, 2014, Stroz confirmed that the administrative section of Evolution’s e-commerce site was accessed by unauthorized IP addresses using administrative credentials, and that customer order information was exposed. Stroz and Evolution's teams are working aggressively to secure the e-commerce system and ensure that customer payments are protected.Equity Trust Company
Abstract
We are writing to notify you that a portion of Equity Trust’s computer network was recently accessed by an unauthorized third party. We are very sorry that this situation has occurred. Protecting the privacy and security of your information is a top priority for us. Accordingly, upon discovering the event, we promptly installed software to block similar intrusions, and denied access to our network from certain international locations. Although we did not find any evidence that the unauthorized third party actually acquired, copied or removed any customer information from our network, we want to inform you about the situation and encourage you to take the steps set forth in this notice.F
FireEye
December 08, 2020 | Advanced Persistent Threat
Abstract
FireEye is on the front lines defending companies and critical infrastructure globally from cyber threats. We witness the growing threat firsthand, and we know that cyber threats are always evolving. Recently, we were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack. Our number one priority is working to strengthen the security of our customers and the broader community. We hope that by sharing the details of our investigation, the entire community will be better equipped to fight and defeat cyber attacks.Foxconn North America
November 29, 2020 | Ransomware
Abstract
Foxconn electronics giant suffered a ransomware attack at a Mexican facility over the Thanksgiving weekend, where attackers stole unencrypted files before encrypting devices.Ferris Marketing, Inc.
November 01, 2020 | Website Compromise
Abstract
On May 29, 2020, Ferris was alerted by Visa Inc. (“VISA”) that Night Owl’s retail website - https://nightowlsp.com/ - was the last Common Point of Purchase (“CPP”) for credit cards legitimately used to purchase products from Night Owl which were later used to make fraudulent purchases using VISA payment cards.June 5, 2020 | Website Compromise
Abstract
On May 29, 2020, Ferris was alerted by Visa Inc. (“VISA”) that Night Owl’s retail website - https://nightowlsp.com/ - was the last Common Point of Purchase (“CPP”) for credit cards legitimately used to purchase products from Night Owl which were later used to make fraudulent purchases using VISA payment cards.FRIEDMAN & COMPANY CPA
September 21, 2020 | System Compromise
Abstract
On september 20, 2020, we discovered a data security incident involving our firm and some of our clients whose 2019 tax returns were on Extension. After thorough investigation, we have discovered that the perpetrator(s) hacked into our system, and between september 24 and september 28, 2020, fraudulently filed approximately 30 client tax returns. We know whose returns were filed fraudulently and will contact you personally to discuss. if you do not hear from us your return was not affected. But the information contained in your tax return could be compromised.September 1, 2020 | Unauthorized Access
Abstract
On September 29, 2020, we discovered a data security incident involving our firm and some of our clients whose 2019 tax returns were on Extension. After thorough investigation, we have discovered that the perpetrator(s) hacked into our system, and between September 24 and September 28, 2020, fraudulently filed approximately 30 client tax returns. We know whose returns were filed fraudulently and will contact you personally do discuss. If you do not hear from us your return was not affected. But the information contained in your tax return could be compromised.Federal Home Loan Mortgage Corporation
July 7, 2020 | Ransomware
Abstract
We recently learned that, earlier this year, a vendor we hired to perform due diligence services on some of our loans, experienced a ransomware attack on its systems. Because the incident left the vendor’s system inaccessible to the vendor, the vendor does not know all details of the incident or the information affected.Abstract
We recently learned that, earlier this year, a vendor we hired to perform due diligence services on some of our loans, experienced a ransomware attack on its systems. Because the incident left the vendor’s system inaccessible to the vendor, the vendor does not know all details of the incident or the information affected.Fragomen, Del Rey, Bernsen & Loewy, LLP
July 1, 2020 | Unauthorized Access
Abstract
We recently became aware of suspicious activity within our computer network. While our investigation is ongoing, we discovered that an unauthorized third party gained access to a single file containing personal information relating to I-9 employment verification services. This file contained personal information for a discrete number of Googlers (and former Googlers), including you.FormFactor, Inc.
June 21, 2020 | Malware
Abstract
On Sunday, June 28, 2020 Central European Time, we discovered a data breach incident involving malware and related behaviors that involved unauthorized access to our IT systems by an unknown third party. Under our current assessment, the unauthorized access to the files relevant to this notice began on June 21, 2020.Given the nature of the attack, we do not yet have a complete understanding of the scope of the unauthorized access to our data. We do, however, have reason to believe that such unauthorized access encompassed access to or loss of certain personal data stored on our IT systems.
FabFitFun. Inc.
April 26, 2020 | Website Compromise
Abstract
Our technical team recently discovered that an unauthorized third party inserted malicious code on portions of our website that may have enabled them to capture certain information in connection with customer sign ups. Based on our forensic investigation, this incident concerns the new member sign up pages of our website during the period between April 26, 2020 and May 14, 2020, and between May 22, 2020 and August 3, 2020. According to our records, you signed up for FabFitFun during this timeframe, and your information therefore could have been affected. Although we believe that only a subset of members who signed up during this period were affected, we are notifying everyone that signed up during this timeframe as a precaution.Florida Orthopaedic Institute
April 06, 2020 | Ransomware
Abstract
On or about April 9, 2020 we discovered that we were the victim of a ransomware attack that encrypted the data stored on our servers. We immediately began an internal investigation to secure our environment and restore impacted data. We also engaged a third-party forensic investigator to assist us with the investigation. On May 6, 2020, the investigation revealed that the personal information of certain FOI patients may have been accessed or taken during the incident. While we are not aware of the misuse of any information impacted by this incident, we are sending you this letter to notify you about the incident and provide information about steps you can take to help protect your information.Frederick W. Howarth III d/b/a TBG West Insurance Services (“TBG West”)
March 27, 2020 | Ransomware
Abstract
We value and respect the privacy of your information, which is why we are writing to advise you of a recent incident that may have involved some of your personal information. On March 27, 2020, our system was impacted by a ransomware event that encrypted certain files. Upon learning of the situation, we promptly investigated the incident with the help of a leading cybersecurity firm and have taken steps to prevent any recurrence. We also notified law enforcement and are cooperating with its investigation.Florida State College
February 7, 2020 | Ransomware
Abstract
Blackbaud is a cloud-based software company that provides services to thousands of schools, hospitals, and other nonprofits. On July 16, 2020, Blackbaud notified us that it had discovered a ransomware attack on Blackbaud’s network in May 2020. Blackbaud reported that it conducted an investigation, determined that backup files containing information from its clients had been taken from its network, and an attempt was made to encrypt files to convince Blackbaud to pay a ransom. Blackbaud paid a ransom and obtained confirmation that the files that had been removed had been destroyed. The time period of unauthorized access was between February 7, 2020 to May 20, 2020. Blackbaud reported that it has been working with law enforcement.Florida State College at Jacksonville Foundation
February 07, 2020 | Third Party
Abstract
Blackbaud is a cloud-based software company that provides services to thousands of schools, hospitals, and other nonprofits. On July 16, 2020, Blackbaud notified us that it had discovered a ransomware attack on Blackbaud’s network in May 2020. Blackbaud reported that it conducted an investigation, determined that backup files containing information from its clients had been taken from its network, and an attempt was made to encrypt files to convince Blackbaud to pay a ransom. Blackbaud paid a ransom and obtained confirmation that the files that had been removed had been destroyed. The time period of unauthorized access was between February 7, 2020 to May 20, 2020. Blackbaud reported that it has been working with law enforcement.Foundation Medicine, Inc.
December 17, 2019 | Email Compromise
Abstract
On January 14, 2020, FMI learned that an unauthorized user accessed one of our employee’s email accounts. We promptly opened an investigation, retained a forensics firm to assist us, and took steps to secure the account. It appears that the employee may have fallen victim to phishing communications, resulting in unauthorized access to the employee’s email account on December 17, 2019 and January 14, 2020. The employee’s password was promptly changed, and the previous email credentials could no longer be used to access the email account. However, because we were unable to rule out the possibility that an unauthorized user accessed personal information, we are notifying you of this event. Information in the affected mailbox included your full name and may also have included your date of birth, age, the name of the test ordered by your physician, your ordering physician, and an ID number assigned by FMI. Your financial information and Social Security Number were not involved.Fairfield-Suisun Unified School District
November 04, 2019 | Vulnerability
Abstract
The District uses the Aeries Student Information System to provide students and their parents with online access to information regarding school events and schedules. In late November 2019, Aeries learned that an unauthorized individual exploited a vulnerability in the Aeries software that would allow access to student and parent information. Upon discovery, Aeries began an investigation, and law enforcement launched an investigation to identify the person responsible, who Aeries believes is now in police custody. On May 6, 2020, Aeries notified us that this individual may have accessed the District’s Aeries System.Filters Fast LLC
July 19, 2019 | Website Compromise
Abstract
In late February 2020, Filtersfast was made aware of a possible data security incident affecting its ecommerce website. Filtersfast immediately began investigating the potential issue. The investigation included hiring an outside expert forensics firm to analyze the Filtersfast systems and determine if there was a breach of security. On July 20, 2020, that investigation revealed that attackers had succeeded in adding malicious code to the Filtersfast website on July 15, 2019, which allowed unauthorized individuals to capture certain information during the checkout process. The malicious code was removed on July 10, 2020, during an unrelated update of the website, ending the unauthorized access. The information potentially affected includes customer name, shipping and billing address, and payment card information used to make a purchase on the e-commerce site.First Aid Beauty Limited
April 15, 2019 | Website Compromise
Abstract
We recently learned of a data security issue affecting our firstaidbeauty.com website. Based on our investigation, we believe that between April 15, 2019 and October 25, 2019, an unauthorized third party placed malicious code on firstaidbeauty.com. The malicious code appears to have enabled the unauthorized party to obtain certain information pertaining to customers who made a purchase on firstaidbeauty.com during the relevant time period.Farmers Insurance
March 31, 2019 | Breach
Abstract
I am writing to let you know that on March 31st 2019 the James Gallegos Insurance Agency was the victim of a cyber-attack that resulted in access to select customer information.FlexCare, LLC d/b/a FlexCare Medical Staffing
March 26, 2019 | Email Compromise
Abstract
One of our employee's email accounts was recently accessed by an unauthorized party after the employee received a phishing email. Soon after receiving the phishing email the employee's email account was shutdown automatically by security features we have in place. We immediately changed the password to the account and conducted an internal investigation. Our internal investigation revealed evidence suggesting that the email account may have been accessed by an unauthorized party.flexPATH Strategies, LLC
December 07, 2018 | Phishing
Abstract
On December 14, 2018, our ongoing investigation into a phishing email incident at flexPATH determined that an unauthorized person had obtained access to an email account belonging to a flexPATH employee. Immediately upon learning of the incident, we secured the employee’s email account, launched an investigation to determine the nature and scope of the incident, and engaged a computer security firm to assist us. The investigation determined that an unauthorized person had access to the employee’s account on December 7, 2018.Five Below, Inc.
November 13, 2018 | Unauthorized Access
Abstract
Our security team learned of suspicious activity on our website on January 11, 2019. We immediately began an investigation with the assistance of a leading computer security firm. On January 17, 2019, the investigation identified the potential for unauthorized access to payment card data. Purchases made in our stores were not affected by this incidentFive Guys Holdings, Inc. and subsidiaries
May 23, 2018 | Phishing
Abstract
On August 6, 2018, we learned that an employee may have fallen victim to a phishing e-mail incident that resulted in unauthorized access to the employee’s e-mail account between May 23, 2018 and August 6, 2018. We immediately secured the e-mail account, conducted an internal investigation, and engaged a leading cyber security firm to assist in the investigation. We then began the extensive process of searching the employee’s inbox to identify the contents.Five Guys Holdings, Inc. and subsidiaries.
May 23, 2018 | Phishing
Abstract
On August 6, 2018, we learned that an employee may have fallen victim to a phishing email incident that resulted in unauthorized access to the employee’s email account. We immediately secured the email account, conducted an internal investigation, and engaged a leading cyber security firm to assist in the investigation. We then began the extensive process of searching the employee’s inbox to identify the contents.Farmer Bros. Co.
May 01, 2018 | Email Compromise
Abstract
On September 18, 2018, Farmer Bros. Co. (“Farmer Brothers”) became aware of a cyber incident in which multiple Farmer Brothers company email accounts were accessed by an unauthorized third party. After conducting a thorough investigation through a nationally-recognized cyber incident response team, which concluded in November, it was discovered that some of those email accounts contained your personally identifiable information and/or financial information. However, due to technical limitations inherent in standard commercial email systems, we were unable to determine whether your personal and/or financial information was actually accessed, viewed, or copied by an unauthorized third party.Farmgirl Flowers, Inc.
April 26, 2018 | Website Compromise
Abstract
On April 29, 2018, at approximately 4:00 p.m. (all times PST), we learned that there was unauthorized access by electronic means to our data by a person or persons whose identities remain unknown. The unauthorized access occurred sometime between 1:00 p.m., on April 26, 2018, and 3:08 p.m., on that same date. The unauthorized access involved the insertion of rogue code into our checkout page. The code was designed to capture the name, billing address, phone number, and email address of certain customers, and also their credit card information, and then send that data to a remote endpoint. The customer order dates for potentially compromised information are April 26, 2018, at 1:00 p.m., until April 29, 2018, at 4:10 p.m. Although we cannot be sure that any of your information was accessed or misappropriated, we are sending you this notice to make you aware of the situation and to provide you with other helpful information.Forever 21, Inc.
February 15, 2018 | Email Compromise
Abstract
Forever 21 was recently notified by our insurance broker, Willis Towers Watson (“WTW”), that an unauthorized third-party obtained access to two of WTW’s employees’ email accounts between February 15, 2018 and March 23, 2018. Upon learning this, we immediately launched an investigation and began working with WTW to conduct a comprehensive review of the contents of the email accounts. The investigation determined that WTW’s affected employee email accounts contained summary documents relating to some Forever 21 insurance claims.April 03, 2017 | Malware
Abstract
Forever 21, Inc. is providing additional information about the payment card security incident that we first reported on November 14, 2017. This notice explains the incident, measures we have taken, and some steps you can take in response.Francesca’s Services Corporation
December 28, 2017 | Website Compromise
Abstract
: Annex Cloud informed Francesca’s that unauthorized code was detected and has since been removed from the code used by Annex Cloud to enable logins. In its report to Francesca’s, Annex Cloud identified time periods between December 28, 2017 and July 9, 2018 when the unauthorized code was or could have been present. If present, the unauthorized code could have captured information entered during the checkout process. Through November 8, 2018, Francesca’s sought additional information from Annex Cloud to determine the transactions that might be involved, and Annex Cloud supplied additional information about their analysis regarding these periods, including their belief that there are certain times inside these periods where it is not clear if the unauthorized code was present. Thus, we are notifying you because you entered information during the checkout process during a time period when it is possible the unauthorized code may have been present.FlagShip Facility Services, Inc.
December 05, 2017 | Laptop Stolen
Abstract
On or about December 5, 2017, Flagship determined that a company-owned HP Elite Laptop (“Laptop”) was missing from 190 Jefferson, Menlo Park, California 94025. The Laptop was kept in a secure facility and was password protected although the password was shared internally by up to ten employees. The Laptop was approximately four years old and was being used internally to operate B5000 software to process I-9 forms and to record information about individuals who were applying for employment with Flagship in the United States. The Laptop contained a .pdf image of the U.S. Passport that you presented with your I-9 Form.Fred Usinger, Inc.
September 24, 2017 | Third Party
Abstract
On March 7, 2018, Fred Usinger, Inc.'s ("Usinger") hosting service provider for its e-commerce website informed Usinger that it had experienced a data security incident in which the personal information, including stored payment data, of a number of Usinger's customers appeared to have been accessed between the time period of September, 2017 and March, 2018. Usinger's investigation concluded on March 16, 2018 that your personal information was likely acquired by an unauthorized third-party.FlexShopper, LLC
August 25, 2017 | Misconfiguration
Abstract
On August 30, 2017, FlexShopper discovered that a database containing customer information may have been inadvertently accessible on the internet for a few days. After learning of this, FlexShopper immediately took action and commenced a forensic investigation to determine whether its systems were at risk and what information may have been involved. The investigation determined that customer names, email addresses, passwords, addresses, phone numbers, dates of birth, Social Security numbers, employment information, self-reported income, bank account information and/or payment card information were potentially exposed. FlexShopper has not identified any evidence of misuse of customer information.Far Niente Winery
August 21, 2017 | Ransomware
Abstract
On August 21, 2017, files on Far Niente’s computers were encrypted by an individual who gained unauthorized access to Far Niente’s computer network. The individual demanded a ransom in exchange for restoring access to the encrypted files. We immediately began an investigation and retained a leading computer forensic firm to help us. The forensic firm determined on August 21, 2017, that the unauthorized person may have had access to our computer network for several hours before encrypting our computer files. We terminated the unauthorized access and restored the encrypted files with unaffected back-up files. We did not pay the ransom demanded by the individual.FastHealth Corporation
August 14, 2017 | Website Compromise
Abstract
On November 2, 2017, FastHealth received a report from law enforcement indicating that an unauthorized third party may have accessed or acquired certain information from FastHealth databases. We immediately began an investigation and hired a leading computer security firm to assist with the investigation. The investigation determined that, in mid-August 2017, an unauthorized third party was able to access FastHealth’s web server and may have been able to acquire information from certain databases.January 14, 2016 | Website Compromise
Abstract
On December 21, 2016, FastHealth discovered suspicious code on a server. Upon learning of this, we immediately began an investigation and hired a leading computer security firm to assist. On January 24, 2017, the computer security firm determined that an unauthorized third party altered code on FastHealth's web server that was to capture certain information as it was being entered on FastHealth's Online patient questionnaires from January 14, 206, to December 20, 2016.FRANKLIN R. NOTO, CPA
July 27, 2017 | Device Lost
Abstract
On July 27, 2017, a burglar broke into our locked office. Upon discovery that same day, an employee immediately called the police and had the window replaced. The burglar stole various items, including password-protected devices. We immediately began an investigation into the matter, worked with law enforcement, and have hired forensic IT specialists.Funding Circle
June 01, 2017 | Email Compromise
Abstract
On March 3, 2018, a data vendor notified Funding Circle of a security incident whereby unauthorized third parties accessed the email accounts hosted in Microsoft Office 365 of a limited number of the data vendor’s employees. Based on information provided by law enforcement, the data vendor identified the malicious activity in November 2017, and determined that Funding Circle data was included in one of the impacted email accounts on February 20, 2018.Funding Circle USA, Inc.
April 27, 2017 | Vulnerability
Abstract
On April 27, 207, a professional security researcher discovered a vulnerability in one of our databases that included some information about our U.S. customers, and notified us shortly after. We immediately determined the cause and implemented a fix. Importantly, we are confident that no customer information was accessed or acquired by any third-party other than the professional security researcher, with whom we worked to identify this issue.Freedom Smokes, Inc.
March 07, 2017 | Website Compromise
Abstract
Although the incident is still under investigation, it appears that between approximately March 7, 2017 and April 25, 2017, an unauthorized individual was able to obtain access to portions of our website and insert malicious code that was designed to capture payment information provided in connection with a purchase.February 11, 2015 | Website Compromise
Abstract
We identified that between approximately February 11, 2015 and March 16, 2015, electronic data may have been improperly obtained through unauthorized access to the website for MyFreedomSmokes (“MFS”). Specifically, on March 16, 2015, we discovered unauthorized code on the website and, although the code was encrypted, we believe that this code may have been used to obtain customer data as customers entered the information into the site’s shopping cart while making a purchase on the website.For the Inspiration and Recognition of Science and Technology
January 21, 2017 | Website Compromise
Abstract
On March 6, 2017, we received a report of suspicious activity for our two externally hosted websites – the FIRST Forum (forums.usfirst.org) and FIRST Tech Challenge Forum (ftcforum.usfirst.org). We immediately launched an internal investigation into this report to figure out what happened and what information may be impacted. While the investigation is ongoing, we have determined that the two websites were accessed between January 21, 2017, and March 7, 2017. These websites are forums where members of the FIRST robotics community can ask questions that are answered by the FIRST community and forum moderators. No other FIRST websites, including the FIRST registration sites, were affected.FriendFinder Networks Inc.
October 14, 2016 | Breach
Abstract
CAMPBELL, Calif., Nov. 14, 2016 /PRNewswire/ -- FriendFinder Networks (FFN) announced it is addressing a security incident involving certain customer usernames, passwords and email addresses. FFN is in the process of notifying impacted users so they can take steps to protect themselves.Four Seasons Hotels Limited
August 10, 2016 | Third Party
Abstract
The Sabre CRS facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following an examination of forensic evidence, Sabre confirmed to Four Seasons Hotels and Resorts on June 6, 2017 that an unauthorized party gained access to account credentials that permitted unauthorized access to certain unencrypted payment card information, as well as certain reservation information, for a subset of hotel reservations processed through Sabre’s system.Friedman & Perry, CPA’s
June 15, 2016 | Server Compromise
Abstract
On February 6, 2017, we learned that some clients had received notification letters from either the IRS or the FTB, regarding an attempted filing of their 2016 tax returns. Knowing that neither they nor we filed the returns, we immediately began an investigation into the matter (specifically, whether the breach was from a third party or our computers). That same day we contacted our IT consultant, we ensured that all system passwords were changed and user information was secure, and we started running scans and reviewing our systems to identify any malicious malware on our computers. None was found. We then hired a specialized forensic IT firm for additional investigation.Front Rush, LLC
January 18, 2016 | Misconfiguration
Abstract
On or around January 5, 2020, Front Rush was informed by a security researcher that one of its Amazon Web Services S3 buckets (“the S3 bucket”) was publicly accessible from the internet. The S3 bucket contained: (a) certain attachments (like transcripts, injury reports, or athletic reports) that were placed in the platform by the institutions; and (b) certain attachments that were uploaded by student-athletes, prospective student-athletes or their parents/guardians, in response to prompts in a recruitment questionnaire formulated and disseminated by the institutions.Fairchild Medical Center
December 16, 2015 | Misconfiguration
Abstract
In late July 2020, FMC was made aware of an issue involving a misconfiguration on one of its servers through a communication from a third-party security company unaffiliated with FMC. FMC immediately commenced an investigation and began working with third party computer specialists to determine the nature and scope of the issue. FMC also immediately addressed the misconfiguration and took steps to secure the server. A third party security company verified that the server security change resolved the issue. Through the investigation, FMC determined that a misconfiguration existed from approximately December 16, 2015 to July 31, 2020 that allowed external individual(s) access to the server. On November 5, 2020, following an extensive review of forensic evidence associated with the server, FMC’s investigation determined that it could not conclusively rule out unauthorized access to records present on the server during the window of time when the misconfiguration was in place.Flinn Scientific, Inc.
May 02, 2014 | Website Compromise
Abstract
On September 8, 2014, we discovered that a cyber-attacker used malware to gain access to our server that hosts our internet store. The attacker managed to intercept payment card information for those cards that our customers used to make purchases on our website between the dates of May 2, 2014 and September 8, 2014. We write today because our records indicate that you made one or more purchases on our website during this time frame. The information intercepted by the attacker includesyour payment card number, card verification code, expiration date, name, address, and email address.Freedom Management Group, LLC dba The Natural
April 22, 2014 | System Compromise
Abstract
On July 15 2014, we learned that criminals forced their way into our system, gaining access to guest credit /debit card information and personal information.Fidelity National Financial, Inc.
April 14, 2014 | Phishing
Abstract
In April 2014, certain of our employees were the subject of a targeted phishing attack. As a result of this phishing attack, the attackers obtained username and password information for a small number of our employee email accounts and logged into a subset of those accounts intermittently from April 14 through April 16, 2014. These email accounts are hosted by a recognized third-party service provider. Our investigation revealed no evidence that the attackers penetrated FNF’s internal network or systems. Upon learning of this attack, FNF promptly notified federal law enforcement and began an investigation. FNF worked with a third-party security expert to determine the scope of the attack.July 01, 2013 | Breach
Abstract
Fidelity National Financial, Inc. (“FNF”) is writing to inform you of an incident that may have involved your personal information. FNF is the parent company of the Fidelity National Title Group title companies, including Fidelity National Title Insurance Company, Alamo Title Insurance, Commonwealth Land Title Insurance Company, and Chicago Title Insurance Company, which provide title insurance and real estate settlement services across the country. Upon learning of the incident, FNF promptly notified federal law enforcement and began an investigation. FNF retained a third-party security expert to conduct a forensic investigation, which remains ongoing.FSV Payment Systems
July 22, 2013 | Website Compromise
Abstract
We recently learned that between July 22nd and July 28th, 2013, an unauthorized third party gained access to a website hosted by one of our service partners and was able to access personal information about you, which may have included your name, address, Social Security number, driver’s license number and Payroll Card number. As soon as we learned of this issue, the site was immediately shut down and no further access is possible. Based on a detailed investigation, we do not believe that any unauthorized activity has occurred on your Payroll Card account. Nevertheless, we take any potential privacy matter seriously and truly regret that this has happened.Fidelity Investments (on behalf of Oracle Corporation)
July 10, 2013 | User Error
Abstract
On July 10, 2013, information about you was inadvertently included in a report that was briefly viewed by a plan administrator at another Fidelity client firm. The report included your name, Social Security number, compensation, and other information related to administration of your 401(k) savings and investment plan. The report that contained this information was only accessible through a password-protected application and only one employee at the Fidelity client firm had access to this report, a Human Resources manager, who is authorized to handle personal data related to his firm’s benefits plans as part of his job responsibilities.Foundations Recovery Network
June 15, 2013 | Laptop Stolen
Abstract
I am writing on behalf of Foundations Recovery Network to inform you of a recent privacy incident concerning your personal information. On Saturday, June 15 th, one of our employees informed us that she had been the victim of a burglary during the early morning hours on June 15 that approximately 2:45 a.m. and that her company laptop had been stolen. The laptop contained certain aspects of patient information which she needed as part of her role with our company. The employee reported the theft immediately to law enforcement authorities. We understand that the theft was one of several that took place in her neighborhood that night, so we do not believe the thief specifically targeted her or the laptop.First National Bank of Southern California
February 01, 2013 | Device Lost
Abstract
We were recently notified by our data service provider that a back-up tape containing certain of your personal information including account number(s), account balances, taxpayer identification number, and social security number was stolen on February 1, 2013. This theft did not occur at our Bank nor did it involve any of our employees. While we have no reason to believe your personal information has been, or will be compromised, we wanted to notify you of the incident and outline the steps we are taking to respond to this security breach.Fabric Depot, Inc.
October 16, 2012 | Website Compromise
Abstract
On January 7, 2013, I learned of a data security incident that may have resulted in the disclosure of the credit card information, names, and billing address associated with your online purchase.First Republic Bank
August 02, 2012 | User Error
Abstract
Specifically, on August 2, 2012, certain data were discarded in a way that did not adhere to our strict data disposal requirements. This data included client names, account types and numbers and tax payer identification/social security numbers. While we do not have any indication that your data, or any data, have been compromised in any way, we want to make you aware of this so that we can take steps together to ensure continued protection of your account(s). We have also enhanced our controls regarding the protection of client data.January 21, 2012 | Breach
Abstract
Global Payment's electronic security was breached during the period between January 21, 2012 and February 25, 2012. As a result of this breach, your name and debit card number and your encrypted personal identification number (PIN number) were acquired by unauthorized persons.Fusion Management Services, LLC
Abstract
On or about March 27, 2020, Fusion Management Services, LLC and each other U.S. subsidiary of Fusion Connect, Inc. (collectively, “Fusion”) discovered that an unauthorized third party gained access to certain Fusion servers and systemsFoxit Software
Abstract
Foxit has detected that unauthorized access to some of its data systems has taken place, including access to its “My Account” user account data. This means, that data you have entered on our website when signing up for our services has likely been accessed by hackers.Fresno Unified School District
Abstract
On July 5, 2017, Fresno Unified contacted the Gilroy Police Department to confirm the arrest of three individuals in Gilroy, California, who were in possession of unauthorized personal information of Fresno Unified employees. On July 6, 2017, it was confirmed that the personal information obtained included that of 53 employees, retirees and their dependents and the information obtained was a few years old. On July 10, 2017, the Clovis Police Department arrested a separate individual in Clovis, California, who was in possession of unauthorized personal information related to Fresno Unified employees, retirees and their dependents.Flurish Inc. dba LendUp
Abstract
On July 5, 2017, Fresno Unified contacted the Gilroy Police Department to confirm the arrest of three individuals in Gilroy, California, who were in possession of unauthorized personal information of Fresno Unified employees. On July 6, 2017, it was confirmed that the personal information obtained included that of 53 employees, retirees and their dependents and the information obtained was a few years old. On July 10, 2017, the Clovis Police Department arrested a separate individual in Clovis, California, who was in possession of unauthorized personal information related to Fresno Unified employees, retirees and their dependents.Flora Springs Winery & Vineyards
Abstract
Our consumer direct sales systems provider, Missing Link Networks, Inc., notified us on May 29, 2015 of a security incident involving credit and debit card data.Fast Forward Academy, LLC
Abstract
We were recently notified that an unauthorized person attempted to access our systems. These systems store customer information such as names, addresses, payment account numbers, and/or email addresses.Flamingo Resort and Spa
Abstract
Within the last month the Flamingo Resort and Spa discovered a virus on the payroll computer which could have allowed a hacker to access personal information, such as your social security number, date of birth, home address, phone number and bank routing numbers (if you do direct deposit for your pay checks). The Flamingo Resort and Spa is taking further measures to ensure this will not happen in the future.First Data
Abstract
We are writing to inform you of a recent administrative oversight involving the personal information of approximately 15,399 California residents. On April 25, 2012, the Privacy Office at First Data Corporation (“First Data”) learned that certain limited personal information about approximately 108,500 merchants who currently process with First Data or who applied for processing services had been shared outside of the company.G
Greater Baltimore Medical Center
December 6, 2020 | Ransomware
Abstract
On the morning of Sunday, December 6, 2020, GBMC HealthCare detected a ransomware incident that impacted information technology systems. Although many of our systems are down, GBMC HealthCare has robust processes in place to maintain safe and effective patient care. We are collectively responding in accordance with our well-planned process and policies for this type of event.Grass Valley USA, LLC
November 18, 2020 | Unauthorized Access
Abstract
On November 18, 2020, Grass Valley USA, LLC and its worldwide affiliates (“Grass Valley”) were made aware of a data security incident affecting its former owners, the Belden group. Grass Valley was owned by Belden until July 2020. Belden continues to provide IT, HR and other services for Grass Valley pursuant to the terms of Grass Valley’s divestiture. On the evening of November 12, 2020, Belden IT professionals detected unusual activity involving certain company servers. Belden has reported to Grass Valley that upon detection of this activity, Belden immediately triggered its cybersecurity incident response plan, deployed teams of internal IT specialists, and engaged leading third-party cybersecurity forensic experts and other advisors to identify the scope of the incident and move quickly to mitigate the impact. According to Belden, forensics experts determined that Belden was the target of a sophisticated attack by a party outside the company. We understand that Belden learned on or about November 15, 2020 that the outside party accessed servers that contained, among other things, personal information of various individuals. Belden informed Grass Valley upon becoming aware that Grass Valley’s current and some former employees were affected by the incident.Abstract
On November 18, 2020, Grass Valley USA, LLC and its worldwide affiliates (“Grass Valley”) were made aware of a data security incident affecting its former owners, the Belden group. Grass Valley was owned by Belden until July 2020. Belden continues to provide IT, HR and other services for Grass Valley pursuant to the terms of Grass Valley’s divestiture. On the evening of November 12, 2020, Belden IT professionals detected unusual activity involving certain company servers. Belden has reported to Grass Valley that upon detection of this activity, Belden immediately triggered its cybersecurity incident response plan, deployed teams of internal IT specialists, and engaged leading third-party cybersecurity forensic experts and other advisors to identify the scope of the incident and move quickly to mitigate the impact. According to Belden, forensics experts determined that Belden was the target of a sophisticated attack by a party outside the company. We understand that Belden learned on or about November 15, 2020 that the outside party accessed servers that contained, among other things, personal information of various individuals. Belden informed Grass Valley upon becoming aware that Grass Valley’s current and some former employees were affected by the incident.GenRx Pharmacy
September 27, 2020 | Ransomware
Abstract
On September 28, 2020, GenRx found evidence of ransomware on our system and immediately began an investigation, including hiring independent information security and technology experts to assist with incident response and forensic investigation. In a ransomware attack, cybercriminals attempt to disrupt the business by locking the business out of its own data. During the ransomware attack against GenRx, we had full access to all data with unaffected backups, and we were able to maintain continuous business operations as we investigated.Glofox Inc.
September 26, 2020 | Unauthorized Access
Abstract
On Saturday 14th November, we became aware that an unknown third party had gained unauthorised access to some user data, including names, email addresses, phone numbers, hashed/scrambled passwords, and other optional information like date of birth. No plain text passwords have been exposed.Golden Gate Regional Center
September 23, 2020 | Ransomware
Abstract
On September 23, 2020, GGRC detected unusual activity in its network environment consistent with a ransomware incident. Ransomware incidents typically involve an unauthorized actor gaining access to an entity’s network and deploying malware that encrypts the entity’s files, making them inaccessible. The unauthorized actor then commonly demands a ransom payment in exchange for the key to decrypt the entity’s files. Once GGRC discovered this incident, GGRC disabled its network, secured its systems, immediately began an investigation, and worked to restore operations and data access from backups. GGRC also engaged a leading, independent computer forensics firm to determine what happened and whether sensitive information may have been accessed or acquired by an unknown actor during the incident. Based on preliminary findings of the computer forensics firm, it was determined on October 5, 2020, that certain information belonging to the individuals we serve was acquired by an unknown actor.GAIN Capital Group, LLC
April 14, 2020 | Server Compromise
Abstract
On May 15, 2020, GAIN concluded its investigation of an incident involving some of our systems. GAIN first learned of suspicious system activity on April 15, 2020, during a routine review of login activity. Upon identifying the suspicious activity, GAIN immediately started an investigation with the assistance of a leading cyber security firm. Through this investigation, GAIN determined that an unauthorized party may have accessed some of our computer servers between the dates of April 14, 2020 and April 18, 2020. Upon learning of this, GAIN secured the involved servers and took them offline.Genworth
April 1, 2020 | Unauthorized Access
Abstract
On April 20, 2020, we identified unauthorized access to a select few online producer accounts, due to compromised login credentials. The unauthorized access provided access to documents containing your information.Grimaldi Center for Wellness and Aesthetics
February 20, 2020 | Insider Threat
Abstract
On March 11, 2020, our office was performing a routine audit when we noticed that a former employee, who quit on March 2, 2020, had accessed our electronic medical record system after she had quit. Her access was revoked on March 3, 2020. Upon discovery, the office immediately performed a thorough audit to determine what information she viewed. While we do not know if she retained your medical information, through an audit of her activity we believe she may have downloaded your medical information. The employee believed she was authorized to access your information in order to file a report with a regulatory agency. Out of an abundance of caution, we are informing you of this event.Georgia Southern University
February 7, 2020 | Ransomware
Abstract
Blackbaud is a cloud-based software company that provides services to thousands of schools, hospitals, and other nonprofits. On July 16, 2020, Blackbaud notified us that it had discovered an attempted ransomware attack on Blackbaud’s network in May 2020. Blackbaud reported that it conducted an investigation, determined that backup files containing information from its clients had been taken from its network, and an attempt was made to encrypt files to convince Blackbaud to pay a ransom. Blackbaud paid a ransom and obtained confirmation that the files removed from its systems had been destroyed. The time period of unauthorized access was between February 7 to May 20, 2020. Blackbaud reported that it has been working with law enforcement.General Electric Company
February 03, 2020 | Email Compromise
Abstract
We were notified on February 28, 2020 that Canon had determined that, between approximately February 3 - 14, 2020, an unauthorized party gained access to an email account that contained documents of certain GE employees, former employees and beneficiaries entitled to benefits that were maintained on Canon’s systems.Golden Valley Health Centers
October 25, 2019 | Email Compromise
Abstract
On March 3, 2020, we determined that your information may have been contained in an email account that was accessed by an unknown, unauthorized third party. After identifying potentially suspicious activity, our IT staff immediately began an investigation and engaged computer forensic experts to determine if any information was impacted.Good Samaritan Hospital, Inc
October 22, 2019 | Phishing
Abstract
On November 4, 2019, Good Sam became aware of a potential compromise to several of its email accounts as a result of a targeted email phishing campaign that occurred over several days. During the course of this phishing campaign, Good Sam employees began receiving fraudulent emails that appeared to be from a known contact. These fraudulent emails contained a link to a malicious website that was designed to steal email account credentials. Upon discovery, Good Sam swiftly blocked access to the malicious website. Additionally, Good Sam immediately took steps to secure the affected accounts, which included resetting the passwords required to access the affected employee email accounts and implementing additional email and network security measures. Further, Good Sam promptly began investigating the incident with the support of a third-party expert forensics firm. Following progress by experts in their thorough investigation, it was ultimately determined that several employee email accounts experienced unauthorized access between October 28, 2019 and November 8, 2019 as a result of the above-referenced phishing campaign.Good Samaritan Hospital, Inc.
October 22, 2019 | Phishing
Abstract
On November 4, 2019, Good Sam became aware of a potential compromise to several of its email accounts as a result of a targeted email phishing campaign that occurred over several days. During the course of this phishing campaign, Good Sam employees began receiving fraudulent emails that appeared to be from a known contact. These fraudulent emails contained a link to a malicious website that was designed to steal email account credentials. Upon discovery, Good Sam swiftly blocked access to the malicious website. Additionally, Good Sam immediately took steps to secure the affected accounts, which included resetting the passwords required to access the affected employee email accounts and implementing additional email and network security measures. Further, Good Sam promptly began investigating the incident with the support of a third-party expert forensics firm. Following progress by experts in their thorough investigation, it was ultimately determined that several employee email accounts experienced unauthorized access between October 28, 2019 and November 8, 2019 as a result of the above-referenced phishing campaign.GoDaddy.com LLC
October 19, 2019 | Server Compromise
Abstract
We recently identified suspicious activity on a subset of our servers and immediately began an investigation. The investigation found that an unauthorized individual had access to your login information used to connect to SSH on your hosting account. We have no evidence that any files were added or modified on your account. The unauthorized individual has been blocked from our systems, and we continue to investigate potential impact across our environment.Gazelle Transportation, LLC
September 01, 2019 | Server Compromise
Abstract
After noticing some unusual activity on our network, on September 24, 2019, we hired a specialized forensic IT firm to investigate. On September 25, 2019, the specialized forensic IT firm determined that there was unauthorized access to our servers. There is no evidence that any information was actually removed from Gazelle’s system. However, we are notifying everyone whose information was on our system out of an abundance of caution.GFS, Inc.
August 13, 2019 | Computer Compromise
Abstract
On August 20, 2019, GFS became aware of suspicious activity relating to one of our office computers. We immediately launched an investigation and have been working diligently, with the assistance of a third-party computer forensic investigator, to determine the full nature and scope of this incident. Our investigation determined that an unauthorized actor gained unauthorized access to one of our office computers between August 13 and August 22, 2019. Although our investigation did not find any evidence that your personal information stored in our system was viewed or taken by the unauthorized actor, we will not be able to rule out that this could have happened, and we wanted to make you aware in an abundance of caution.Greenworks Tools
July 14, 2019 | Website Compromise
Abstract
On or about June 3, 2020, Greenworks discovered suspicious activity related to its online e-commerce website, www.greenworkstools.com. Greenworks immediately began working with third-party forensic investigators to determine what happened and what information may have been affected. Greenworks also took steps to implement additional procedures to further protect the security of customer debit and credit card information on our website. You can safely and securely use your payment card on our website.On August 14, 2020, the third-party forensic investigators confirmed that Greenworks was the victim of a sophisticated cyber-attack that may have resulted in a compromise to some of our customers’ credit and debit cards used to make purchases on our e-commerce website between July 14, 2019 and June 30, 2020. Greenworks took steps to confirm the identity of the customers whose personally identifiable information may have been impacted. If you entered your payment card information onto our ecommerce website between July 14, 2019 and June 30, 2020 your payment card information may have been impacted. On August 20, 2020 our investigation identified the customers that may have been affected by this incident.
Green Roads of Florida, LLC
July 09, 2019 | Website Compromise
Abstract
Green Roads of Florida, LLC has discovered that certain customer and credit card information from orders placed on the greenroadsworld.com website between July 9, 2019 and October 9, 2019 were potentially compromised. Upon learning of this incident, Green Roads immediately launched an investigation. It was determined that the root cause of the incident was a compromised Administrator account in the web server of our outsourced hosting provider.Golden Entertainment, Inc.
May 30, 2019 | Phishing
Abstract
Our investigation into an email phishing incident determined that an unauthorized individual obtained access to some employees’ email accounts. Upon first learning of the incident, we immediately took steps to secure the email accounts, launched an investigation, and a cybersecurity firm was engaged to assist. Findings from our investigation indicate that an unauthorized individual obtained access to the email accounts at various times between May 30, 2019 and October 6, 2019.Gary W. Peer, M.D.
March 13, 2019 | System Compromise
Abstract
On March 14, 2019, we determined that an unauthorized individual may have gained access to our patient file system on March 13, 2019. We immediately took steps to secure the system and began an investigation. We were unable to determine which files, if any, were affected by the incident. Thus, out of an abundance of caution, we are notifying all current and past patients.Gardner Family Health Network
February 19, 2019 | Physical Intrusion
Abstract
I am writing to inform you about a possible breach that occurred on February 19, 2019 affecting 5,064 patients involving the Optometry Records Room at the Gardner St. James Clinic.On February 19, 2019 we were notified that an unauthorized individual entered the records room. As a result of this incident it is possible your information may have been compromised.
Girl Scouts of Orange County
September 30, 2018 | Email Compromise
Abstract
On Sunday, September 30, 2018, we became aware that an unauthorized third party illegally gained access to our email account [email protected]. This third-party did not appear to gain access to any other GSOC email accounts or our computer network, servers, or other systems. This third-party then used this email account to send emails to others. Upon confirming the breach, our IT services provider immediately changed the password to the account and confirmed that the account was secure.Graeter’s Ice Cream Company
June 28, 2018 | Website Compromise
Abstract
We were recently made aware by the payment card networks of patterns of unauthorized charges occurring on cards after they were legitimately used on Graeter’s website, https://www.graeters.com. In response, we launched an investigation with assistance from a cybersecurity firm. On December 17, 2018, our investigation identified unauthorized code that had been added to the checkout page on our website. Findings from the investigation indicate that the code may have been present from June 28, 2018 to December 17, 2018, and capable of copying information entered by customers during the checkout process.Gold Coast Health Plan
June 18, 2018 | Phishing
Abstract
GCHP recently discovered that it suffered a phishing email attack that had compromised an employee email account and resulted in potential disclosure to an unauthorized third party of your health information. Our investigation indicates that your information was contained in an attachment to one or more of the compromised emails.Golden 1 Credit Union
April 07, 2018 | Breach
Abstract
On April 24, 2018, we discovered your payment card information and personal identification number (PIN) may have been compromised during its usage at an ATM machine at a Golden 1 branch in Roseville. Once discovered, our Security team responded appropriately, safeguarding your accounts as further highlighted in this letter.August 04, 2017 | Skimming
Abstract
On August 4, 2017, we discovered that three illegal skimmer devices had been installed on ATM machines at Golden 1 branch locations in Sacramento, El Dorado, and Placer Counties. After immediately initiating an investigation, we determined that the hidden cameras used to capture PIN numbers had also been installed on these ATMs.April 07, 2015 | Insider Threat
Abstract
We have discovered that a person employed by us from early April to mid-June of this year appears to have engaged in unauthorized activity involving a small number of member accounts. The personal information available for viewing by this person included full name, social security number, driver’s license number and other financial information. Our records indicate that this person viewed your account, most likely as part of their job duties.Global University
December 31, 2017 | Misconfiguration
Abstract
On February 1, 2018, Global learned of the potential exposure of certain information related to current and former Global students. Global immediately launched an investigation and began working with third-party forensic investigators to confirm the nature and scope of the incident. Through this investigation, Global determined on February 23, 2018, that a database containing information related to current and former Global students was misconfigured and accessible to the Internet from December 31, 2017 to January 31, 2018. On or around March 21, 2018, Global confirmed the identities of the individuals who may have had information accessible as a result of the misconfigurationGordon Schanzlin New Vision Institute
October 25, 2017 | Files Lost
Abstract
On June 15, 2018, Gordon Schanzlin became aware of a U.S. Postal Inspection Service raid of a house in the Southern California area that occurred on June 14, 2018. As a result of the raid, a box containing medical records related to certain Gordon Schanzlin clients was recovered from the occupants of the house. After learning of this incident, Gordon Schanzlin launched an internal investigation to determine the nature and scope of this event and to ascertain who may be impacted by this incident. Though the investigation into this incident is still ongoing, Gordon Schanzlin believes the incident may be related to unauthorized entry in October 2017 into a storage unit where your information was located. Gordon Schanzlin is fully cooperating with law enforcement as their investigation continues.GreatBanc Trust Company
October 23, 2017 | Phishing
Abstract
For the first time in our history, during the week of October 23, 2017, we received indication that one of our computers was improperly accessed as the result of an email phishing scam. We immediately began an investigation and hired a computer forensic specialist to assist us. The investigation revealed that an unauthorized third party accessed one of our email accounts. The unauthorized third party created an email folder and attempted to direct emails relating to "wire transfers" to the account. We have no evidence to suggest that any emails in the account were copied or transferred. We then retained counsel experienced in data breach to assist us with complying with regulatory requirements. Despite having no indication that individual emails were accessed, we were advised that we needed to undertake a comprehensive review of all of the information contained in the email account to ascertain if any personal information could have been accessed.Gary W Janke
September 26, 2017 | Computer Stolen
Abstract
On the night of September 26, 2017, a thief broke into the back of the office building in Northridge, California. The building security alarms went off and the Los Angeles Police Department was dispatched. There is video of the thief in the offices and prints were recovered. However, before the first officers arrived, the thief stole a number of items from various offices in the building. Unfortunately, he stole two old computers from my offices. The computers contained tax information from 2012 and prior year tax returns that I had prepared.GS1 US, Inc.
July 07, 2017 | Unauthorized Access
Abstract
Specifically, we have learned that an unauthorized third party may have obtained access to your personal information. While our system does not store payment card information, the unauthorized third party may nonetheless have been able to access and acquire the information used to pay for purchases in our online store. The potential incident was limited to the time period between approximately July 7, 2017 and October 2, 2018, and was discovered on October 1, 2018. This notification was not delayed as a result of a law enforcement investigation.Gallagher NAC
June 18, 2017 | Database Compromise
Abstract
On September 21, 2017, our system monitoring tools identified unusual activity relating to a database within our network that is tied to a web application used by customers. We disabled the web application and immediately launched an investigation to determine the nature and scope of this activity. A leading third-party forensic investigation firm was retained to assist with our own internal investigation. Although the investigation is ongoing, we determined on October 6, 2017 that there was evidence a small amount of data left our system between June 18, 2017 and September 19, 2017. As we cannot determine the contents of this data, we cannot rule out that this data included personal information relating to [Data Owner] members stored in the database.Guaranteed Rate, Inc.
June 09, 2017 | Phishing
Abstract
In response to email phishing targeting Guaranteed Rate employees and other suspicious activity, we launched an investigation with the assistance of a leading outside computer forensics expert. On or around September 13, 2017, we confirmed a limited number of company email accounts were accessed by unknown actors as the result of these phishing attacks. We then began a thorough review of the email accounts to identify individuals whose personal information was affected. This process has been ongoing and we confirmed on or around January 7, 2018 the individuals impacted and the types of personal information that were affected. Based on our investigation, we have reason to believe that your personal information was viewed and/or downloaded by these unknown actors at some time between June 9 and October 2, 2017.Gracenote, a Nielsen Company
May 18, 2017 | Laptop Stolen
Abstract
A laptop belonging to a Gracenote employee was stolen from a vehicle in the California Bay Area on May 18, 2017. During the course of our investigation, we learned that the laptop may have contained personal information, including contact information (e.g., name, work email, address), as well as government identification numbers for current and former Gracenote associates. While we have no evidence to suggest that your personal information has been misused or will be in the future, we are taking this matter very seriously and believe you should too.Gannett Company, Inc
March 28, 2017 | Phishing
Abstract
On Thursday, March 30, 2017, we discovered that several members of our HR department were victims of a phishing attack that compromised their Office 365 account login credentials, including their Gannett email. The perpetrator used those credentials to send further phishing emails from some of the impacted personnel’s accounts, and also attempted to use an account for a fraudulent corporate wire transfer request. This attempt was identified by our finance team as suspicious and was unsuccessful.GolfTec Enterprises, LLC
March 02, 2017 | Service Compromise
Abstract
You are receiving this letter because GOLFTEC was victim of a recent security breach at your specific GOLFTEC Center and your credit card information was potentially compromised. These were in-center transactions and no online transactions were affected.Genpact International, Inc.
January 12, 2017 | User Error
Abstract
Genpact, a service provider to Scottrade Bank and other equipment finance companies working with Scottrade Bank, recently became aware that it had uploaded a data set to one of its cloud servers on January 12, 2017 that did not have all the security protocols in place. As a result, the data was not fully secured from January 12, 2017 to April 2, 2017.Goldenvoice, LLC
September 01, 2016 | Website Compromise
Abstract
This incident relates to the unauthorized and illegal acquisition, by criminal hackers, of certain information collected in connection with the 2016 Coachella Music and Arts Festival and through the Coachella.com website. The criminal hackers are believed to have accessed this information during the period of September 2016 to February 2017. As soon as we became aware of the security incident, we immediately opened an investigation, notified law enforcement and engaged a leading forensic IT firm. Shortly thereafter, the security vulnerability was remediated and the security incident has been fully contained.Google Inc.
August 10, 2016 | Third Party
Abstract
A company named Sabre Hospitality Solutions operates the SynXis Central Reservations system (CRS), which facilitates the booking of hotel reservations made by individuals and companies, such as Google, through travel agencies. Sabre discovered unauthorized access to an internal account in the SynXis CRS. Following an investigation, Sabre notified CWT, which uses the SynXis CRS, that an unauthorized party gained access to personal information associated with certain hotel reservations made through CWT. CWT subsequently notified Google about the issue on June 16, 2017, and we have been working with CWT and Sabre to confirm which Google travelers were affected.March 29, 2016 | Third Party
Abstract
We recently learned that a third-party vendor that provides Google with benefits management services mistakenly sent a document containing certain personal information of some of our Googlers to a benefits manager at another company. Promptly upon viewing the document, the benefits manager deleted it and notified Google’s vendor of the issue. After the vendor informed us of the issue, we conducted an investigation to determine the facts.GameStop, Inc.
August 10, 2016 | Website Compromise
Abstract
After receiving a report that data from payment cards used on www.GameStop.com may have been obtained by unauthorized individuals, we immediately began an investigation and hired a leading cybersecurity firm to assist us. Although the investigation did not identify evidence of unauthorized access to payment card data, we determined on April 18, 2017 that the potential for that to have occurred existed for certain transactions.Graphik Dimensions Ltd.
July 12, 2016 | Website Compromise
Abstract
On or around November 9, 2016, Graphik Dimensions was advised that it was identified as a common point of purchase for credit card fraud. We began an investigation and discovered that an unidentified third party had injected malicious code into the pictureframes.com e-commerce platform. The malicious code enabled the unidentified third party to acquire credit card information while the purchase took place. Our investigation revealed that this exploit existed between July 12, 2016 and November 30, 2016. We have removed the malicious code from the affected system, and continue to take steps to ensure the security of our systems.Gil Moore Oil Company
December 02, 2015 | Unknown
Abstract
TBDBGyft, Inc.
October 03, 2015 | Third Party
Abstract
Beginning on October 3 and continuing through December 18, 2015, an unknown party accessed without authorization two cloud providers used by Gyft. This unknown party was able to view or download certain Gyft user information stored with these cloud providers and make a file containing some of that user information.George Hills Company, Inc.
September 03, 2015 | Third Party
Abstract
Systema Software is a third party service provider to GHC that provides and hosts a website application for claims management. Systema Software notified GHC on September 9, 2015, that a security researcher contacted Systema Software because he had identified a configuration in the website application that allowed him to gain access to a temporary data backup of claims databases. Systema Software was able to immediately correct the permissions for the application and eliminate the issue.Gallant Risk & Insurance Services, Inc.
April 04, 2015 | Laptop Stolen
Abstract
We are writing to inform you of a recent security incident that may have resulted in the disclosure of your personal information. Although we believe misuse of your information is highly unlikely, this letter contains information about steps you can take to protect your information, and resources we are making available to help you.Godiva Chocolatier, Inc.
October 16, 2014 | Laptop Stolen
Abstract
On October 16, 2014, we learned that a suitcase was stolen from a rental car that a human resources employee was using to visit Godiva’s retail stores that day. The suitcase contained the employee’s personal items and the laptop provided to the employee by Godiva. Once the employee discovered that the suitcase was missing from the car, law enforcement and Godiva were immediately notified. Godiva immediately began an investigation to determine what information was contained on the laptop. A password is required to log-in to the laptop, but the hard drive was not encrypted. The nature of the employee information on the laptop may vary with regard to the Company’s different employees, but it may have contained your name, address, and Social Security number. To date, the laptop has not been returned or found.Abstract
On or around April 15, 2013, Godiva received a letter from a private individual’s counsel alerting Godiva that the individual’s son found a flash drive in New York City that appeared to contain sensitive information about Godiva. At Godiva’s request, the individual promptly returned the flash drive to Godiva with the drive contents apparently intact. Subsequently, and at Godiva’s request, both the lawyer and the individual who returned the flash drive confirmed that, to their knowledge, no one had copied or otherwise improperly used any of the information contained on the flash drive.Geekface LLC
August 05, 2014 | Server Compromise
Abstract
On or about August 5th, 2014, an intruder illegally gained access to a Geekface LLC server. The data accessed included personal information such as names, addresses, birth dates, usernames and passwords, and social security numbers. The data accessed did not include any account numbers, credit or debt card numbers or other financial information.GlamGlow LLC
May 18, 2014 | Website Compromise
Abstract
We recently became aware that an unauthorized party accessed the glamglowmud.com website and acquired certain personal information of some of our customers. After learning of the issue, we launched an investigation and retained outside experts to help us understand the nature and scope of the issue. Based on the investigation, we believe the incident occurred between September 19 and September 21, 2014 and May 12 and May 15, 2015. The affected information may have included names; addresses; telephone numbers; payment card numbers, expiration dates and security codes; email addresses; and GlamGlow account passwords.Green’s Accounting
April 06, 2014 | Server Stolen
Abstract
We are sorry to report that our firm was burglarized on Sunday, April 6, 2014. We believe at least two persons were involved, and they gained access into our office by breaking the back window with a rock and climbing through the window into the premises.The individual or individuals involved targeted some of our hardware ...
ground(ctrl)
March 08, 2014 | Network Compromise
Abstract
Recently, an unauthorized person gained access to part of our computer network that supports the websites we operate.Gingerbread Shed Corporation
November 25, 2013 | Unauthorized Access
Abstract
We are writing to notify you that as a result of an incident by an unauthorized third party, your personal information may have been compromised. Specifically, we have learned that an unauthorized third party may have obtained access to the personal information of our customers, which may have included names, addresses, telephone numbers, ...Green Tree Servicing, LLC
September 17, 2013 | Server Compromise
Abstract
I am writing to explain a recent security incident that may involve your personal information. Green Tree Servicing LLC (“Green Tree”) has learned that personal information relating to some customers may have been accessible in a security incident involving potential unauthorized access to certain computer applications residing on servers operated on behalf of Green Tree. The personal information that may have been accessible in the incident includes your name, Social Security number or other personal information included on mortgage forms. We wanted to reach out to inform you of what we are doing to protect you and what you can do to protect yourself.Gotickets, Inc.
May 22, 2012 | Website Compromise
Abstract
Pending the final results of our investigation, it appears that an unknown, outside group or individual improperly accessed www.gotickets.com’s database possibly exposing some of our customers’ sensitive information, including shipping, billing and credit card data related to purchases made through www.gotickets.com. We believe this improper access occurred on or around May 22 and May 30, 2012. Although we are not certain that your sensitive information was affected, as a precaution, we are advising you to keep a close eye on this account’s activity.Gonzalez CPA
Abstract
Beginning in March 2020, I learned that a limited number of my clients had experienced fraudulent tax filings. Upon learning of this fraud, I hired an independent computer forensic investigator to determine if there was a compromise of my network. To date, the forensic investigators have found no suspicious activity on my systems. We have asked our tax software provider to launch their own investigation as well. Our forensic investigation is ongoing, and I don’t yet know whether any of your information was compromised, but I wanted to let you know before the investigation is complete so you can take steps to protect yourself.Gallagher Bassett Services, Inc.
Abstract
I write on behalf of Gallagher Bassett Services, Inc. (“Gallagher Bassett”) , and certain of its customers, regarding a security incident that occurred when an individual named Spyros Panos, a physician whose license had been revoked, impersonated a licensed physician and conducted peer reviews for worker’s compensation claims from approximately September 2013 to March 2014 and from November 2016 to August 2017. See U.S.A. v. Panos, No. 7:18-mj02963-UA-1 (S.D.N.Y. 2018) (Doc. 2).Gemstone Vineyards
Abstract
our consumer direct sales systems provider, Missing Link Networks, Inc., (“Missing Link”) notified us on May 27, 2015 of a security incident involving credit and debit card data. Missing Link has advised us that during the window of April 1, 2015 to April 30, 2015, a third party might have gained access to certain personal information, including customer names, card numbers, related payment addresses, passwords, and dates of birth.Goodwill Industries of Sacramento Valley and Northern Nevada, Inc.
Abstract
In July, Goodwill Industries International, on behalf of its members, announced that some Goodwill members' store locations may have been affected by a data security issue.Global Payments Inc.
Abstract
Global Payments’ ongoing investigation into a security event recently revealed potential unauthorized access to servers containing personal information collected from a subset of merchant applicants. This data may have included your name, social security number and business bank account number designated for the deposit of merchant processing proceeds.H
H.N.R. Clark, Inc.
September 1, 2020 | Third Party
Abstract
On October 13, 2020, we were notified by our tax software provider, Lacerte Intuit, that H.N.R. Clark was the victim of a cyber-security incident, resulting in some tax returns pertaining to our clients being fraudulently filed. To date, we are aware of approximately 52 tax returns fraudulently filed. If your tax return was among these 52 tax returns, we already notified you.Havenly, Inc.
June 25, 2020 | Unauthorized Access
Abstract
Havenly, Inc. recently learned that an outside individual gained unauthorized access to a database containing the usernames and hashed passwords of Havenly users. Based upon the findings from an independent forensic investigation, we believe this potential incident may have occurred on or around June 25, 2020.Hoag Clinic
June 5, 2020 | Laptop Stolen
Abstract
On June 5, 2020, we discovered that on that same day, a Hoag Clinic-issued laptop was stolen from a staff member’s vehicle at a worksite parking lot in Newport Beach. The laptop contained certain protected health information (“PHI”) relating to you. While we do not have any evidence that your information was accessed and/or misused, we are reporting this matter to you with details about the incident and the steps we are taking to protect your information.Hutchison School
May 20, 2020 | Ransomware
Abstract
On September 29, 2020, Hutchison School received notification from Blackbaud that cybercriminals rem oved data from Blackbaud's computer system for the purpose of extorting funds from Blackbaud, one of the world's largest cloud providers of education administration, fundraising, and financial managem ent software, in May 2020. We have been informed by Blackbaud that its independent forensics experts and law enforcement prevented the cybercriminal from fully encrypting files; and ultimately expelled them from Blackbaud's system. Prior to locking the cybercriminal out, the cybercriminal removed a copy of a subset of data from Blackbaud's system. For additional information about this incident and Blackbaud's response, please visit Blackbaud's website, www.blackbaud.com/securityincident.Health Formula Inc.
April 24, 2020 | Website Compromise
Abstract
On June 5, 2020, we learned that payment card information may have been acquired without authorization from our website. We immediately initiated an investigation and engaged a digital forensics firm to assist with the investigation. We also took measures to enhance the security of the site. The investigation confirmed that payment card information was acquired without authorization from our website. On August 20, 2020, we learned that your payment card information was involved.Hospice by the Bay
March 10, 2020 | Email Compromise
Abstract
Hospice by the Bay is committed to patients’ privacy and takes protecting personal information entrusted to us seriously. This commitment extends to notifying individuals if we believe the security or privacy of their information may have been compromised. In light of this, we want to inform you of a recent incident.Hydrocephalus Association
February 7, 2020 | Ransomware
Abstract
We are contacting you regarding this incident with Blackbaud because some of your personal information may have been disclosed. On July 16, 2020, Blackbaud sent an email to HA stating that it had discovered a security incident in May of 2020. Blackbaud determined that an unauthorized third party had removed a copy of certain non-financial data, including data from HA and other Blackbaud clients, at some point between February 7, 2020 and May 20, 2020. Although Blackbaud told us that it believes the data was destroyed after Blackbaud made a payment in response to a demand from the unauthorized third party, we cannot independently confirm the destruction of the data. Blackbaud has provided additional details about this incident on its website.Healthcare Resource Group, Inc.
November 04, 2019 | Email Compromise
Abstract
On December 31, 2019, as part of the investigation of an unrelated event, HRG determined that an employee’s email account was subject to unauthorized access between November 4, 2019 and November 30, 2019. HRG was unable to determine what, if any, emails and attachments within the account were subject to unauthorized access. We were only able to confirm that the email account was subject to unauthorized access. HRG then enlisted the services of a third-party firm to review the contents of the email account in order to determine whether it contained any sensitive information. While the forensic investigation was ongoing, HRG initially notified Barlow of the event on February 6, 2020 and, at that time, stated it could not confirm whether any sensitive information was contained in the email account in question. HRG continued to conduct its forensic investigation and a time-intensive review of the email contents, which concluded on February 27, 2020. On March 11, 2020, HRG affirmatively notified Barlow about the findings from the forensic investigation and requested permission to provide you with notice on their behalf.Hanna Andersson, LLC
September 16, 2019 | Website Compromise
Abstract
Law enforcement recently notified Hanna Andersson that it had obtained evidence indicating that an unauthorized third party had accessed information entered on Hanna Andersson’s website during purchases made between September 16 and November 11, 2019. Although our investigation to date indicates that not all customers who made purchases through our website during that time period were affected, we are notifying all potentially affected customers out of an abundance of caution so that they can take appropriate protective steps.Hospice of San Joaquin
July 02, 2019 | Ransomware
Abstract
On 7/2/2019 at about 12:50pm Hospice of San Joaquin experienced a cyber ransomware attack on its network. The data accessed may have included personal information such as full name, patient ID number, diagnoses, home address and other sensitive information. Though the malicious software accessed our servers, we do not believe, or have any indication your information has been utilized, disseminated or disclosed to unauthorized parties.Hannibal Industries, Inc.
May 27, 2019 | Server Compromise
Abstract
During the afternoon of Memorial Day, Monday, May 27, 2019, Hannibal cecame aware that an unauthorized party accessed data stored on Hannibal's servers. A third party remotely took over our server, including the data on the server, and our website. This third party is currently asking Hannibal for money to release its control over the server, data and the website. A data breach in which the data is held for rensom is not the same as a ransomware attack. Ransomware generally restricts access to the data on infected machines until the ransom is paid. A data breach however is a security incident in which sensitive or confidential data is copied and stolen from the organization. At this point, Hannibal has not discovered any evidence that any data was removed from our servers or otherwise compromised.Historical Emporium, inc
March 02, 2019 | Malware
Abstract
On May 21, 2019 we learned that some unauthorized code (malware) was present in the portion of our website that processes payment card transactions. After researching this, we discovered that the code had been in place since March 2, 2019, and as a result, your personal information may have been exposed and/or stolen during your purchase from our website.Health Net of California and Health Net Life Insurance Company
March 01, 2019 | Programming Error
Abstract
Health Net learned that a variety of letters that we processed between March 1, 2019 and March 12, 2019, were addressed and delivered to incorrect addresses. A coding error caused addresses to become misaligned. This resulted in the letter containing your information to be mailed to the incorrect address.Hematology Oncology Associates, PC
December 18, 2018 | Email Compromise
Abstract
On March 19, 2019, we learned that an unauthorized person gained access to some employee email accounts on December 18, 2018, and between February 22, 2019 and February 28, 2019. We immediately secured the accounts, began an investigation, and hired a computer forensic firm to assist. The investigation was not able to determine which emails and attachments were viewed by the unauthorized person(s).Hot Line Construction, Inc.
October 25, 2018 | Email Compromise
Abstract
In late December 2018, we became aware of unusual activity relating to certain employee email accounts. We quickly began an investigation to determine the nature and scope of the activity. Working with computer forensic investigators, on January 3, 2019, we determined that certain employee email accounts were subject to unauthorized access. Our investigation ultimately confirmed this unauthorized access occurred between October 25, 2018 and November 30, 2018. Because the forensic investigation could not rule out access to emails in the account during this time frame, we undertook a comprehensive review of all of the emails that were present in the relevant accounts at the time of the incident to identify what information was stored within the emails. Although we are unaware of any actual or attempted misuse of your personal information, we are providing you this notification out of an abundance of caution because your information was present in the affected emails.HSBC Bank USA, National Association
October 04, 2018 | Website Compromise
Abstract
HSBC became aware of online accounts being accessed by unauthorized users between October 4, 2018 and October 14, 2018. When HSBC discovered your online account was impacted, we suspended online access to prevent further unauthorized entry of your account. You may have received a call or email from us so we could help you change your online banking credentials and access your account. If you need help accessing your account, please call [Field_47]December 07, 2015 | Third Party
Abstract
We recently became aware of an incident in which HSBC’s mortgage servicing provider sent encrypted and password protected disks, which inadvertently included some of your personal information, to an unauthorized commercial third party (a firm that performs financial analytics). The information was sent between December 7, 2015 and December 8, 2015. Upon review of some of the data, the third party realized the disks included more information than requested and returned all the disks to the mortgage servicing provider. While the third party has attested that HSBC customer data was not loaded, accessed, or viewed by their personnel, HSBC is notifying you out of an abundance of caution. The security of your information is very important to us and HSBC takes this matter very seriously. HSBC has received assurance from our mortgage servicing provider that they have made changes to their processes to avoid future incidents.June 19, 2015 | User Error
Abstract
We recently became aware of an incident where your account details were sent in error to a commercial entity not associated with HSBC. The documentation included your name, account number, property address, loan and payment details. We have been informed that the third party recipient did not view your data and your data has been deleted. HSBC takes this very seriously and the security of your information is very important to us. HSBC would like to offer you a free one-year subscription to a credit monitoring and identity theft protection service; please see enrollment details below. As additional precautions, we recommend that you take the following steps to mitigate your risk of identity theft.HealthEquity, Inc.
September 04, 2018 | Email Compromise
Abstract
On October 5, HealthEquity’s information security team identified unauthorized logins to two HealthEquity team members’ email accounts. We immediately implemented security measures to prevent further access to the accounts, and began analyzing all information contained in these accounts to identify any sensitive personal information. The unauthorized access occurred, in the case of one account, on October 5, and in the case of the other, on different occasions between September 4, 2018 and October 3, 2018.Housing Authority of the County of Alameda (HACA)
September 02, 2018 | Website Compromise
Abstract
On September 4, 2018, HACA discovered that unauthorized access to your personal information occurred sometime between September 2, 2018 and September 3, 2018. Upon discovery of the incident, we immediately commenced an internal investigation. Based on our findings to date, HACA has learned that an unknown third-party broke into a HACA web service using multiple IP addresses and likely a software tool designed to access information on our network server. HACA procured third-party software to assist us with determining what information may have been affected.Health Quest Systems, Inc.
July 11, 2018 | Phishing
Abstract
On October 25, 2019, through our investigation of a phishing email incident, HQ determined that some of your information may have been contained in employee email accounts accessed by an unauthorized party. HQ first learned of a potential incident in July 2018, when numerous HQ employees were deceived by a phishing scheme, which resulted in certain HQ employees being tricked into inadvertently disclosing their email account credentials to an unauthorized party. Upon learning of the incident, the employee email accounts in question were secured and a leading cyber security firm was engaged to assist us to investigate this matter.Hourglass
July 03, 2018 | Website Compromise
Abstract
After learning of a potential issue with our e-commerce website, we began an investigation and subsequently learned that, from approximately July 3, 2018 to January 30, 2019, unauthorized third parties had the ability to access certain information relating to purchases made on our website. You are receiving this letter because our records indicate that you placed an order via the Hourglass website that may have been affected.Humana Inc
May 30, 2018 | Website Compromise
Abstract
On October 25, 2018 Humana’s Privacy Office was notified that Bankers Life discovered a bad actor accessed system credentials belonging to a limited number of Bankers Life employees between May 30 and September 13, 2018. During this period, the an unauthorized bad actor used employee system credentials to gain access to certain secure, Bankers Life websites, potentially resulting in unauthorized access to limited, personal information of individuals who had applied for a Humana health insurance policy through Bankers Life.Hunt Regional Medical Center
May 18, 2018 | Breach
Abstract
On August 14, 2019, Hunt Memorial Hospital District (“HMHD”) determined that your personal information may have been compromised in a cyber attack against Hunt Regional Medical Center (“Hunt”). We initially learned on May 14, 2019, that the information of a small number of our patients was compromised in the targeted cyber attack dating back to May of 2018. During the attack, hackers gained access to patient personal information in what we believed at the time to be a limited area of our network. Our investigation up to that point indicated only a subset of our patients, which did not include you, were affected by this incident. We engaged independent cyber forensics experts to analyze our systems and investigate the full impact of the unauthorized access. During this investigation, we determined that your information also was accessible. Out of an abundance of caution we are notifying all patients whose information may have been impacted. We deeply regret that this has occurred and apologize for any inconvenience or concern caused by this incident.Hammer Nutrition
January 01, 2018 | Breach
Abstract
On August 14, 2019, Hunt Memorial Hospital District (“HMHD”) determined that your personal information may have been compromised in a cyber attack against Hunt Regional Medical Center (“Hunt”). We initially learned on May 14, 2019, that the information of a small number of our patients was compromised in the targeted cyber attack dating back to May of 2018. During the attack, hackers gained access to patient personal information in what we believed at the time to be a limited area of our network. Our investigation up to that point indicated only a subset of our patients, which did not include you, were affected by this incident. We engaged independent cyber forensics experts to analyze our systems and investigate the full impact of the unauthorized access. During this investigation, we determined that your information also was accessible. Out of an abundance of caution we are notifying all patients whose information may have been impacted. We deeply regret that this has occurred and apologize for any inconvenience or concern caused by this incident.HumanGood
September 27, 2017 | Third Party
Abstract
I represent HumanGood, located in Pleasanton, California. This letter is being sent pursuant to California Civil Code § 1798.82 because HumanGood learned on September 27, 2017 that the personal information of 4,844 HumanGood employees who reside in California may have been involved in a data security incident. The information that may have been involved included names, addresses, email addresses, dates of birth, wage information and health information that is maintained by a HumanGood third-party service provider.Hasbro, Inc.
September 15, 2017 | Network Compromise
Abstract
We became aware beginning on or around July 9, 2018 that an unauthorized party obtained access to certain of your personal data in either portions of the email accounts of a limited number of employees or shared network folders on Hasbro servers. The unauthorized access to portions of the email accounts of a limited number of employees occurred at some point between November 19, 2017 an january 5, 2018, and the unauthorized access to shared network folders on Hasbro servers occurred between september 15 and 18, 2017.Hayden, Narey & Persich
July 03, 2017 | Breach
Abstract
While filing returns on extension, we encountered suspicious electronic activity in our tax program with some federal tax returns inexplicably rejected. We immediately contacted our tax filing software company, the IRS, and the Orange County Sheriff’s Department. A law enforcement investigation was commenced and due to the active criminal investigation, a law enforcement notification hold was placed on the matter. On November 28, 2017, law enforcement notified us that the notification hold was lifted.Hamilton Zanze & Company
June 29, 2017 | Laptop Stolen
Abstract
On June 29, 2017, an HZ employee became the victim of a crime when his locked vehicle, together with the car next to it, was broken into while parked in a Whole Foods parking garage. The employee’s work bag, including an HZ password protected laptop, was stolen. The smash and grab burglary was discovered within approximately fifteen minutes of its occurrence and the employee immediately reported the incident to the police and to HZ. The employee’s network and all other IT credentials were immediately disabled, and the laptop was instructed to automatically wipe its contents upon connecting to the internet.Hilderbrand & Clark, CPA
June 14, 2017 | System Compromise
Abstract
After experiencing unusual activity when filing two tax returns on extension, we immediately notified the IRS and had our local IT firm review our system. Further, we hired a specialized forensic IT firm to investigate. On Monday, July 10, 2017, the specialized forensic IT firm determined that there was unauthorized access to our system from a foreign IP address on June 14, 2017. Unfortunately, the forensic IT firm cannot determine which files were accessed so we are notifying everyone whose information was accessible out of an abundance of caution.Hard Rock International
May 17, 2017 | System Compromise
Abstract
Following an examination of forensic evidence, Sabre notified us on June 6, 2017 that an unauthorized party gained access to account credentials that permitted unauthorized access to unencrypted payment card information, as well as certain reservation information, for a subset of hotel reservations processed through its SynXis Central Reservations system. Findings from the investigation show that the unauthorized party first obtained access to payment card and other reservation information on August 10, 2016 and last had access to payment card information on March 9, 2017.Home Box Office, Inc.
May 15, 2017 | Network Compromise
Abstract
In late July 2017, HBO became aware of an incident in which an unauthorized third party claimed to have accessed HBO’s information technology network. We began investigating the incident as soon as we became aware of the potential breach. Our investigation has revealed that an unauthorized third party illegally accessed HBO’s network, including some personally identifiable information about you.Hyatt Hotels Corporation
March 18, 2017 | Unauthorized Access
Abstract
We understand the importance of protecting customer information and securing our systems, and we regret to inform you that we self-discovered signs of and resolved unauthorized access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations between March 18, 2017 and July 2, 2017.August 13, 2015 | Unauthorized Access
Abstract
CHICAGO (January 14, 2016) – Hyatt Hotels Corporation (NYSE: H) has completed its investigation of the previously announced payment card incident. The investigation identified signs of unauthorized access to payment card data from cards used onsite at certain Hyatt-managed locations, primarily at restaurants, between August 13, 2015 and December 8, 2015. A small percentage of the at-risk cards were used at spas, golf shops, parking, and a limited number of front desks, or provided to a sales office during this time period. The at-risk window for a limited number of locations began on or shortly after July 30, 2015.Hampton Jitney, Inc.
February 20, 2017 | Server Compromise
Abstract
On February 22, 2017, we discovered that an unauthorized user recently accessed customer accounts at Hampton Jitney. Upon discovery, we immediately investigated the situation and disabled all internet access to the network server that was the suspected source of the unauthorized access. We hired a reputable computer specialist and law firm with expertise in data breach investigations, to investigate the incident and determine whether personal information of our customers was stolen. We learned that customer information may have been accessed starting on February 20, 2017 until the incident was discovered. We also forced a reset of all passwords of users that may have been affected by the intrusion.Hathaway-Sycamores Child and Family Services
February 03, 2017 | Breach
Abstract
We have recently received reports from several employees who have discovered fraudulent tax filings have been made in their names. We are investigating those reports and we have contacted our cyber security advisers and insurers. So far, we have not discovered a compromise of our computer systems or networks.Hutchinson and Bloodgood LLP
December 21, 2016 | Phishing
Abstract
On December 21, 2016, we learned that a targeted “spear phishing” email was sent to employees of multiple CPA firms, including a Hutchinson and Bloodgood LLP employee. Spear phishing emails are attempts by an individual or group to solicit specific information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or individual. Our review of network activity after the email was opened indicated that there may have been unauthorized access to some company data. In an abundance of caution, we have viewed this as an event requiring disclosure.Hillary Tentler, CPA
November 04, 2016 | Device Lost
Abstract
On November 4, 2016, I discovered that my home was broken into earlier in that day. Upon discovery, I immediately notified the Santa Barbara County Sheriff’s office and a police report was filed. Unfortunately, along with personal effects, the burglars stole three back up hard drives for my practice.Hal Meadows, M.D.
July 27, 2016 | Unauthorized Access
Abstract
On July 27, 2016, Dr. Meadows found that his patient file had been unlawfully accessed. The patient file contained information used for billing ...Hewitt Associates LLC
July 07, 2016 | Third Party
Abstract
The unauthorized access was to a specific group of Irvine Company employees’ personal information within the Core Benefit Administration (CBA) web portal (known to you as BenefitsNow) set up and maintained by Aon Hewitt, a benefits service provider. An unauthorized individual potentially accessed your personal information. We have confirmation that the unauthorized individual accessed 55 records of the 2,892 current or former employees receiving this letter. Since we cannot verify the identity of those 55 impacted employees, we are notifying you at this time of the unlikely, but potential access of your personal information. We sincerely apologize for any inconvenience you might experience as a result of this incident.Harvest Bible Chapel d/b/a Walk in the Word Ministries
June 01, 2016 | Third Party
Abstract
On May 30, 2017, we were notified by our third-party e-commerce provider that an unknown individual may have accessed your credit card, debit card, or checking account information used to donate to WITW on our website. Because we take the security of your personal information very seriously, we are bringing this information to your attention as quickly as prudently possible, so you can take action along with us to hopefully eliminate any potential harm. When WITW became aware of the incident, we immediately took action to ensure the third-party vendor’s system was fixed and secure. At the same time we commenced an investigation to determine what information may have been accessed. We also have notified law enforcement and are cooperating with their investigation.Hume Lake Christian Camps
February 29, 2016 | Phishing
Abstract
On March 4, 2016, we discovered that between February 29, 2016 and March 4, 2016, as a result of a phishing incidnet, an unauthorized third party gained accessed to a Hume Lake employee's email account and, in turn, may have accessed files containing certain personal information.Hi Tec Sports USA, Inc
January 24, 2016 | Website Compromise
Abstract
Hi-Tec received reports from several customers of fraudulent charges appearing on their payment cards shortly after they were used to make a purchase on our Magnum Boots online order page. Hi-Tec immediately began working with the company that developed and maintains its websites. On March 11, 2016, the web developer reported that it had identified unauthorized code that had been inserted into the program that operates its order completion page. Hi-Tec began an analysis to determine when the code was inserted and its functionality. While that analysis was being conducted, Hi-Tec stopped accepting payment cards on its site and engaged a leading computer security investigation firm to assist in the investigation.HealthEquity
December 11, 2015 | User Error
Abstract
On December 14, 2015, we discovered that a HealthEquity employee inadvertently sent an email on December 11 containing some of your personal information to another employer with whom HealthEquity does business with. We took immediate actions to correct it, including confirming that the recipients had deleted the e-mail.Hard Rock Hotel & Casino Las Vegas
October 27, 2015 | Malware
Abstract
After receiving reports of fraudulent activity associated with payment cards used at the Hard Rock Hotel & Casino Las Vegas, the resort began an investigation of its payment card network and engaged a leading cyber-security firm to assist. On May 13, 2016, the investigation identified signs of unauthorized access to the resort’s payment card environment. Further investigation revealed the presence of card scraping malware that was designed to target payment card data as the data was routed through the resort’s payment card system.Honig’s Whistlestop Inc.
March 08, 2015 | Website Compromise
Abstract
On April 9, 2015, we confirmed that our website had been breached. The incident involved an outside source hacking into and accessing certain electronic information that is maintained by Honig’s Whistle Stop, Inc., located in Ann Arbor, Michigan (“Honig’s”). We have determined that the information involved in this incident included customer name, credit or debit card number, card expiration date, CVV, email address, account number, password, billing address and phone number, shipping address, and phone number. This information was in our records due to your purchase of items from Honig’s, either by phone or through our website at https://www.honigs.com/.HEI Hotels & Resorts
March 02, 2015 | Malware
Abstract
HEI was recently alerted to a potential security incident by its card processor. Based upon an extensive forensic investigation, it appears that unauthorized individuals installed malicious software on our payment processing systems at certain properties designed to capture payment card information as it was routed through these systems.Heartland Payroll Solutions, Inc.
February 22, 2015 | Computer Stolen
Abstract
Heartland Payment Systems, Inc. (“Heartland”), was notified on May 8, 2015 that your personal information may have been compromised. An incident occurred at our office in Santa Ana, California. Many items, including password protected computers belonging to Heartland were stolen. One of these computers may have stored your Social Security number and/or bank account information processed for your employer. We have seen no evidence suggesting that the data has been accessed on the stolen computers or used in any way, and we have no reason to believe any such use will occur. We have involved state and federal regulatory and law enforcement agencies to assist us in determining how to proceed with the matter at hand. Heartland continues to monitor the situation carefully and has increased its internal security and review procedures to watch for any unusual activity. We are providing this notice to you out of an abundance of caution so that you can take steps to help protect your information from unauthorized use, such as the steps detailed in the enclosed state notification requirementsHomebridge, Inc.
January 24, 2015 | Malware
Abstract
TBDBHilton Worldwide, Inc.
November 18, 2014 | Malware
Abstract
Hilton Worldwide has identified and taken action to eradicate unauthorized malware that targeted payment card information in some point-of-sale systems. Hilton immediately launched an investigation and has further strengthened its systems.Harmonic Inc.
October 17, 2014 | Laptop Stolen
Abstract
On the evening of October 17, 2014, an unknown person broke into the locked car of a Harmonic employee and took a work bag containing documents and a laptop computer. We have determined that there were email files on the laptop with data and spreadsheets containing personal information about certain current and former Harmonic employees, consultants and affiliates, including names and social security numbers. The laptop was password protected. We currently have no reason to believe the theft was targeting Harmonic or your personal information and we believe the theft was a random crime of opportunity. The theft was immediately reported to the appropriate authorities, and Harmonic has and will continue to cooperate with law enforcement efforts to apprehend the thieves.Hillsides
October 10, 2014 | User Error
Abstract
On December 8, 2015, Hillsides became aware that an employee had sent internal files containing personally identifiable information (PII) and/or protected health information (PHI) to a personal (non-Hillsides) email address. You have received this letter because PII or PHI belonging to either you or your minor child may have been included in these emails. Upon discovery, the employee was terminated for their violation of company policies; however, to date we have been unable to recover the data files from their personal email account or verify whether the files have been deleted. While we have no evidence that any of your personal information has been further disclosed or misused in any manner, we are providing you with notice of the incidents so you can take any precautions you feel are appropriate or necessary.Hard Rock Hotel & Casino
September 03, 2014 | Breach
Abstract
This incident may have allowed criminal hackers access to information about credit or debit cards used at certain Hard Rock Hotel & Casino Las Vegas retail and service locations. The information potentially affected includes names, card numbers, and CVV codes, but does not include PIN numbers or other sensitive customer information.Heartland Automotive Services Inc.
June 24, 2014 | Laptop Stolen
Abstract
I am writing to inform you of an unfortunate situation that has occurred which affects us all. On Tuesday, June 24, 2014, an incident occurred in which a company-owned laptop computer containing some of our personal information including, name, address, date of birth and Social Security number, was stolen. We have no reason to believe that your personal information has been compromised, as the computer in question was password protected.Horizon Healthcare Services, Inc.,dba Horizon Blue Cross Blue Shield of New Jersey, and its affiliates
November 01, 2013 | Laptop Stolen
Abstract
During the weekend of Nvember 1-3, 2013, two password-protected, unencrypted laptop computers that were cable-locked to employee workstations were stolen from our Newark headquarters. We discovered the theft on Monday, November 4, 2013, when employees returned to work and immediately notified the Newark Police Department. We have been working with law enforcement, but to date, have been unable to locate the laptops.Hankyu Chung, M.D.
June 16, 2013 | Laptop Stolen
Abstract
On Monday, June 17, 2013, there was a burglary at our offices at 2039 Forest Avenue. It appears the burglars entered the building complex through an unlocked door and then entered our office space by accessing the crawl space above our office. They did not break through any locked doors or windows. Among the items stolen were two laptops. One of the stolen laptops was used only to access the internet and did not have any patient information on it. However, the other laptop, which was password protected, contained all patient names, dates of birth, and significant medical records including visit dates, complaints, physical examinations, diagnoses, testing and medication information. The burglary was reported to the San Jose Police Department, Report No. 13-168-0169.Harbor Freight Tools USA, Inc.
May 06, 2013 | System Compromise
Abstract
Over the summer, Harbor Freight Tools' payment processing system was illegally attacked by cyber-criminals. The attack was similar to attacks reported by other national retailers. In response, we immediately engaged a leading cyber-security company to investigate and notices were posted in every store and on our website. We blocked the attack and adopted enhanced security measures to make our systems more secure than ever.Health Net, Inc.
April 01, 2013 | User Error
Abstract
On May 3, 2013, Health Net learned of a privacy incident involving a number of its Medi-Cal members. As part of a recent program transition, new plan member identification cards for some members were mailed to an incorrect address.Hutton Hotel
September 19, 2012 | Malware
Abstract
After being alerted to a potential security incident by our payment processor, Hutton Hotel began an investigation of our payment card systems and engaged a leading cybersecurity firm to assist. Findings from the investigation show that unknown individuals were able to install a program on the payment processing system at the Hutton Hotel designed to capture payment card data as it was routed through the system.Healing Touch Day Spa Inc./Whatgreatskin.com
August 28, 2012 | Server Compromise
Abstract
This afternoon at 3:30PM PST, our servers were hit with an organized attack, which was immediately detected by our server administrators. Our server administration team discovered that the following account information may have been compromised: customer names, addresses, and credit card details.HSBC Bank USA National Association
July 27, 2012 | Insider Threat
Abstract
We recently became aware of an incident that occurred in late July 2012 where an employee who resigned from HSBC left with information about your account. The information potentially included your name, phone number, account number, and account type. HSBC takes this very seriously and we believe your personal information may have been exposed to a third party. We recommend that you take steps to mitigate the risk.HelloTech, Inc.
Abstract
On November 15, 2019, we were notified by a neutral party that they had accessed some HelloTech independent contractor data that inadvertently was publicly accessible. We secured the data the same day we were notified. Our investigation determined that the data was publicly accessible until it was secured but hasn’t determined that anyone else accessed it. We are not aware of any misuse of your personal information as a result of this incident.Hair Free Forever
Abstract
Unfortunately, one of our former employees; Nathalie Collins, stole personal and confidential information from our patient’s files and data base, which is a violation of HIPAA and other privacy laws. She has been using this stolen information to contact our patients and we have received several complaints that she is soliciting customers with this protected information.Hudson’s Bay Company
Abstract
As soon as we became aware of a potential issue, we quickly engaged leading data security experts to conduct an investigation. We also have been working with law enforcement authorities and coordinating with the payment card companies. Based on the investigation to date, we understand that, around July 1, 2017, malware began running on certain point of sale systems at potentially all Saks Fifth Avenue, Saks OFF 5TH and Lord & Taylor locations in North America. We have contained the issue and believe it no longer poses a risk to customers shopping at our stores. Not all customers who shopped at the potentially impacted stores during the relevant time period are affected by this issue. We want to reassure affected customers that they will not be liable for fraudulent charges that may result from this matter.Home Point Financial Corporation
Abstract
On March 30, 2017, we learned that an unauthorized individual utilized a phishing scheme and may have gained access to employees' email accounts beginning in November 2016. When we learned of this, we immediately secured the email accounts, reset passwords, and began an investigation.Hand & Upper Extremity Centers dba Hand Rehabilitation Specialists
Abstract
On July 5, 2017, we were informed that there may have been a breach in the security of our network. We immediately reported the notice to the Ventura County Sheriff’s Office, who began a prompt forensic IT investigation into the matter in consultation with the FBI. To date, law enforcement has found no evidence of any information leaving our system. However, unauthorized access could not be ruled out, so out of an abundance of caution, we are providing notice to all individuals who could be potentially affected and providing protective services to those who choose to take advantage of this service.HSX.com
Abstract
HSX.com became aware on May 4th that your personal information may have been accessed without authorization. We are committed to protecting your personal information, and immediately acted as noted below.Holly A Nordhues CPA
Abstract
It is with a heavy heart that I am contacting you to let you know on the evening of November 24, 2015, I learned of a cyberattack to my computer. The cyber attacker tried to get private information about my current and former clients with data on my computer.Heitz Wine Cellars
Abstract
our consumer direct sales systems provider, Missing Link Networks, Inc., (“Missing Link”) notified us on May 27, 2015 of a security incident involving credit and debit card data. Missing Link has advised us that during the window of April 1, 2015 to April 30, 2015, a third party might have gained access to certain personal information, including customer names, card numbers, related payment addresses, passwords, and dates of birth. Missing Link has notified the credit and debit card companies and supplied them detailed information on the affected accounts, and we’ve been assured that these accounts are being monitored for fraud.HSBC Finance Corporation on behalf of its subsidiaries
Abstract
We recently became aware of an incident where personal information about certain customer mortgage accounts was inadvertently made accessible via the Internet which we believe was towards the end of last year. The information available included your name, Social Security number, account number and some old account information, and may have included your phone number. HSBC takes this very seriously and deeply regrets that this incident occurred.Hamner Square Denta
Abstract
On May 10, 2012, in the course, of upgrading to a new imaging and management software called Eaglesoft to better serve you, a representative of one of our dental practice’s business partners, Patterson Dental, visited our offices and, without our knowledge or consent in violation of our policies and procedures in exporting your data for the new systems conversion process had placed an unencrypted USB memory chip containing data from our practice into a sealed envelope and deposited it at a local post office to be sent through the U.S. mail to their technical headquarters. On May 14, 2012, this envelope arrived at its destination with a tear on the side and without the USB memory chip. The representative and this business partner have searched and continue to search for this USB memory chip, but have not located it to date. They believe it is most likely that the memory chip was “squeezed out” of the envelope and the envelope torn when the letter was put through a processing machine at the post office. We were notified by Patterson Dental on May 18, 2012 of this occurrence. SI
II-VI Incorporated
November 19, 2020 | Phishing
Abstract
On November 19, 2020, II-VI discovered a security incident involving unauthorized access to a II-VI employee email account from which a phishing email was sent that included a link to a page where recipients were requested to enter their II-VI account credentials. While II-VI promptly detected and blocked access to the link from its network, a limited number of recipients responded to the phishing email before II-VI blocked the fraudulent link, which may have exposed their credentials to the bad actor. This incident may have resulted in unauthorized access to certain data and file.Indian Health Council
September 22, 2020 | Unauthorized Access
Abstract
On September 22, 2020, we experienced a data security incident that impacted a number of servers and endpoints and disrupted access to certain files on our system. We immediately began an internal investigation and hired independent computer forensic investigators to help us determine what occurred, and whether any information was at risk. The forensic investigator found that an unauthorized actor may have gained access to certain files stored on our system that may have contained some of your PHI.Indian Health Council Inc.
September 22, 2020 | Network Compromise
Abstract
On September 22, 2020, we experienced a data security incident that impacted a number of servers and endpoints and disrupted access to certain files on our system. We immediately began an internal investigation and hired independent computer forensic investigators to help us determine what occurred, and whether any information was at risk. The forensic investigator found that an unauthorized actor may have gained access to certain files stored on our system that may have contained some of your PHI.Imperial Community College District
August 5, 2020 | Account Compromise
Abstract
On August 6, 2020, ICCD became aware of a potential compromise on our computer network. Upon discovery, ICCD swiftly engaged a third-party forensic company to investigate and we dedicated all of our IT and engineering resources to resolve the problem. Following progress by experts in their thorough investigation, it was ultimately determined that, on August 5, 2020, the administrative account of one employee was hacked and compromised by an unknown source, which allowed unauthorized access onto ICCD’s computer network. Upon confirmation of this unauthorized access, ICCD’s third-party forensic experts immediately investigated whether the affected databases contained individuals’ sensitive information. On October 16, 2020, after a thorough investigation, ICCD learned that the unauthorized access may have enabled access to individuals’ personal information. We diligently began reviewing the list to identify any records that contained information that was considered personally identifiable information (“PII”) under state and federal laws and to obtain sufficient contact information to provide you with this notificationInternational Cosmetics & Perfumes
April 29, 2020 | Email Compromise
Abstract
Between April and May 2020, certain email accounts of International Cosmetics & Perfumes’ employees were affected by a business email compromise attack. We learned about the attack following an attempt to divert funds to an authorized account. Upon learning of the incident, we terminated access to the accounts and took steps to mitigate the risks, including engaging local law enforcement and various cyber security experts. We continue to work closely with these experts as we investigate the matter in a safe and timely manner. As a result of our investigation, we have become aware that an unknown actor may have been able to access the personal information on our systems. To date, we have no indication that any personal information beyond the compromised account information was acquired or used.International Cosmetics & Perfumes,
April 29, 2020 | Email Compromise
Abstract
Between April and May 2020, certain email accounts of International Cosmetics & Perfumes’ employees were affected by a business email compromise attack. We learned about the attack following an attempt to divert funds to an authorized account. Upon learning of the incident, we terminated access to the accounts and took steps to mitigate the risks, including engaging local law enforcement and various cyber security experts. We continue to work closely with these experts as we investigate the matter in a safe and timely manner. As a result of our investigation, we have become aware that an unknown actor may have been able to access the personal information on our systems. To date, we have no indication that any personal information beyond the compromised account information was acquired or used.Icahn Automotive Group LLC (“IAG”)
March 13, 2020 | Email Compromise
Abstract
On or about April 6, 2020, we discovered that an unauthorized actor had gained access to an employee’s email account. Promptly after discovering the unauthorized access, access to the employee’s email account was blocked. Our investigation revealed that the actor obtained access to the email account on or about approximately March 13, 2020, and that the access ceased on or before April 4, 2020. We have engaged a forensics firm to determine whether and to what extent information in the account may have accessed or acquired.Institute for Integrative Nutrition
March 3, 2020 | Phishing
Abstract
As a result of a phishing incident, an unauthorized party may have obtained access to one IIN employee email account. A phishing incident is a form of online fraud which involves sending official looking emails from a company to make unauthorized purchases or mislead account holders into providing personal information.Inova Health System
February 7, 2020 | Ransomware
Abstract
On July 16, 2020, Blackbaud notified Inova of a wide-reaching security incident that impacted Blackbaud’s clients across the world. Blackbaud reported to us that they identified an attempted ransomware attack in progress on May 20, 2020. Blackbaud informed us that they stopped the ransomware attack and engaged forensic experts to assist in their internal investigation. That investigation concluded that the threat actor intermittently removed data from Blackbaud’s systems between February 7, 2020 and May 20, 2020. According to Blackbaud, they paid the threat actor to ensure that the data was permanently destroyed.Inglewood Unified School District
November 04, 2019 | Breach
Abstract
El Distrito utiliza el Sistema de Información de Estudiantes Aeries para proporcionar a los estudiantes y a sus padres acceso en línea a información sobre eventos y horarios escolares. A fines de noviembre del 2019, Aeries se enteró de que una persona no autorizada explotó una vulnerabilidad en el software Aeries que permitiría el acceso a la información de los padres y estudiantes. Tras el descubrimiento, Aeries comenzó una investigación y la policía inició una investigación para identificar a la persona responsable, que Aeries cree que ahora está bajo custodia policial. El 27 de abril del 2020, Aeries notificó al Distrito que esta persona pudo haber accedido al Sistema Aeries del Distrito.INTEGRIS Baptist Medical Center, Inc.
October 17, 2019 | Device Lost
Abstract
On October 17, 2019, we learned that a portable hard drive containing patient information went missing during an on-campus office move that occurred shortly before that date. We immediately conducted a thorough search for the hard drive, but were unable to locate it. We were able to locate a backup copy of the hard drive, and as part of our investigation, we thoroughly analyzed the entire contents of the backup hard drive to determine the patient information contained on the missing hard drive.IM Shopping, Inc.
April 24, 2019 | Website Compromise
Abstract
We are writing to notify you of a data security incident related to the Gift Card Mall (“GCM”) website (www.giftcardmall.com), which may have affected your personal information if you interacted with the GCM website between April 24, 2019 and May 21, 2019.Island Restaurants, LP and Champagne French Bakery Cafe
February 18, 2019 | Network Compromise
Abstract
Islands Restaurants was alerted to a potential payment card issue, immediately started an investigation, and took steps to end unauthorized access to our payment card network. A leading computer forensic firm was engaged, and a thorough investigation was conducted to determine what occurred and what restaurant locations and time frames were involved. Islands notified the card networks and provided information to support an investigation by law enforcement.International Rehabilitative Sciences, Inc. dba RS Medical
February 11, 2019 | Unknown
Abstract
TBDBImmediata Health Group Corp.
January 22, 2019 | Misconfiguration
Abstract
In January 2019, Inmediata became aware that some of its member patients’ electronic patient health information was publicly available online as a result of a webpage setting that permitted search engines to index pages that are part of an internal website we use for our business operations. When we became aware of the incident, we immediately deactivated the website and engaged an independent computer forensics firm to assist us. Based on the investigation, we have no evidence that any files were copied or saved. In addition, we have not discovered any evidence that any information that may be involved in this incident has been misused. However, out of an abundance of caution, we are informing you about the incident and providing you with information and resources to assist you.International Agri-Center
November 24, 2018 | Ransomware
Abstract
On November 26, 2018, we observed newly encrypted files within our server environment. Upon discovery of the encrypted files, we immediately engaged a leading cybersecurity forensic investigation firm to assist with decrypting our files, which proved successful when the forensic firm deployed a decryption utility. The forensic firm then investigated the nature and scope of this incident.Impact Mobile Home Communities
October 03, 2018 | Email Compromise
Abstract
On July 3, 2019, Impact MHC became aware of suspicious activity relating to an employee email account. We immediately launched an investigation to determine what may have happened. Working together with a leading computer forensics firm, our investigation determined that an unauthorized individual or individuals accessed several employee email accounts between July 1, 2019 and July 31, 2019. Two of the email accounts were accessed between October 3, 2018 and July 8, 2019.International Vapor Group
June 30, 2018 | Website Compromise
Abstract
We recently learned from our forensic investigators that some credit or debit cards used on directvapor.com or vaprofi.com between January 19, 2018 and June 30, 2018 may have been compromised. From the investigation, it appears an unauthorized individual may have gained access to our e-commerce site and inserted malicious code that occasionally captured credit and debit card information for purchases made through our websites. Credit or debit card information submitted over the phone or purchase made at a retail store were not affected and remain secure. Information at risk includes your name, address, credit or debit card number, expiration date and card verification code.Institute on Aging
May 28, 2018 | Email Compromise
Abstract
We are writing to you because of a recent security incident that occurred on May 28, 2018 at Institute on Aging (“IoA”). An unknown individual gained unauthorized access to some IoA employee email accounts, which may have contained personally identifiable information and/or protected health information.International E-Z UP, Inc.
May 11, 2018 | Website Compromise
Abstract
On or around October 8, 2018, E-Z UP was notified by its credit card processor of suspicious activity related to certain credit cards used in transactions on its website. E-Z UP immediately launched an investigation into this report. Through this investigation, E-Z UP determined that malicious code was inserted into their e-commerce site which captured credit card transactions between May 11, 2018 through August 2, 2018, and transmitted customer payment information to an unauthorized party. The malicious code was removed from E-Z UP’s e-commerce site. Additional security measures were taken to further secure the website and customer payment information. E-Z UP has also been working to identify those customers whose payment information may be affectedInnovative Artists Talent and Literary Agency, Inc.
February 11, 2018 | Computer Stolen
Abstract
At approximately 11:00 p.m. on February 11, 2018, Innovative Artists’ office located at 1505 10th St., Santa Monica, CA 90401 was burglarized. Video footage of the burglar was captured and provided to law enforcement.Inogen, Inc.
December 09, 2017 | Email Compromise
Abstract
Inogen learned on March 14, 2018 that messages within an email account belonging to an Inogen employee may have been accessed without authorization and that some of those messages may have contained some of your family member’s personal information. As soon as we discovered this incident, we took steps to secure your family member’s personal information. We also required all email users to change their passwords and implemented multi-factor authentication for remote email access. Finally, we launched an investigation and engaged a leading forensics firm to determine what happened and whether customer information contained within the email account had been accessed or acquired without authorization. While we have no evidence that your family member’s information has been misused, out of an abundance of caution, we are informing you of the incident and providing you with the resources described in this letter.Indigo Wild
April 17, 2017 | Website Compromise
Abstract
On April 17, 2017, we discovered that malicious code inserted into our website by sophisticated cybercriminals may have stolen copies of personal information submitted to our website at the time of purchase. Our records indicate you made a purchase with us using a debit or credit card during the time from November 14, 2016 through April 17, 2017. While not all personal information submitted during this time period was necessarily affected, out of an abundance of caution, we are notifying you of this incident.International Association of Sheet Metal, Air, Rail & Transport Workers, Sheet Metal Workers’ Local Union No. 104
October 03, 2016 | Third Party
Abstract
On November 16, 2016, we were made aware of a blog post claiming that the author was able to access sensitive member data on October 3, 2016. Immediately after being made aware of the report, we launched an internal investigation to ensure the security of our systems. We also retained third-party forensic while the investigation is ongoing, we have no reason to believe that any member data has been used to engage in identity theft or froud. We have no evidence that local 104's systems were subject to unauthorized access; rather, we believe that the blogger may have accessed data on a system maintained by a Local 104 third-party vendor.ILKB LLC
October 01, 2016 | Unauthorized Access
Abstract
As a customer of ILKB, we want to inform you of a security of a security concern that has recently arisen. On or about March 24, 2017, our third-party cybersecurity team reasonably determined that ILKB was the target of a sophisticated cyber-attack. As a result of our investigation, it appears that your private information may have been accessed by unauthorized persons intermittently between October 2016 and early January 2017. We believe an external source obtained unauthorized access to our server and managed to access personal customer information stored on the server.Integrated Clark Monroe, LLC, owner of the Hyatt Centric The Loop Chicago
September 27, 2016 | Malware
Abstract
Guest payment card information for guests who used payment cards at check-in from September 27, 2016 to April 28, 2017 may have been compromised and may have been used for an unauthorized purpose. An unauthorized person installed malware on the Hotel’s front desk computer system designed to capture credit and debit card information. The malware captured payment card data intermittently during this time period.Integrity Transitional Hospital
August 15, 2016 | Network Compromise
Abstract
Integrity receives laboratory specimens from companies that work with various healthcare providers, and then submits these specimens to laboratories for testing. In the course of providing this service and for billing purposes, Integrity maintains certain patient information on specimens submitted by the healthcare providers. On August 15, 2016, Integrity learned that suspicious activity on its network may have affected the systems related to its laboratory services. Integrity immediately began an investigation, with the assistance of an expert forensics company, to determine the scope of the incident. Our investigation has determined that an unauthorized individual potentially could have accessed your lab results, lab testing information, health insurance information, and scanned driver’s license, if you provided one. The affected information did not include your Social Security number or other financial or account information.inVentiv Health, Inc.
June 02, 2016 | Phishing
Abstract
On July 7, 2016, we learned that a targeted “phishing” email message had been sent to inVentiv Health in June. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. The email was designed to appear as though it had been sent by an inVentiv executive, from the inVentiv executive’s email account, requesting the uploading of our U.S. employees’ 2015 W-2 Forms to a file sharing site. Believing the email request to be legitimate, the W-2 data was uploaded. It is unknown how much of the data uploaded may have been accessed by unauthorized individuals.International Code Council
April 25, 2016 | Website Compromise
Abstract
On December 16, 2016, we discovered an issue potentially impacting the processing of credit and debit card purchases made through our online store. We immediately took action to secure our system and conducted an investigation to determine what information may have been accessed. The independent forensics investigation, which took time, determined that customer payment card information, including name, address, and credit/debit card information may have been compromised between the dates April 25, 2016 – May 24, 2016, and July 11, 2016 - September 14, 2016. The security incident has been contained, and you may continue use your credit and debit cards securelyImperial Valley Family Care Medical Group, APC
March 21, 2016 | Unknown
Abstract
TBDBIsland Hotel Company Limited
March 09, 2016 | System Compromise
Abstract
The Resort began investigating unusual activity after receiving reports from its credit card processor. The Resort immediately began working with third-party forensic experts to investigate these reports and to identify any signs of compromise on its computer systems. On October 21, 2016, the Resort discovered suspicious files on its computer systems that indicated a potential compromise of customers’ credit and debit card data for some credit and debit cards used at food and beverage and retail locations at the resort.Incipio, LLC
February 26, 2016 | System Compromise
Abstract
Aptos, our former digital commerce solution provider, recently advised us that its systems had been compromised, and that unidentified persons had gained access to customer data for forty of Aptos’ online retailer customers, including Incipio. Aptos reports that the unauthorized access to its systems occurred from approximately February 26, 2016, through approximately December 5, 2016. Notice to us was delayed because of a law enforcement investigation.September 16, 2015 | Website Compromise
Abstract
On February 4, 2016, while timely installing an application software update to our e-commerce platform, we discovered that an unauthorized party had gained access to one of our cloud-based website servers. Despite our robust controls to protect you from the nefarious efforts of hackers, our investigation reveals that the unauthorized party gained access to personal information of customers who purchased product from www.incipio.com between September 26, 2015, and January 29, 2016.Intex Recreation Corp.
February 24, 2016 | Website Compromise
Abstract
On November 16, 2016, intex learned of the potential compromise of certain personal information of our customers. We immediately launched an investigation to determine the nature and scope of this event and began working with third-party forensic investigators to assist with these efforts. Our forensic investigation indicates that unauthorized and malicious code may have been inserted into the company's website and that the incident accurred between approximately April 24, 2016, and December 14, 2016.IATSE Local 134
January 04, 2016 | Laptop Stolen
Abstract
We are writing to you because we have been informed a laptop belonging to IA 134 and connected to the network at Levi’s Stadium was breached via the internet on January 4th and information was taken from the computer. An investigation is under way but we do not know what information may have been compromised. It is possible that your name and Social Security number have been taken.Internet Corporation for Assigned Names and Numbers - ICANN
July 31, 2015 | Website Compromise
Abstract
We are writing to inform you that ICANN has reason to believe that within the last week, usernames/email addresses and encrypted passwords for profile accounts created on the ICANN.org public website were obtained by an unauthorized person.International Coffee & Tea, LLC
January 27, 2015 | System Compromise
Abstract
We received your request for information regarding notices that Anthem, Inc. (“Anthem,” “we” or “our”) intends to issue in connection with the recently discovered cyber-attack experienced by Anthem. As you know, on January 29, 2015, Anthem discovered that cyber attackers executed a sophisticated attack (the “Incident”) to gain unauthorized access to Anthem’s information technology system and obtained personal information relating to consumers who were or are currently covered by Anthem.Inland Empire Health Plan (IEHP)
October 28, 2014 | Computer Stolen
Abstract
On October 28, 2014, a desktop computer and other items were reportedly stolen from Children’s Eyewear Sight, located on 11940 Foothill Blvd., Ste. 107, Rancho Cucamonga, CA, 91739. The local police were involved, and a suspect has been apprehended. However, saved to the stolen computer was a file that contained data about a number of people, including you.Imhoff and Associates
June 27, 2014 | Device Lost
Abstract
During the early morning hours on June 27, 2014, a hard drive containing backup files for one of the firm’s servers was stolen from the locked trunk of an employee’s vehicle. The employee discovered the theft later that day and immediately notified the Santa Monica Police Department. We have been working with law enforcement but, to date, they have been unable to locate the stolen hard drive.Intuit
February 01, 2014 | Unauthorized Access
Abstract
In an effort to protect our customers’ personal information, we conducted a review of all customer accounts late last month. Our review identified that your TurboTax account may have been accessed by someone other than you. Our investigation leads us to believe that the username and password used to login to your account were not obtained from an Intuit system but instead were stolen username/password combinations from other sources. We have no evidence that TurboTax systems have been compromised. If this access was indeed not by you, someone else may have obtained information contained on your prior year tax returns.Imgur
January 01, 2014 | Service Compromise
Abstract
On November 23, 2017, we were notified about a data breach that occurred in 2014. Based on our analysis, we believe that an unauthorized third party stole user account data from us. You are receiving this email from us because your information was compromised. While we are still actively investigating the intrusion and no suspicious activity has been detected since the start of the investigation (the breach was in 2014), we wanted to inform you what we know as quickly as possible.International SOS Assistance, Inc
August 24, 2013 | Unauthorized Access
Abstract
On August 28, 2013, it was confirmed that some of our data files containing personal information were potentially unlawfully accessed. The data accessed includes a limited amount of travel data and some personal information. This may have included your name, passport number, and in a limited number of cases, social security number.Income and Capital Growth Strategies Inc.
July 12, 2013 | Network Compromise
Abstract
We have recently discovered unauthorized access to our computer network by unknown person or persons. While the only losses so far are to Doug Thorburn personally (and we believe Doug Thorburn was the target), it is possible personal information about you and your dependents including your name, address, social security number, birthdate, driver’s license number and bank account information (for those who use direct deposit for tax refunds) was obtained.Inter-Continental Hotels Corporation
July 04, 2013 | Physical Intrusion
Abstract
On July 4, 2013, two criminals entered the Hotel and ransacked its sales office. They removed a hard drive containing personal data of some of our guests from a computer, and left the hard drive in the sales office. We engaged data security experts to investigate this incident thoroughly and learned on July 14, 2013 that even though the computer hard drive was not taken, it is possible that it was accessed while the criminals were in the office. If the criminals did this, they could have accessed the following types of information: name, mailing address, email address, telephone number, and credit/debit cart number. Fortunately, the information potentially accessed did NOT include Social Security Numbers.ICG America
January 02, 2013 | Malware
Abstract
ICG America was advised by a credit card company on August 5, 2013 that we may have been the target of a cyber-attack against our payment processing system. We immediately engaged a leading computer security firm to investigate. The security firm found signs of an attack that began on January 2, 2013 and continued until August 2, 2013. The attacker installed a program on our network that created the ability to decrypt and capture payment card information from our system.Indie Research LLC
April 03, 2012 | Website Compromise
Abstract
BullMarket.com has recently learned that certain electronically-stored information has been accessed by unapproved third-parties. Our investigation to-date reveals that as a result, certain users' names, credit card information, email addresses, billing addresses, and/or login information were likely compromised. Our investigation also indicates that this situation arose between April 3 and April 7, 2012, and we became aware of it on April 11, 2012.Incorporating Services, Ltd.
April 02, 2012 | Third Party
Abstract
On April 2, 2012, our internet hosting vendor informed us that one of our servers was compromised by a maiware attack. We recently completed an extensive investigation of this incident in order to determine the scope of the attack and the individuals potentially affected.Impairment Resouces, LLC
December 31, 2011 | Device Lost
Abstract
On December 31, 2011, a thief(ves) broke into our office. The theft was discovered in the early morning hours of January 3, 2012 after the New Years’ Eve holiday weekend, and local police authorities were notified at that time. Law enforcement, which had requested a reporting delay, continues to investigate this theft. The thief(ves) broke into a locked area of the office and stole a number of items, including computer hardware that was used to back-up some of our computer systems. This hardware may contain some of your personal information, which may include your first and last name, social security number, and medical information related to your claim. It will be difficult for the parties involved in the theft to obtain data from the hardware without specialized knowledge of information technology systems.Investacorp, Inc.
November 29, 2011 | Third Party
Abstract
This letter is for the purpose of notifying your office that a vendor of the clearing broker-dealer utilized by Investacorp, Inc. ("Investacorp") was involved in a data breach incident that potentially affected five clients who are residents of California.Imperfect Foods, Inc.
Abstract
On December 19, 2019, we discovered a software error related to the logs we maintain of website login errors. For some customers, this issue may have impacted our logging and storage of their username and password as a part of our system error logs. These system error logs are not publicly accessible. They are available to certain Imperfect employees and agents whose role is to help us fix website issues. We released an update to fix this error the same day we discovered it. We have no indication that there has been any unauthorized access or use of customer information as a result of this issue.Insurance Services Office, Inc.
Abstract
Insurance Services Office (ISO), a provider of information and analytics to the property and casualty insurance industry, manages a database of insurance information, which includes data on participating insurers’ policyholders. I am writing to inform you of a recent investigation conducted by a County Prosecutor’s office in the State of New Jersey. Both ISO and the National Insurance Crime Bureau assisted with the investigation regarding suspected unauthorized use of insurance data. At the request of law enforcement authorities, this notification was delayed to avoid impeding the law enforcement investigation into this incident.IDParts, LLC
Abstract
On October 28, 2014, we discovered that malicious code had been inserted into the functions that process customer payment information through our website (IDParts.com).International Dairy Queen, Inc. (“IDQ”) on behalf of 9 Dairy Queen franchise locations in California listed in the attached addendum.
Abstract
International Diary Queen, Inc. recently learned of a possible malware intrusion that may have affected some payment cards at certain DQ locations and one Orange Julius location in the U.S.ITHAKA
Abstract
We are writing to let you know that your MyJSTOR account was recently accessed without authorization by a third party.IndyMac Resources, Inc.
Abstract
The purpose of this letter is to notify you that your personally identifiable information (PII) was recently found in a little-known location on a public web server along with data for a group of employees of the failed IndyMac Bank, F.S.B. (in receivership since July 11, 2008), and its subsidiary, IndyMac Resources, Inc.J
Joslin Diabetes Center, Inc.
May 14, 2020 | Ransomware
Abstract
Blackbaud reported that, in May 2020, two months before notifying Joslin, it discovered a ransomware incident that resulted in encryption of certain Blackbaud systems. Blackbaud reported the incident to law enforcement and worked with forensic investigators to determine the nature and scope of the incident. Blackbaud notified its customers, including Joslin, that a cybercriminal may have accessed or acquired certain Blackbaud customer data. Blackbaud reported that the data was potentially exported by the threat actor before Blackbaud locked the cybercriminal out of its environment on May 20, 2020. According to Blackbaud the data was destroyed and they do not believe that any data was or will be misused, disseminated or otherwise be made publicly available. Blackbaud further stated that this belief has been corroborated by outside experts and law enforcement.JPMorgan Chase Bank, N.A.
April 06, 2020 | Insider Threat
Abstract
We recently learned that between April and November 2020 a call center employee may have allowed an unauthorized third party to overhear their call with you about your Chase account. The employee may also have shown the third party their screen.June 28, 2018 | Insider Threat
Abstract
On or around June 28, 2018, a Chase employee improperly downloaded customer information, including yours, to a personal computer and two online data storage sites, where third parties could have seen it for about three weeks. The employee was authorized to access and download the information, but should have only used company-approved computers and sitesAbstract
We are writing to alert you that some of your personal information may have been viewed improperly on databases that support our website for your [PROGRAM NAME(s)] card(s) from mid-July to mid-September. When we detected this in mid-September, we quickly secured our systems to safeguard your information. We also immediately launched an extensive investigation to determine the scope of the incident in cooperation with law enforcement and forensic experts. The information could include: your name, address, Zip code, phone number, user ID, password, card number, Social Security Number, date of birth, email address, Online security questions, and your bank account.JM Bullion, Inc.
January 1, 2020 | Malicious Code
Abstract
On July 6, 2020, JM Bullion was alerted to suspicious activity on its website. JM Bullion immediately began an investigation, with the assistance of a third-party forensic specialist, to assess the nature and scope of the incident. Through an investigation, it was determined that malicious code was present on the website from February 18, 2020 to July 17, 2020, which had the ability to capture customer information entered into the website in limited scenarios while making a purchase. These scenarios represented a small portion of the transactions processed on JM Bullion’s website during the impacted time frame. You are receiving a notice because you made a purchase on the website during this time frame and your payment card information could be at risk. The malicious code found was permanently removed from the website on July 17, 2020.J.D. England Management, Inc.
August 31, 2019 | Computer Compromise
Abstract
In late 2019, J.D. England became aware of suspicious activity on the front desk computer of the Best Western Inn Tooele. J.D. England launched an investigation into this reported activity. J.D. England determined that the front desk computer was subject to unauthorized remote access August 31, 2019 to September 1, 2019 and a folder containing certain guest information was viewed. A vendor was then retained to review the contents of the folder to see whether it contained any sensitive guest information. On November 12, 2019, the vendor completed this review and determined that the folder viewed by the unauthorized actor contained information related to youJal Berry Farms LLC
August 12, 2019 | Unauthorized Access
Abstract
El 3 de octubre de 2019, o en una fecha cercana, tuvimos conocimiento de que un ex empleado de la compañía de servicios administrativos que gestiona nuestra nómina envió informes que contenían nombres, direcciones, números del Seguro Social y, en algunos casos, fechas de nacimiento e informació n de cuentas financieras de empleados a una cuenta de correo electrónico personal. Los correos electrónicos no autorizados fueron enviados el 12 de agosto de 2019 y el 26 de agosto de 2019. Descubrimos los correos electrónicos como parte de una investigación sobre una sospecha de robo cometido por este ex empleado, la cual fue identificada por la compañía de servicios administrativos por primera vez el 23 de septiembre de 2019.Jackson National Life Insurance Company
April 01, 2019 | Third Party
Abstract
Mediant Communications Inc. ("Mediant") is a third-party service provider that distributes proxy materials and records voting results for shareholder meetings on behalf of Jackson. Mediant received your personal information from Jackson to prepare and process proxy materials to be mailed to you.Jofit, LLC
January 18, 2019 | Website Compromise
Abstract
On May 13, 2019, our security team observed suspicious activity on the website. We immediately began an investigation and a leading computer security firm was engaged to assist. On July 2, 2019, the investigation identified the potential for unauthorized access to payment card data.JAND Inc. d/b/a Warby Parker
September 25, 2018 | Service Compromise
Abstract
Our team noticed unusual efforts to log in to Warby Parker customer accounts. We began to investigate immediately, and so far we’ve determined that unauthorized parties may have obtained your username and password elsewhere—most likely through security breaches at other companies—and may have used this information to attempt to log in to your Warby Parker account. Login attempts were made to a limited number of Warby Parker accounts from late September to late November 2018.Jewish Community Federation
September 18, 2018 | Email Compromise
Abstract
We learned of suspicious activity related to certain employee email accounts. We then launched an investigation to determine the full nature and scope of this incident. Through a detailed and exhaustive investigation, we confirmed that an unknown actor(s) gained access to certain Federation employee email accounts as the result of a phishing attack. The employees’ email credentials were changed, and the email accounts have been secured. A leading forensic investigation firm was immediately retained to assist with our investigation into what happened and what information contained within the email accounts may have been affected. The investigation determined that an unknown individual had accessed certain Federation employees’ email accounts as early as September 12, 2018Jensen Enterprises, Inc. d/b/a Jensen Precast
August 23, 2018 | Email Compromise
Abstract
On October 25, 2018, we learned that an unauthorized individual may have gained access to email accounts belonging to some Jensen employees. Some of the messages and attachments contained within those accounts may have contained your personal information. Upon learning of this incident, we immediately launched an investigation and took steps to secure all employee email accounts. We also engaged a digital forensics firm to determine what happened and whether the incident involved unauthorized access to, or acquisition of, personal information. Finally, we reported the matter to the Federal Bureau of Investigation and to local law enforcement.Jobscience, Inc.
May 11, 2018 | Server Compromise
Abstract
We learned in late August 2018 that an unauthorized third-party may have gained access to one of our servers on or around May 8, 2018. We conducted a comprehensive investigation of the incident, and determined that the unauthorized third party was able to gain access to a single server used to process job application information, including information you likely submitted when you applied for a position with Jobscience or a Jobscience customer. Law enforcement is aware of the incident, but this notification was not delayed as a result of a law enforcement investigation.Jeffrey Born, CPA, Inc.
December 31, 2017 | Laptop Stolen
Abstract
On December 31, 2017, I learned that my office was physically broken into and that two password protected laptops were stolen. The Sacramento County Sheriff’s Department was immediately called and promptly arrived at the office, investigating the matter. Additionally, I began my own investigation to identify whose and what information was on the devices. The investigation is now complete and I believe that some of your personal information was on one of the stolen password protected laptops. To date, there is still no known access or fraudulent activity, but I want to notify you out of an abundance of caution.John D. Williamson, Certified Public Accountant
February 09, 2017 | Laptop Stolen
Abstract
On the morning of February 10, 2017 I discovered that my car had been stolen sometime between the night of February 9, 2017 and that morning. I quickly reported this incident to law enforcement and have been cooperating with their investigation. Inside my trunk were two password protected laptop computers containing tax software for my personal tax clients. That software contained personal tax information including the Social Security numbers and birthdates for all of the persons listed on your tax return (spouse and dependents). If you ever provided me bank accounts used for Direct Deposit, then you should alert your banking institution for that particular account and follow their advice. One of the laptops possibly included tax years as far back as 2010. I have no evidence that the laptops were targeted or that the information stored on the laptops at the time they were stolen was accessed or acquired by an unauthorized individual.Jack Anthony Industries, Inc
February 06, 2017 | Third Party
Abstract
Vallejo/Fairfield/Vacaville/Sacramento, CA – Jack Anthony Industries, Inc. was informed on March 27, 2017 that our point-of-sale system, operated by a third-party platform provider experienced an intrusion last month.To date, the investigation indicates that the intruder placed malware on the point-ofsale system, and by doing so gained access to our customers’ payment card data, including the cardholder’s first and last name, payment card number, and security code.
Jewelry.com, a division of Richline Group, Inc.
November 16, 2016 | Website Compromise
Abstract
On May 16, 2017, Jewelry.com discovered that beginning on or about November 16, 2016, unknown individuals gained access to our online boutique through the unauthorized use of an account belonging to one of our employees. Unfortunately, and despite all the security measures implemented on the website, the intruders were able to install malicious software on the Jewelry.com website which was used to capture credit card payment information as it was entered on our shopping cart page. The intruders were able to access information associated with online purchases through our Jewelry.com website between November 16, 2016 and May 1, 2017. The compromised information includes debit and credit card numbers, card holders’ names, card holders’ billing addresses, passwords, security codes and expiration dates. While not all debit and credit cards used during this time period were necessarily affected, out of an abundance of caution we are notifying you of this incident. We believe that the intruders accessed approximately 7,000 debit and credit card numbers and related information affecting approximately 619 California customers.John E. Gonzalez DDS
July 25, 2016 | Device Lost
Abstract
On the late afternoon of Monday July 25, 2016, my car window was broken out and my briefcase was stolen. In that briefcase was an external hard drive containing two different types of data. First, all office patient records were backed up on the drive, including social security numbers, driver’s license numbers, phone numbers, date of birth, physical and email addresses and health insurance information. NO passwords or user names appear in these records. No complete credit card information or bank account information was stored on this drive (only the last four digits of the most recent card used is stored). As a result, your personal information is now potentially accessible to unauthorized individuals. However, the risk of accessibility is extremely low because the data in its format is unreadable. In consulting with my dental soft-ware experts, they assure me it would be incredibly difficult and unlikely for anyone to access your records. However, since the data is not encrypted, I am required by law to notify you. Secondly, pictures of patient cases (teeth only, no faces) that included patient first and last names and phone numbers were saved on the drive. These files of pictures are stored in jpeg format and can be opened easily.JAM Paper & Envelope
June 15, 2016 | Website Compromise
Abstract
After receiving a report that data from payment cards used on www.jampaper.com may have been obtained by an unauthorized third-party, we began an investigation and hired a leading cybersecurity firm. On November 17, 2017, we determined that for customers who placed orders on our website from June 15, 2016 to November 6, 2017. We are notifying you because you placed an order on www.jampaper.com during this time period using a payment card ending in [xxxx].Jerry’s Artarama N.C. Inc.
May 03, 2016 | Malware
Abstract
You may have read about similar data security breaches in the news recently. Unfortunately, we are the latest victims in this trend. Although we had taken measures that we believe were commercially reasonable under the circumstances, we may have been subject to a sophisticated cyber-attack that appears to have potentially penetrated our defenses. Malicious code may have been placed on our system and based upon our investigation, appears to have intercepted customer information that was transmitted during purchase transactions from May 3rd, 2016 until July 10th, 2016.JB Autosports, Inc.
August 01, 2015 | Website Compromise
Abstract
From approximately August 1, 2015 through November 9, 2015, the websites’ checkout page where customers input their payment information to purchase products from JB Autosports was the target of a cyberattack originating from a Russian IP address. The breach affected customers who used Visa, MasterCard, Discover, and American Express branded cards to pay for their purchases from the websites. The breach allowed cyberattackers to intercept customer names, addresses, credit card numbers, credit card expiration dates, CID numbers, CAV2 numbers, CVC2 numbers, and CVV2 numbers (“Customer Information”). The Customer Information was intercepted after it was entered on the checkout page as it was being transmitted to PayPal for processing. JB Autosports’ policy is to not store customer credit card information.James R. Glidewell, Dental Ceramics, Inc. and its subsidiaries
February 28, 2015 | Unauthorized Access
Abstract
Glidewell recently learned that an unauthorized individual may have taken certain documents and data maintained and/ or owned by Glidewell, without Glidewell’s authorization. Based upon a forensic investigation conducted by outside datasecurity experts retained by Glidewell to assist in this matter, we believe that certain employee-personnel data may have been taken along with other Glidewell proprietary information, including your name, address, social security number, and financial account information relating to your direct deposit account. At this time, we have no indication that any of our employees’ personal information has been misused; however, if you believe that suspicious or fraudulent activity relating to this incident may have taken place, we ask that you bring it to the immediate attention of appropriate Glidewell senior management.Jimmy John’s Franchises LLC
June 16, 2014 | System Compromise
Abstract
CHAMPAIGN, Ill. (September 24, 2014) – On July 30, 2014, Jimmy John’s learned of a possible security incident involving credit and debit card data at some of Jimmy John’s stores and franchised locations.Jetro/Restaurant Depot
November 07, 2012 | System Compromise
Abstract
We very recently determined that unauthorized individuals stole credit and debit card information from the card processing system we use in some of our stores. You are receiving this letter because we believe your credit or debit card information may have been stolen.J.Crew Group, Inc.
Abstract
We are writing to let you know about a security issue related to your www.jcrew.com customer account. Through routine and proactive web scanning, we recently discovered information related to your jcrew.com account. Based on our review, we believe your email address (used as your jcrew.com username) and password were obtained by an unauthorized party and in or around April 2019 used to log into your jcrew.com account.Jambav, Inc.
Abstract
On November 11, 2019, we became aware that there has been a data breach at Toondoo.com. We immediately shut down the Toondoo website.Jewish Family & Children’s Services (“JFCS”)
Abstract
TBDBJoFit
Abstract
In mid-January, JoFit first learned that its website may have been the target of a cybersecurity attack aimed at acquiring customer credit card information. On the same day that we received this information, JoFit began work to investigate and take any necessary corrective steps. In that process, we confirmed that there was a vulnerability in the website that could have resulting in exposure of personal information. Within days of first learning of the incident, we notified law enforcement of this incident, and we hired an independent computer forensics consultant that specializes in cybersecurity. The consultant is investigating precisely what happened, what information may have been compromised, and what additional steps are needed.Jive Software
Abstract
We want to inform you of an issue involving your Producteev username (i.e. your email address) and password. We learned on August 24 that your Producteev username and password had been held in a file outside our normal encryption procedures, and we believe that this file was potentially accessed by an unauthorized third party. We cannot confirm that your username or password was compromised, but we are notifying you so that you may take protective action.Jessup Cellars dba The Good Life Wine Collective
Abstract
We greatly value your business and respect the privacy of your information, which is why we are writing to inform you that our consumer direct sales systems provider, Missing Link Networks, Inc., (“Missing Link”) notified us on May 28, 2015 of a security incident involving credit and debit card data. Missing Link has advised us that during the window of April 1, 2015 to April 30, 2015, a third party might have gained access to certain personal information, including customer names, card numbers, related payment addresses, passwords, and dates of birth. We are working proactively and aggressively with Missing Link to address the issue. Missing Link has notified the credit and debit card companies and supplied them detailed information on the affected accounts, and we’ve been assured that these accounts are being monitored for fraud. They have also assured us that the security breach has been contained, and customers may safely use their credit and debit cards.J.P. Morgan Corporate Challenge
Abstract
We are contacting you because we learned on August 7 that your site password and contact information, such as name, address and email address, may have been accessed on the J.P. Morgan Corporate Challenge website. In reviewing our systems, we identified suspicious server activity involving some login information.JCM Partners, LLC
Abstract
On March 6, 2014, JCM learned that a file containing personal information of housing applicants was taken from a JCM database and posted on an unauthorized website. We immediately removed the file from the unauthorized website. We launched an internal investigation to determine what information may have been accessed by unauthorized individual(s). We retained an independent, third-party security expert to assist with this investigation. Working with this security expert, we also took steps to better protect the security of personal information at JCM. The investigation is ongoing.K
KeyPoint Credit Union
August 13, 2020 | Email Compromise
Abstract
We recently learned that some of your information could have been viewed by an unauthorized third party who gained access to an employee email account in August of 2020. Upon initially learning of the incident, we promptly reset the credentials of the compromised email account to prevent further access. We also retained a leading forensic security firm to investigate and conduct a comprehensive search for any personal information in the impacted email account and to confirm the security of our email and computer systems. This incident was limited to a single email account did not involve any other systems.Keith Fabry
August 9, 2020 | Website Compromise
Abstract
On August 31, 2020, we learned that an unknown party gained access to our website, PDFPlotting.com, between February 27, 2020 to August 9, 2020. Upon discovery of this unauthorized activity, Keith Fabry promptly contacted the third-party website host provider that hosts PDFPlotting.com regarding the data security incident. Keith Fabry also engaged a specialized cybersecurity firm to conduct a forensic investigation to determine the scope and extent of the potential unauthorized access to Keith Fabry’s systems and any sensitive information.Kroto Inc. d/b/a iCanvas
May 10, 2020 | Website Compromise
Abstract
On May 28, 2020, we discovered that unauthorized script was placed on the checkout page of the iCanvas Website. The unauthorized script potentially allowed the third party that placed the script to capture information submitted by customers on the checkout page of the iCanvas Website if the customer was paying using our credit card payment function and the “place your order” button was hit. Through our investigations, we discovered that the unauthorized script was likely placed on the iCanvas Website on or about May 10, 2020.Kingsburg Elementary Charter School District
November 04, 2019 | Third Party
Abstract
The purpose of this notice is to inform you that our Student Information System had unauthorized access involving your Parent and Student Data.Kaiser Health Plan, Southern California
October 06, 2019 | User Error
Abstract
During a project to improve mailing addresses for correspondence with Southern California members, an error caused your former address to be temporarily used for one or more mailings to you between October 6 and December 20, 2019. The error was first recognized November 1, 2019 and we began an analysis to identify and correct the source of the problem. Your address was updated in our system on December 20, 2019. Correspondence mailed to your former address may have included appointment reminders, care reminders, surveys, referral letters, and Explanations of Benefits.KIPP SoCal Public Schools
October 03, 2019 | Misconfiguration
Abstract
On June 2, 2020, KIPP SoCal was notified of an issue involving unauthorized access to a data file containing certain students’ information. The issue was found when a vendor that we contract with discovered that our GitHub page containing the data file had an incorrect privacy setting, allowing our data file to be searchable within the confines of GitHub from October 3, 2019 through June 2, 2020. The page may have been accessed seven times by individuals or robots during the time it was exposed. You are receiving this notice because we determined that your student’s information was among those that were accessed without authorization.Kaiser Permanente
August 12, 2019 | Email Compromise
Abstract
On August 19, 2019, we learned that a Kaiser Permanente provider’s email account containing your protected health information was compromised by an unknown individual for approximately thirteen hours on August 12, 2019. We do not have any evidence that your information was viewed, used or copied. However, because Kaiser Permanente takes the protection of our member data very seriously, we are obliged to notify you of this matter.August 24, 2012 | User Error
Abstract
We are writing to let you know of an incident involving the unauthorized transmission of confidential employee information, including some information belonging to you. We take privacy very seriously and we sincerely apologize that this happened. As a result of our investigation, we believe it is highly unlikely that your information has been, or will be used for unlawful purposes. This notification is in compliance with California law, which requires notifying all former and current employees when there is a release of certain confidential information.Kalisepell Regional Healthcare
May 24, 2019 | Phishing
Abstract
This summer we discovered that several employees were victims of a well-designed email that led them to unknowingly provide their KRH login credentials to malicious criminals. We immediately disabled their accounts, notified federal law enforcement, and launched an investigation, which was performed by a nationally-recognized digital forensics firm, to determine whether any personal information was affected. On August 28, 2019, we learned that some patients’ personal information may have been accessed without authorization. A deeper investigation determined that your personal information may have been accessed as early as May 24, 2019.KPRS Construction Services, Inc.
March 14, 2019 | Email Compromise
Abstract
In late March 2019 KPRS learned of potential suspicious activity involving a KPRS employee’s email account. KPRS began an investigation and changed the email account password to stop any unauthorized access. As a result of the investigation, on or around June 14, 2019, KPRS confirmed that an unknown person may have gained access to the email account. We then hired computer forensics experts to assist us with the investigation to help us determine whether any individuals’ personal information may have been affected. Based on the results of the investigation, it was determined that the unknown individual may have had unauthorized access to certain employees’ email accounts during March and April 2019, and individuals’ personal information stored in the accounts may have been affected.KandyPens, Inc.
March 07, 2019 | Website Compromise
Abstract
In January 2020, KandyPens became aware of suspicious activity associated with its online check-out page. We immediately began an internal investigation and hired independent computer forensic experts to assist. The forensic investigators determined that an unauthorized user had gained access to our online payment platform and credit and debit card information may have been compromised. Credit and debit card information entered between March 7, 2019 and February 13, 2020 may have been at risk.Kennedy High School
October 02, 2018 | User Error
Abstract
On October 2, 2018 at 5:04 p.m., an email was sent to certain parents/guardians of Kennedy High Schoolstudents, inadvertently including student information of certain Kennedy High School students. The data security incident involved the inadvertent release of the name, Student ID number, email address, and phone numbers of certain Kennedy High School students. The information was disclosed to only those parents/guardians of students at Kennedy High School.Key West Hotels, LLC
February 07, 2018 | Malware
Abstract
On December 13, 2018, the Hotel noticed some unusual activity in its front desk computer system. The Hotel promptly began investigating, retaining a well-known global cyber security firm to perform an assessment of the computer system. Ultimately the Hotel learned that on approximately February 7, 2018, many months prior to Key West Hotels, LLC’s purchase of the Hotel, an unauthorized person had gained access to the Hotel’s front desk computer system while the Hotel was being operated by a prior owner. Using malware, the intruder was able to gain access to and view guest reservation information. The malware was quickly removed and the system restored so that it could be used safely.Kaiser Foundation Health Plan, Inc.
November 02, 2017 | Email Compromise
Abstract
On November 13, 2017, we learned that a Kaiser Permanente email system containing your protected health information was compromised.October 09, 2017 | Unauthorized Access
Abstract
On or about October 9, 2017, a letter containing your protected health information was inadvertently mailed to another Kaiser Permanente member.May 16, 2013 | User Error
Abstract
An electronic file with information pertaining to a pilot Wellness Screening competition at the East End Complex was accidentally emailed by a Kaiser Permanente employee to a member of the pilot planning team on May 16, 2013. Please note that the recipient of the file does not work for, or represent, your employer. While the recipient was intended and authorized to receive the summary competition information, some of your personal information related to the competition was accidentally included in another location within the same file.Kimberly-Clark Corporation
October 18, 2017 | Website Compromise
Abstract
We have extensive measures in place to protect the information that you provide to us; however, around October 20th, 2017, we identified an organized effort to access registered accounts on our website/app around October18th using a list of ID and password combinationns that appears to have been obtained from other compromised sites not related to Kimberly-Clark nor any of its brands likes Huggies or Kleenex, etc. We took immediate action to block this attempt. Unfortunately, a very small number of accounts, including yours, had account profile information potentially exposed.Kaiser Permanente Health Plan
September 18, 2017 | User Error
Abstract
On 9/21/17, we discovered that a letter intended for you was inadvertently mailed to another Kaiser Permanente member. You may have also received a similar letter intended for another KP member.Klinger Moving Company
September 14, 2017 | Breach
Abstract
On October 17, 2017, we became aware that certain Company files containing sensitive information that were stored on a Company server had become browsable for a brief period of time through a directed search on the Google search engine.Kaiser Foundation Health Plan
August 09, 2017 | User Error
Abstract
On August 9th, 2017, a document containing your protected health information was inadvertently emailed from a Kaiser Permanente facility to an external email address. The owner of the email is unknown as of the date of this letter.September 26, 2011 | Breach
Abstract
The data, which was found on a non‐Kaiser Permanente external hard drive that was purchased second‐hand, included your name, Social Security Number, Date of Birth and address. None of your personal health information was involved. The most recent employee data found on the hard drive was from 2009 and we have no evidence at this point to indicate that this information has been or will be used for illegal purposes.Kayser-Roth Corporation
July 01, 2017 | Third Party
Abstract
To give you the context, we use software provided by a third party vendor, Aptos Inc., to process Hue.com orders. Aptos is a highly experienced provider of retail technology and has a large universe of well-known brand customers. As has become increasingly common on the web in recent years, there was an intrusion into a portion of Aptos’ system that holds payment card data and certain other customer information for online orders placed on Hue.com. Specifically, this data breach compromised Aptos’ e-commerce platform that we and many other brands use, and those responsible gained access to names, addresses, email addresses and payment card information, including verification codes, as customers made transactions on Aptos’ system.Kevin J Palmer & Co, CPA
May 21, 2017 | Network Compromise
Abstract
We discovered a cyberattack on our system on June 6th, 2017. Our forensic team was hired right away to conduct an investigation. This led us to believe cybercriminals attacked the remote-access system, used by our outside IT personnel, to access our tax filing software around that time. This allowed the cybercriminals to access our system and files, including the use of what appears to be one staff’s credentials.Keller Williams Realty, Inc.
May 06, 2017 | Network Compromise
Abstract
We recently learned that an unauthorized third party was able to gain access to portions of the Keller williams network and, while on the network, may have been able to access certain associate files stored in our systems.Keith M. Southwood, CPA, Inc.
March 29, 2017 | Network Compromise
Abstract
On April 3, 2017, the firm discovered that an unauthorized third party gained access to its secure computer network on or about March 29, 2017. We immediately began an investigation and engaged independent forensic computer experts to assist. Based on our investigation to date, it appears we were the victim of a cyber-attack by an unknown third party.KURU Footwear
December 20, 2016 | Website Compromise
Abstract
On February 2, 2017, we began investigating some unusual activity reported by our credit card processor. We immediately began to work with third-party forensic experts to investigate these reports and to identify any signs of compromise on our systems. On February 23, 2017, we discovered that we were the victim of a sophisticated cyber-attack that resulted in the potential compromise of some customers’ debit and credit card data used at www.kurufootwear.com between December 20, 2016 and March 3, 2017.Kaiser Foundation Hospitals
November 16, 2016 | Misconfiguration
Abstract
You visited kp.org between November 16 and 28, 2016, and used our online Estimates tool. Due to a system error, there is a small chance that your name, age, address, and some information on how much you’ve spent on health care this year may have been seen by another kp.org user.Kaiser Permanente Health Plan, Inc of Northern California
October 12, 2016 | Misconfiguration
Abstract
For approximately two hours during the evening of October 12th into the early morning of October 13th, 2016, some of your protected health information that you viewed after signing in to kp.org may have been mistakenly viewable by other visitors to the website during that time frame. We take privacy very seriously and sincerely apologize that this occurred.Kimpton Hotels & Restaurants
August 10, 2016 | System Compromise
Abstract
On May 2, 2017, Sabre disclosed a data security incident that may have affected personal information. Sabre launched an investigation and engaged a digital forensics firm to assist in this investigation. On June 6, 2017, Kimpton received notification from Sabre that information within Sabre’s system was accessed without authorization. Sabre advised that certain reservation information may have been accessed between August 10, 2016 and March 9, 2017. The data security incident did not occur on, nor did it affect, Kimpton’s systems nor the systems of its parent company, IHG.K Partners Hotel Management
April 02, 2016 | Network Compromise
Abstract
On April 2, 2016, we discovered that on that same day, as a result of a sophisticated network intrusion, an unauthorized third party gained access to an email account and a file server. Upon learning of the issue, our incident response team promptly launched an investigation and notified local law enforcement. As part of our investigation, we have been working very closely with one of the nation’s leading cybersecurity firms that regularly investigates and analyzes these types of incidents. Their investigation and remediation efforts are now completed, and we have removed the infection from our system. K Partners also immediately changed passwords and took other steps to enhance the security of our network.Ken Waterman CPA, PC
March 27, 2016 | Server Compromise
Abstract
On March 30, 2016, KW learned that a possible security incident may have impacted the security of information stored on our servers. We immediately began an investigation and engaged independent, third-party forensic computer experts to assist. While the investigation is still ongoing, it appears that files stored on our system may have been accessed by an unauthorized individual. These files contain information related to your tax filings, and may have included your name, address, Social Security number, wage information, and in some instances bank account information.Katherman Kitts & Co. LLP
February 25, 2016 | Device Lost
Abstract
On February 25, 2016, hard drives containing backup files for one of the firm’s servers, along with other incidental items, were stolen from a partner’s locked vehicle. These files may have contained some of your confidential information as a client of Katherman Kitts & Co. LLP. The partner discovered the theft later that evening and immediately notified the Long Beach Police Department. We are continuing to work with law enforcement to locate the stolen hard drives.Kimpton Hotels & Restaurants Group, LLC
February 16, 2016 | Server Compromise
Abstract
Kimpton Hotels & Restaurants received a report on July 15, 2016 of unauthorized charges occurring on payment cards after they had been used by guests at the restaurant in one of our hotels. We immediately began to investigate the report and hired leading cyber security firms to examine our payment card processing system. Findings from the investigation show that malware was installed on servers that processed payment cards used at the restaurants and front desks of some of our hotels. The malware searched for track data read from the magnetic stripe of a payment card as it was being routed through the affected server.Kool Kids Model & Talent Management
February 16, 2016 | User Error
Abstract
APPLE Store -- Topanga, CA referred us to ACS Computer Services -- Tarzana, CA to remove the hard drive from our MacBook Pro prior to a repair service. While removing the hard drive and transferring it to an external hard drive case ACS COMPUTER SERVICES allegedly misplaced th MacBook Pro hard drive.Kayser-Roth Inc.
February 01, 2016 | Third Party
Abstract
No Nonsense, and our parent company Kayser-Roth, value the relationship we have with our customers. Consistent with that, we take the confidentiality of our customers’ information very seriously and we work very hard to maintain it. That is why we regret that we are writing to notify you of an incident that may involve some of your information. Having said that, please know that we have NO reason to believe that it is sufficient information to have been used fraudulently – nor is there any evidence that it has been.Keenan & Associates
October 09, 2015 | Misconfiguration
Abstract
On October 9, 2015, we learned that documents containing information relating to some [ClientDef1(Client Name)] employees and some of their dependents could potentially be found through searches on the Internet. We immediately began an investigation and discovered that the documents may have been made available on the Internet when a vendor misconfigured security settings on the portal where the documents were stored. The portal settings have since been reconfigured and the documents are no longer searchable on the Internet.Kindred Transitional Care and Rehabilitation – Lawton
August 31, 2015 | Third Party
Abstract
To give you the context, we use software provided by a third party vendor, Aptos Inc., to process Nononsense.com orders. Aptos is a highly experienced provider of retail technology and has a large universe of well-known brand customers. As has become increasingly common on the web in recent years, there was an intrusion into a portion of Aptos’ systems that holds payment card data and certain other customer information for online orders placed on Nononsense.com. Specifically, this intrusion compromised the Aptos digital commerce solution we and many other brands use, and those responsible gained access to information, including names, addresses, phone numbers, email addresses and some payment card information as customers made transactions on Aptos’ systems. They also gained access to historical payment card data for cards no longer in use.Kicky Pants, Inc.
August 26, 2015 | Breach
Abstract
On December 31, 2015, Kicky Pants, Inc., d/b/a KicKee Pants discovered evidence of a data security breach that allowed some confidential customer information to be acquired by an unknown third party. We believe that the acquisitions occurred between the dates of September 24, 2015 and December 26, 2015. Kicky Pants discovered this on December 31, 2015, and we closed the breach immediately. At this time, there is no evidence to suggest that there have been any actual attempts to misuse any of the acquired information.Kaiser Foundation Hospital Orange County, Anaheim Medical Center
September 25, 2013 | Device Lost
Abstract
I am writing to inform you about a health information privacy matter. Kaiser Permanente was informed on September 25, 2013 that a USB Flash Drive containing your name, Medical Record Number and date of birth was missing.K. Min Yi, M.D. General Surgery
May 28, 2013 | Device Lost
Abstract
I regret to inform you that my office was broken into this Memorial Day weekend and various items were stolen from my office. Pertinently, my desktop hard drive was stolen as well as my external hard drive which was in a locked drawer.KAISER PERMANENTE
April 06, 2012 | User Error
Abstract
We have learned that on April 6, 2012, a Kaiser Permanente South San Francisco Perioperative Department employee inadvertently sent a report containing information about a surgical procedure that is scheduled or is in the process of being scheduled for you, to a nonKaiser Permanente email address. The report can only be read by using specialized Crystal report reading software, which is not commonly installed on personal computers.Kern Medical Center
February 25, 2012 | Files Lost
Abstract
On February 25, 2012, a theft occurred at the home of a KMC resident. The resident had placed confidential research documents in her car and her car was subsequently burglarized in the carport of her apartment complex. These research documents contained confidential patient information.Kaiser Permanente Northern CA Department of Research
October 18, 2011 | Server Compromise
Abstract
On February 12, 2014, we discovered that a computer (also known as a server) was infected with malicious software. This server was used by the Kaiser Permanente Northern California Division of Research to store research data. We currently have no information that any unauthorized person accessed the information on the server. However, the malicious software broke down the server’s security barriers so we are investigating and responding with a very high level of caution and concern. We are very sorry that this happened.Kaiser Permanente Northern California
June 06, 2010 | Insider Threat
Abstract
The preliminary investigation has determined that two Kaiser Permanente employees stole equipment and machines from several Kaiser Permanente sites and stored them in an offsite storage unit. When the stolen items were returned, each was examined and some of the ultrasound machines were found to contain PHI. The theft of this equipment appears to have been for the purpose of selling the machine for profit, and not for the disclosing or misuse of PHI. There is no indication that any protected health information has been used for fraud or other criminal activity.Kevin Harrington, CPA
Abstract
On November 11, 2016, I detected that someone may have accessed my computer without authorization. I immediately informed my information technology provider and disabled online access to my computer. I immediately began an investigation, and on November 18, 2016, the information technology firm confirmed that someone accessed client files on my computer without authorization. I immediately notified the Internal Revenue e-File Services Department, the Internal Revenue Service/Criminal Investigation, and the California Franchise Tax Board to prevent any fraudulent activity. Although I am not aware of any fraudulent use of information associated with the event, I encourage you to utilize the services referenced below to monitoryour personal information.KontrolFreek, LLC
Abstract
We recently became aware that an unauthorized third party accessed the KontrolFreek servers and acquired certain payment card information of some of our customers. Promptly after learning of the issue, we took steps to secure our website and determine the nature and scope of the issue. In addition, we retained a data security expert to conduct a forensic investigation.Kellogg & Andelson Global Management
Abstract
Kellogg & Andelson Global Management ("K & A") recently was the victim of a criminal attack on its computer network.Kings County Office of Education
Abstract
Anthem has reported a security breach of personal information that may affect you and all of your covered dependents.Kroll Background America, Inc.
Abstract
I am writing to you on behalf of Kroll Background America, Inc. to notify you of an incident that resulted in an unauthorized acquisition of personal information of 548 of your state’s residents. In September, 2013, Kroll Background America learned that it was one of several victims of a criminal cyberattack. A portion of Kroll Background America’s computer network was the target of an intrusion between June and September of 2013. Upon learning of this intrusion, we promptly notified law enforcement authorities and took immediate steps to investigate the information that may have been accessed and the extent of any possible compromise of your state’s residents’ information. In late October of 2013, we determined that personally identifiable information of your state’s residents may have been accessed.Kathleen E. Whisman MD
Abstract
On or about April 11, 2013, Dr. Whisman received a telephone call from the San Ramon Police Department indicating that they were in the process of breaking up an identity theft ring and found information on the suspect's computer concerning some of her patients. Dr. Whisman can only speculate that the information on the suspect's computer was removed from a recently stolen computer. In 1999, Dr. Whisman was changing billing companies and she believes that the patient information had been stored on the stolen computer to assist with this transition. In April 2013, the investigation was on-going and Dr. Whisman was asked to delay notification to allow the investigation to be completed by the police.KEARNY MESA INFINITI
Abstract
One Kearny Mesa Infiniti Customer alleges that a former employee of Kearny Mesa Infiniti improperly accessed and used the customer's personal information to obtain prescription mediations.Korn/Ferry
Abstract
We began investigating the incident as soon as we learned of it. While our investigation is ongoing, we have determined that, although the affected databases were not designed or structured to receive sensitive personal information, a small percentage of the files nevertheless included an individual’s name in combination with his or her driver’s license number, government-issued identification number, Social Security number, credit card numbers or health information. It is important to note that we have no evidence that access to personal information was the goal of the attack.L
Law Office of Robert T. Bledsoe
September 22, 2020 | Email Compromise
Abstract
On September 22, 2020, we became aware that a firm Network server was used to send unauthorized emails, and we swiftly engaged computer experts to help determine what occurred. The investigation found that the account had been accessed by unauthorized individuals. In response, we reset the passwords to affected email accounts Turned off the known effected Server and implemented additional security controls to prevent further unauthorized access. We are not aware of any unauthorized access to the firm's Data or underlying systems, and we are providing this notice to you as a precautionary measure.Lazarus Naturals
September 14, 2020 | Code Injection
Abstract
On September 14, 2020, we identified suspicious activity on our website and immediately began an investigation with the assistance of third-party forensic specialists to assess the nature and scope of the incident. Through the investigation, it was determined that malicious code was inserted by an unauthorized party on the checkout page of our website from September 5, 2020 to September 14, 2020 which may have had the ability to capture customer information while making a purchase.Long & Foster Real Estate
August 22, 2020 | Ransomware
Abstract
On August 22, 2020, we determined that Long & Foster was the victim of a ransomware attack. Ransomware is used by cybercriminal(s) to block access to an entity’s environment, including its systems and data. Immediately upon detection of the incident, we launched an investigation, with the assistance of leading cybersecurity experts and the FBI, to determine what happened and what information, if any, may have been impacted. As part of the investigation, we determined the cybercriminal(s) gained access to Long & Foster’s systems on August 22, 2020, and that your personal information may have been accessible to the cybercriminal(s) as a result.LiveAuctioneers, LLC
June 19, 2020 | Third Party
Abstract
Our cybersecurity team has indeed confirmed that following a cyber attack against one of our IT suppliers on June 19, 2020, an unauthorised third party managed to access certain personal information from our bidder database. We were notified of the incident on July 11, 2020 and began notifying bidders that day through email and our website, based on how recently the bidder had used their LiveAuctioneers account. LiveAuctioneers was one of a number of their partners who experienced a breach since this IT supplier’s security was compromised. Our cybersecurity team has ensured the unauthorized access has ceased.L.A. Tax Service, LLP
June 10, 2020 | Unauthorized Access
Abstract
On September 15, 2020, we were notified by Lacerte Intuit, our tax software, that some tax returns pertaining to our clients were fraudulently filed. To date, we are aware of approximately 50 tax returns fraudulently filed. If your tax return was among these 50 tax returns, we already notified you.Upon receipt of Lacerte Intuit’s notification, we promptly engaged a specialized cybersecurity firm to conduct a forensic investigation to determine the nature and scope of the incident. The forensic investigation was completed on October 7, 2020, revealing that tax returns of our clients were potentially exposed to an unauthorized third party in June 2020 and September 2020. After an internal investigation concluded on October 16, 2020, we determined that you were among the individuals potentially impacted by the incidents.
Los Angeles County Bar Association
May 10, 2020 | Malware
Abstract
On June 11, 2020, a financial institution alerted LACBA that there was malicious code present on specific portions of its website, LACBA.org. Further investigation of the incident established that the malicious code was present at least as early as May 10, 2020.Lincoln Financial Advisors Corporation
March 19, 2020 | Device Lost
Abstract
Lincoln Financial Advisors (“Lincoln”) discovered on March 19, 2020 that an unknown third party was in possession of a drive that contained Lincoln client data. The drive may have been associated with Lincoln Financial Advisor office Charpentier Wealth Strategies.Living Beyond Breast Cancer
February 7, 2020 | Ransomware
Abstract
Blackbaud is a cloud-based software company that provides services to thousands of schools, hospitals, and other nonprofits. On July 16, 2020, Blackbaud notified us that it had discovered a ransomware attack on Blackbaud’s network in May 2020. Blackbaud reported that it conducted an investigation, determined that backup files containing information from its clients had been taken from its network, and an attempt was made to encrypt files to convince Blackbaud to pay a ransom. Blackbaud paid a ransom and obtained confirmation that the files removed from its network had been destroyed. Blackbaud reported that it has been working with law enforcement. Upon learning of the incident from Blackbaud, we conducted our own investigation of the Blackbaud services we use and the information provided by Blackbaud to determine what information was involved in the incident. On August 18, 2020, we determined that the backup files contained certain information pertaining to you.Lassen Union High School Distirict
November 06, 2019 | Third Party
Abstract
On May 6, 2020, the District received a report from one of its vendors that student information had been accessed and removed from the District's Student information System ("SIS") by unauthorized persons through a security flaw in the vendor's software. The District believes student information was accessible in this manner dating back to November 4, 2019, however, at this time, there is no evidence to suggest taht student data has been misused in any manner. The DIstrict is still investigating this incident and will provide more information as it becomes available.Lemoore Union High School
November 4, 2019 | Vulnerability
Abstract
LUHSD uses the Aeries Student Information System to provide students and their parents with online access to information regarding school events and schedules. In late November 2019, Aeries learned that an unauthorized individual attempted to exploit a vulnerability in the Aeries software that would allow access to student and parent information. Aeries later determined that the exploit was successful. Upon discovery, Aeries began an investigation and law enforcement launched an investigation to identify the person responsible, who Aeries believes is now in police custody. On April 27, 2020, Aeries confirmed to us that this individual may have accessed LUHSD’s Aeries System.Laguna Beach Unified School District
November 04, 2019 | Vulnerability
Abstract
LBUSD uses the Aeries Student Information System to provide students and their parents with online access to information regarding school events and schedules. In late November 2019, Aeries learned that an unauthorized individual attempted to exploit a vulnerability in the Aeries software that would allow access to student and parent information. Aeries later determined that the exploit was successful. Upon discovery, Aeries began an investigation and law enforcement launched an investigation to identify the person responsible, who Aeries believes is now in police custody. On May 6th, 2020, Aeries confirmed to us that this individual may have accessed the other districts’ Aeries Systems. We then conducted our own investigation, and on May 14, 2020, determined that the individual did access parent and student data within the LBUSD’s Aeries System.Le Duff America, Inc.
August 28, 2019 | Email Compromise
Abstract
? Le Duff became aware of unusual activity involving certain employee email accounts. Le Duff immediately began an investigation with the assistance of third-party computer specialists. The investigation determined that certain employee email accounts were accessed without authorization between August 28, 2019 and September 21, 2019. While the investigation did not determine that personal information had been viewed by an unauthorized actor, Le Duff could not rule out the possibility of such activity. Therefore, Le Duff immediately began a thorough review of the contents of the email accounts to determine whether sensitive information was present in the accounts at the time of the incident. The results of the email account review indicated that your personal information was present in an affected email account at the time of the incident. To date, we are unaware of any actual or attempted misuse of your personal information as a result of this incident.LifeMark Securities, Corp.
August 27, 2019 | Email Compromise
Abstract
On september 4, 2019, we identified suspicious activity involving a limited number of LifeMark email accounts. In response to the suspicious activity, we immediately changed all email passwords and hired independent computer forensic experts to help us investigate. Our investigation recently concluded, and we have determined there were successful unauthorized connections to a limited number of LifeMark email accounts as a result of a phishing attack. We were unable to identify with certainty whether any emails or attachments were vieweb as a result of the incident but wanted to let you know as your information may have been stored in one of the email accounts. if you sent sensitive information or documents containing your name, address, social security number, or financial account information to LifeMark via email, then that information may be at risk. Any information sent via a socure file share website remains unaffected and secure. This incident was limited to email accounts, other LifeMark systems were not impacted and remain secure.Los Angeles Police Federal Credit Union
July 17, 2019 | Third Party
Abstract
On July 24th, we learned that our credit card systems vendor mistakenly sent an encrypted file containing the personal information of some of our members to another federally insured credit union on July 17th. Unfortunately, your personal information, including your name, address, social security number, and credit card number were included in this encrypted file. We have conducted an in-depth investigation into this incident, and the credit union that received the information has certified that the file, and all its data, was destroyed by that credit union immediately after determining it was received in error.Landry’s, Inc.
January 18, 2019 | Malware
Abstract
Landry's recently detected unauthorized access to the network that supports our payment processing systems for restaurants and food and beverage outlets. We immediately launched an investigation, and a leading cybersecurity firm was engaged to assist. Although the investigation identified the operation of malware designed to access payment card data from cards used in person on system at our restaurants and food and beverage outlets, the end-to-end encryption technology on point-of-sale terminals, which makes card data unreadable, was working as designed and prevented the malware from accessing payment card data when cards were used on these encryption devices. Besides the encryption devices used to process payment cards, our restaurants and food and beverage outlets also have order-entry system with a card reader attached for waitstaff to enter kitchen and bar orders and to swipe landry's select club reward cards. in rare circumstances, it appears waitstaff may have mistakenly swiped payment cards on the order-entry systems. The payment cards potentially involved in this incident are the cards mistakenly swiped on the order-entry systems. Landry's select club rewards cards were not involved.L.D. Evans, CPA
November 23, 2018 | Third Party
Abstract
On March 4, 2019, I was informed by Citrix of a security issue related to our use of their third-party ShareFile service. According to Citrix, an unknown, unauthorized third party gained access to their systems and downloaded documents stored with the Citrix ShareFile environment. At this time, there is no confirmed evidence that any information was actually compromised, but since these documents contained your name, address, date of birth, Social Security number and bank account information, out of an abundance of caution, I am taking steps to mitigate concerns and notifying you of this incident.LPL Financial LLC
November 01, 2018 | Third Party
Abstract
Capital Forensics is a firm that provides consulting and data analysis to assist firms with regulatory, compliance, and risk management activities. On November 1, 2018, Capital Forensics notified LPL that, on the same day, an unauthorized person appears to have gained access to a single Capital Forensics user’s account on a third party file-sharing system it uses to share data with customers, including LPL. Capital Forensics reported that it promptly secured the Capital Forensics user’s account that same day but that files containing LPL client information were among the data potentially accessed. Upon learning this, we immediately launched an investigation and coordinated with Capital Forensics to ensure that the LPL data, including client information, was removed from that file-sharing system.Loungefly, LLC
September 19, 2018 | Malware
Abstract
Loungefly appears to have experienced an incident in which unauthorized code was placed on the portion of our computer network that processes payment card transactions for the Loungefly online store at www.loungefly.com. In response, we took immediate steps to secure the affected part of our network, including removing the unauthorized code. Following the discovery of the code, an investigation also was commenced to understand the nature and scope of the incident. The investigation concluded on April 3, 2019. At this time, we believe that we will not ever be able to confirm that any payment card information was in fact acquired by an unauthorized individual as a result of the incident. However, we also cannot rule out the possibility that data associated with less than 3,600 payment cards used in transactions between September 19 and December 17, 2018 may have been affected. We have reported the matter to law enforcement, but this notice has not been delayed because of law enforcement investigation.Abstract
Loungefly appears to have experienced an incident in which unauthorized code was placed on the system that operated the Loungefly online store at www.loungefly.com. In response, we took steps to secure the affected part of our network, including confirming that the unauthorized code was not present on the system that now operates our online store. Following the discovery of unauthorized code, an investigation also was commenced to understand the nature and scope of the incident. At this time, we believe that we will not ever be able to confirm that any personal information was in fact acquired by an unauthorized individual as a result of the incident. However, we also cannot rule out the possibility that the incident may have impacted certain usernames and passwords of customers who created or logged in to their Loungefly accounts, in addition to data associated with payment cards used in transactions, between September 19, 2018 and February 13, 2019. We understand that the total number of customers whose payment card data and/or username and password may have been affected is less than 4,600. We have reported the matter to law enforcement, but this notice has not been delayed because of law enforcement investigation.Laboratory Medicine Consultants, Ltd.
August 01, 2018 | Website Compromise
Abstract
On May 15, 2019, we were notified that ACMA experienced a data security incident that involved the payment page on AMCA’s website and unauthorized access to an AMCA database containing information belonging to LMC’s patients. AMCA is a vendor that assisted LMC with the collection of unpaid accounts. The security of LMC’s systems was not affected by this incident. Upon receiving notification about this incident, we immediately began an investigation to identify the affected individuals and the nature of affected information. We are utilizing cyber security experts to assist us in our investigation. Although we are unaware of the misuse of any of your personal information, out of an abundance of caution, we are notifying you about this incident and providing you information about steps you can take to protect your personal information.Laboratory Corporation of America Holdings
August 01, 2018 | Third Party
Abstract
We are writing to let you know that our vendor American Medical Collection Agency (AMCA) has notified Laboratory Corporation of America Holdings (LabCorp) about a security incident AMCA experienced that may have involved certain personal information about you. LabCorp’s systems were not affected by this incident. AMCA is an external collection agency that was used by LabCorp and other companies. LabCorp referred patient balances to AMCA only when our direct collection efforts were unsuccessful.Lancaster Archery Supply, Inc.
July 04, 2018 | Website Compromise
Abstract
Lancaster Archery Supply recently received a report of unusual card activity from its credit card processor. We immediately began an investigation to identify the source of the activity and to confirm the security of our network. Lancaster Archery Supply worked with a third-party forensic investigator, law enforcement, and our credit card processor to determine the nature and scope of this event. On April 3, 2019 we determined that certain payment card information used at www.lancasterarchery.com and www.lancasterarcherydealer.com may have been compromised from July 4, 2018 and February 16, 2019.Local Initiative Health Authority of Los Angeles County, doing business as L.A. Care Health Plan
March 01, 2018 | Misconfiguration
Abstract
We are writing to you because of a recent privacy incident that occurred between June 1, 2018 and January 30, 2019 at L.A. Care Health Plan. A system error resulted in member ID cards being mismatched and mailed to the wrong L.A. Care members. Since multiple ID cards were included in the same envelope, you may have received your ID card as well as another member’s ID card.Los Angeles Philharmonic
February 14, 2018 | Phishing
Abstract
The Los Angeles Philharmonic was the victim of an email spoofing attack on February 14, 2018, by an individual pretending to be the Los Angeles Philharmonic’s Chief Financial Officer. A request was made from what appeared to be a legitimate the Los Angeles Philharmonic email address for all 2017 the Los Angeles Philharmonic employee W-2 information. Unfortunately, copies of all 2017 employee W-2 forms were provided before the company discovered that the request was made from a fraudulent account by someone using the name and email address that appeared to be from the Los Angeles Philharmonic's CEO. the Los Angeles Philharmonic discovered the fraudulent nature of the request on February 14, 2018 and has been working tirelessly to investigate and to mitigate the impact of the attack.Legalinc Corporate Services, Inc. (as data maintainer) on behalf of Rocket Lawyer Incorporated (as data owner)
October 25, 2017 | Vulnerability
Abstract
In December 2019, Legalinc was contacted by a security consultant that claimed he had found a vulnerability in the database used to store customer business formation documents. It is possible that the security consultant used this vulnerability to gain access to a limited number of files, which contained personal information about certain individuals.Legalinc Corporate Services, Inc. (as data maintainer) on behalf of Stripe GEP, Inc. (as data owner)
October 25, 2017 | Third Party
Abstract
We recently were informed that as part of the process of filing your corporate registration in conjunction with the Stripe Atlas service, it is possible that your personal information was accessed by an unknown third party. We discovered on December 11, 2019, that our service provider Legalinc Corporate Services Inc. (“Legalinc”) had a security vulnerability in its document storage system. We have no evidence that your personal information was accessed or has been misused, but out of an abundance of caution we are providing you with this notice.Los Angeles County Department of Mental Health (LACDMH)
October 24, 2017 | User Error
Abstract
On October 24, 2017, a LACDMH employee sent an email to candidates who responded to a job posting for a position within LACDMH. Inadvertently attached to that email was a spreadsheet that contained the PII of candidates, including you.LiveGlam Inc.
April 25, 2017 | Website Compromise
Abstract
On December 11, 2017, we confirmed that an unauthorized individual may have gained access to a section of our online store at www.liveglam.com that processes customer orders. Upon learning of this incident, we immediately took steps to block further unauthorized access and began an investigation to determine what happened and the scope of the incident. We engaged a forensic security firm to assist in our investigation. Also, we contacted law enforcement to investigate this matter.Los Angeles City Employees Retirement System
April 05, 2017 | User Error
Abstract
We recently learned that an email attachment containing personally identifiable information was accessed by one individual who received it inadvertently from a LACERS’ staff member. The error was discovered the same day it occurred and the person who received the file was immediately instructed to delete the email containing the attachment. This person has confirmed that the attachment was deleted in response to these instructions.Logic Supply, Inc.
February 06, 2017 | Website Compromise
Abstract
Yesterday, February 6th, we discovered unauthorized access to our website, which made some customer information vulnerable. Once we discovered the breach, we blocked their access, deployed a security patch and took other security measures. We believe the vulnerability and access was for roughly 30 minutes. There were no breaches of any of our other internal applications, resources or ERP system.LYFE Kitchen Companies, LLC
November 03, 2016 | Third Party
Abstract
LYFE Kitchen was notified by its third-party point of sale (“POS”) vendor that the vendor’s computer network potentially had been compromised by a malware data breach. The malware was programmed to access data from the magnetic stripe of payment cards at the time they were swiped. The magnetic stripe contains only the card number, expiration date and verification code. No other customer information was involved. Based on our third-party IT security expert’s investigation, the malware could have affected the POS equipment at two (2) LYFE Kitchen corporate restaurants in California, two (2) corporate restaurants in Tennessee, and one (1) corporate restaurant in Nevada (listed below). The malware has been removed and eradicated. We have no evidence that the malware exported any payment card information to the malware host, and we have received no reports of unauthorized charges from customers or the banks that issued payment cards.LifeBridge Health
September 27, 2016 | Malware
Abstract
On March 18, 2018, we discovered that malware infected the servers that host LifeBridge Health's patient registration and billing systems.Legal Aid Society of Orange County
September 25, 2016 | Breach
Abstract
LASOC developed the I-CAN! web application, which was previously used by individuals, as part of the IRS’s Free File Program, to prepare and file tax forms at no cost to the filer. On October 31, 2016, LASOC became aware that certain completed tax forms from the 2007 and 2008 tax years had become temporarily accessible to the general public through a directed search on certain internet search engines. However, LASOC is unaware of any attempted or actual misuse of personal data contained within the tax forms that were temporarily accessible on the internet as a result of this incident.Loews Hotels & Co.
August 29, 2016 | Third Party
Abstract
The Sabre SynXis Central Reservations system (CRS) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following an investigation, Sabre notified us on June 6, 2017 that an unauthorized party gained access to account credentials that permitted access to payment card data and certain reservation information for some Loews Hotels' hotel reservations processed through Sabre's CRS.La Quinta Center for Cosmetic Dentistry
August 26, 2016 | Third Party
Abstract
The FBI contacted us on June 15, 2017 to inform us of a security breach by a criminal cyber group. Upon learning this, we immediately contacted our IT specialists to review and locate the source of entry. Our IT specialist determined that this unauthorized breach happened around August 26, 2016. This time frame coincides around the time when one of our vendors had authorized access to our computer. On an as-needed-basis, we obtain technical support for our software and equipment. Technical support teams gain access remotely to our computers to resolve software, x-ray and CT scan related technical issues.Lulu’s Fashion Lounge
August 11, 2016 | System Compromise
Abstract
On August 23, 2016, we discovered that our payment card processing system may have been accessed without our authorization. We immediately launched a full investigation, including working with a third-party digital forensic investigator. We determined that the unauthorized access occurred intermittently between August 11 and August 16, 2016, and only affected customers entering a payment card new to our system. Our records indicate you made a purchase with us using a new card during this time. While not all cards used during this time period were necessarily affected, out of an abundance of caution, we are notifying you of this incident.LÍLLÉbaby
June 01, 2016 | Website Compromise
Abstract
In June of 2018, we learned of a potential data security incident involving the unauthorized installation of malware by a third party on our e-commerce web platform. As soon as we discovered the incident, we took immediate steps to secure payment card information belonging to our customers. We also launched an investigation and retained a leading forensics firm to determine what happened and whether customer payment card information had been accessed or acquired without authorization.LinkedIn Corporation
May 17, 2016 | Breach
Abstract
On May 17, 2016, we became aware that data stolen from LinkedIn in 2012 was being made available online. This was not a new security breach or hack. We took immediate steps to invalidate the passwords of all LinkedIn accounts that we believed might be at risk. These were accounts created prior to the 2012 breach that had not reset their passwords since that breach.Luque Chiropractic, Inc.
May 01, 2016 | Misconfiguration
Abstract
On September 18, 2016, Luque was notified by its billing software company that its Amazon “S3” storage account was vulnerable because it was accessible to persons outside their organization, and that a security researcher accessed and downloaded information from the storage account.Lynn N. Talbott, Jr., CPA, CVA
April 19, 2016 | Malware
Abstract
On April 19, 2016, I detected suspicious activity on a work computer. I immediately took the computer off-line and contacted our IT consultant. The consultant has confirmed unusual activity and changed potentially impacted passwords. Further, on April 21, 2016, after a thorough analysis of the computer, the consultant removed malware found on the impacted computer’s hard drive, and confirmed all firewalls and security protections were properly functioning.Lafler Moore Connerty & Webb, LLC
March 11, 2016 | Network Compromise
Abstract
On March 11, 2016, an employee was on a work computer when unusual cursor behavior was observed. The computer was immediately taken off-line and our IT consultant was contacted. The consultant confirmed suspicious activity and changed potentially impacted passwords. That same day, a forensic data analysis company was also hired to investigate and determine what, if any, information was breached. On April 8, 2016, we learned with a “high level of confidence” that information on our network was breached by an unauthorized individual starting on or about January 27, 2016, and who was potentially impacted.Laz Karp Associates, LLC
February 17, 2016 | Phishing
Abstract
On February 17, 2016, an unknown individual, impersonating a LAZ Parking executive, contacted a LAZ Parking employee by email and requested tax documentation pertaining to individuals employed by LAZ Parking during the 2015 calendar year. The LAZ Parking employee complied, believing the communication to be authentic, and sent a reply correspondence that included PDF copies of certain employees’ 2015 Form W-2s. When these communications were brought to the attention of senior management after the reply correspondence had already been sent, it was determined that the request was fraudulent.Laborers Funds Administrative Office of Northern California, Inc.
February 17, 2016 | Programming Error
Abstract
The Laborers Health and Welfare Fund for Northern California (“Fund”) takes seriously its obligation to maintain the confidentiality of your personal information. The purpose of this notice is to inform you of a recent security incident involving personal information associated with your health plan.Lamps Plus and Pacific Coast Lighting
February 11, 2016 | Phishing
Abstract
On February 11, 2016, an unknown criminal sent an email to an individual at Lamps Plus which was intended to look as though it came from another Lamps Plus employee. The response to that email was actually redirected to the unknown criminal and resulted in the criminal obtaining copies of your W-2 income and tax withholding statement, along with those of every other employee who worked for us during 2015. At that time, we were not aware that the data in question had been sent to an unauthorized recipient.LuckyPet, Inc.
October 15, 2015 | Third Party
Abstract
On approximately October 12, 2015, an unknown and unauthorized party exploited a vulnerability in the third-party shopping cart software used on our Web site and inserted malicious software that intercepted information provided by customers while making a purchase.Longwood Management Corporation
February 11, 2015 | Computer Stolen
Abstract
On February 11, 2015, a Longwood employee's vehicle was burglarized. During the burglary, a password-protected laptop we issued to this employee was stolen. The employee immediately reported the burglary to local law enforcement and to longwood. Longwood immediately launched an investigation into the incident, including both the security of the laptop and the type of information that may have been stored on or accessible by the laptop, at the time of the theft. we retained independent, third-party forensic investigators to assist in our investigation into this incident. Their investigation, and the investigation of law enforcement, is ongoing. On april 28, 2015, we learned that encryption software was deployed on the laptop at the time of the theft but that the encryption may not have been sufficient to prevent access by someone with the knowledge or skills to exploit vulnerabilites. Through our ongoing investigation, we identified a file containing your name, social security number, position, and facility location was stored locally on the laptop at the time of the theft.Liberty Tax Service
February 01, 2015 | Files Lost
Abstract
We are contacting you to inform you that on February 1, 2015, a burglary occurred at our Liberty Tax Service office at 27214 Baseline Street, Highland CA, during which some files and electronic records were taken.Law Offices of David A. Krausz, P.C.
January 05, 2015 | Laptop Stolen
Abstract
On January 6, 2015, Law Offices of David A. Krausz, P.C. experienced the theft of a laptop computer that contained identifying client information including names, social security numbers and dates of birth. As a result of this incident, information identifiable with you was potentially exposed to others. The theft was reported to the San Francisco Police Department and a report was filed.La Jolla Group
November 30, 2014 | Website Compromise
Abstract
On December 3, 2014, we learned of potential unauthorized access to the checkout page of the client-def1 website, client-def2. when we learned of this issue, we immediately launched an investigation and took steps to prevent any further potential for unauthorized access. We retained independent computer forensic experts to assist in our investigation and confirmation of what information may have been accessed without authorization. Although our investigation is ongoing, we confirmed on December 29, 2014 that the security of certain information relating to you was compromised as a result of this incident. This information includes your name, address, phone number, email address, credit card number, CVV2 data and credit card expitation date -- all provided when you placed, or prepared to place, an online order at client-def 2 between November 30, 2014 nd December 3, 2014. This incident did not compromise the security of your Social Security number, which we never request you provide to us as part of the purchasing process.Lime Crime, Inc.
October 04, 2014 | Malware
Abstract
On February 11, 2015, after an extensive forensic investigation, we learned that on October 4, 2014 unauthorized individuals installed malicious software on the computer server hosting the Website. We believe the malware could have compromised the personal information of customers that made credit or debit card purchases through the Website between October 4, 2014 and February 15, 2015, including name, address, website username and password, payment card account number, card expiration date, and payment card security code. According to our records, you made a payment card purchase at the Website during that timeframe and your information may be at risk.Lokai Holdings LLC
June 27, 2014 | Website Compromise
Abstract
After we were informed of reports of fraudulent charges appearing on payment cards that were legitimately used on our website, we engaged a leading computer security firm to conduct an investigation. On October 28, 2014 the investigation found that an unauthorized person gained access to the server that hosts our website and installed a program that was designed to record information entered by customers. Based on our investigation, we believe information entered on our website from July 18, 2014 to October 28, 2014 could have been affectedLandry’s, Inc., Golden Nugget Atlantic City, LLC, Golden Nugget Lake Charles, LLC, GNL Corp., GNLV Corp., and Riverboat Corporation of Mississippi
May 04, 2014 | Malware
Abstract
The investigation began immediately after we received a report in early December of suspicious activity regarding cards that had been legitimately used in some of our locations. We hired aleading cyber security firm to examine our payment card systems, implemented advanced payment processing solutions,and have been working with the payment card networks and law enforcement. Findings from the investigation show that criminal attackers were able to install a program on payment card processing devices at certain of our restaurants, food and beverage outlets, spas,entertainment destinations,and managed propertiesL.A. Care Health Plan
January 22, 2014 | Programming Error
Abstract
We are sending you this letter to inform you of an information processing error that may have involved accidental disclosure of your information. On January 24, 2014, we became aware that some L.A. Care Covered members who logged onto our payment portal were able to see another member’s name, address and member identification number.September 17, 2012 | User Error
Abstract
L.A. Care is serious about member privacy. We are sending you this letter to make sure that you are aware of an accidental mailing error involving member identification (ID) cards. On September 18, 2012, L.A. Care learned that some member ID cards were sent to the wrong members. The ID cards were mailed starting September 17, 2012.Lincoln Credit Center
October 20, 2013 | Breach
Abstract
At Lincoln Credit Center we take your account security very seriously. We have learned that some personal information related to your account may have been compromised at a physical location.Los Angeles Gay and Lesbian Community Services Center
September 17, 2013 | System Compromise
Abstract
The L.A. Gay & Lesbian Center recently learned that the security of certain of our information systems was compromised by a criminal cyber attack apparently designed to collect social security numbers, credit card numbers and other financial information. Between November 22, 2013 and December 3, 2013 our forensic investigators confirmed that this attack potentially exposed certain of your information to unauthorized access and acquisition.Legal Aid Society of San Mateo County
August 12, 2013 | Laptop Stolen
Abstract
On the night of August 12, 2013, our office was burglarized and ten of our laptops were stolen. The stolen laptops were used by our attorneys to assist individuals in getting services. We believe that your personal information may have been stored on the stolen laptops. The personal information believed to be stored on the stolen laptops includes your name, Social Security number, date of birth, medical and health information.Lowe’s Companies, Inc.
July 01, 2013 | Third Party
Abstract
We are writing to inform you that certain personal information that Lowe’s maintains about you may have been subject to unauthorized access. Lowe’s contracts with a third-party vendor to provide a computer system (E-DriverFile) that stores compliance documentation and information relatedto current and former drivers of Lowe’s vehicles as well as information about certain current and former employees who access and administer the system.LivingSocial, Inc.
April 05, 2013 | Server Compromise
Abstract
LivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue.LaCie USA
March 27, 2013 | Website Compromise
Abstract
On March 19, 2014, the FBI informed LaCie USA, that it found indications that an unauthorized person used malware to gain access to information from customer transactions that were made through LaCie's website.Library Systems & Services, LLC
October 31, 2012 | Laptop Stolen
Abstract
On November 05, 2013, we learned of the presumed theft of a company laptop computer. We now believe that the theft took place around October 31, 2012.Local 2/Hospitality Industry Child & Elder Care Plan
August 13, 2012 | Device Lost
Abstract
On August 13, 2012, following an investigation of a missing portable device (USB drive) containing Child and Elder Care Plan participant files, we determined that the USB drive has been inadvertently lost.LPL Financial
February 06, 2012 | Computer Stolen
Abstract
On February 6, we were notified that Mr. Patrick's desktop computer was stolen from his office.Lasko Group, Inc.
December 27, 2011 | Phishing
Abstract
On July 2, 2014, Lasko Group, Inc. became aware of the fact that certain customers who made recent on-line parts purchases from Lasko Products, Inc ("Lasko") and Air King America, Inc. ("Air King") were the targets of fraudulent "phishing" emails from an unknown third party purporting to relate to these orders.Law Office of Robert T. Bledsoe
Abstract
On September 22, 2020, we became aware that a firm Network server was used to send unauthorized emails, and we swiftly engaged computer experts to help determine what occurred. The investigation found that the account had been accessed by unauthorized individuals. In response, we reset the passwords to affected email accounts Turned off the known effected Server and implemented additional security controls to prevent further unauthorized access. We are not aware of any unauthorized access to the firm's Data or underlying systems, and we are providing this notice to you as a precautionary measure.Larkmead Vineyards Vinter and Grower
Abstract
We greatly value you and your business and respect the privacy of your information, which is why we are writing to inform you that our consumer direct sales systems provider Missing Link Networks, Inc. (“Missing Link”) notified us on May 27, 2015 of a security incident involving credit and debit card data on its systems. After several subsequent meetings held directly with Missing Link, we have been advised that during the period of April 1, 2015 to April 30, 2015, as a result of the security incident, a third party might have gained access to certain personal information, including customer names, card numbers, related payment addresses, passwords, and dates of birth. To date, we have not received any customer notifications regarding fraudulent activity.M
Monterey Bay Air Resources District
November 23, 2020 | Ransomware
Abstract
The District's systems were compromised by ransomeware on November 23, 2020. Unauthorized individuals encrypted a significant portion of the District's files and rendered them unusable. This incident also affected the District's email servers.Monterey Bay Air Resources District
November 23, 2020 | Ransomware
Abstract
The District's systems were compromised by ransomware on November 23, 2020. Unauthorized undividuals encrypted a significant portion of the District's files and rendered them unusable. This incident also affected the District's email servers.Minerals Technologies Inc.
October 20, 2020 | Unauthorized Access
Abstract
On or about October 20, 2020, Minerals Technologies Inc. (“MTI”) experienced a security breach, which resulted in the compromise of certain servers maintained by MTI. In response, among other things, MTI immediately retained an IT firm to conduct a thorough forensic investigation into the circumstances surrounding the incident. On October 22, 2020, based upon its preliminary investigation, MTI learned that this incident may have resulted in unauthorized access to the PII of certain MTI employees and their dependents. While we have no indication that any personal information has been misused, we are providing this notification to you out of an abundance of caution, so that you may diligently monitor your accounts and those of your dependents.Mount Diablo Unified School District
September 14, 2020 | Third Party
Abstract
On Monday, September 14, 2020, the District was informed that when certain parents were using the SchoolMessenger mobile application, they were able to view a list of roughly thirty (30) unique names, emails, and phone numbers not associated with their family. After initial verification of the incident, our district immediately contacted Intrado, which is the parent company for SchoolMessenger, to shut down all parent access to the SchoolMessenger application. In addition, together with Intrado, the District is working to investigate the specifics about what took place and how it can be prevented in the future.Metropolitan Life Insurance Company
July 24, 2020 | User Error
Abstract
We are writing to you about an incident concerning your personal information. On July 24, 2020, MetLife inadvertently sent an email with a report to a benefits department at a company you do not and have not worked for. This report contained some of your information. The recipient forwarded the report to one of their benefits consultants who then immediately notified MetLife of the issue on July 27, 2020.October 18, 2018 | User Error
Abstract
On October 18, 2018 MetLife inadvertently sent an email containing some of your personal information in an attachment to a Benefits Administrator for another MetLife group customer. The Benefits Administrator, who regularly works with MetLife, deleted the email, including your personal information. The Benefits Administrator routinely handles sensitive information and we do not believe your information is at risk.MEDNAX Services, Inc.
July 02, 2020 | Phishing
Abstract
On [b2b_text_2 (Date of Discovery)], 2020, MEDNAX discovered that an unauthorized third party gained access to a Microsoft Office 365-hosted MEDNAX business email account through phishing. “Phishing” occurs when an email is sent that looks like it is from a trustworthy source, but it is not. The phishing email prompts the recipient to share or give access to certain information. Upon discovery of this event, MEDNAX immediately took action to prevent any further unauthorized activity, began an investigation, and engaged a national forensic firm.June 17, 2020 | Phishing
Abstract
On June 19, 2020, MEDNAX discovered that an unauthorized third party gained access to certain Microsoft Office 365-hosted MEDNAX business email accounts through phishing. “Phishing” occurs when an email is sent that looks like it is from a trustworthy source, but it is not. The phishing email prompts the recipient to share or give access to certain information. Upon discovery of this event, MEDNAX immediately took action to prevent any further unauthorized activity, began an investigation, and engaged a national forensic firm.Museum of Contemporary Art Santa Barbara
May 31, 2020 | Ransomware
Abstract
The Cybercrime industry represents an over trillion-dollar industry that is ever-changing and growing all the time—a threat to all companies around the world. At Blackbaud, our Cyber Security team successfully defends against millions of attacks each month and is constantly studying the landscape to ensure we are able to stay ahead of this sophisticated criminal industry. In May of 2020, we discovered and stopped a ransomware attack. In a ransomware attack, cybercriminals attempt to disrupt the business by locking companies out of their own data and servers. After discovering the attempted attack, our Cyber Security team—together with independent forensics experts and law enforcement—successfully prevented the cybercriminal from blocking our system access and fully encrypting files; and ultimately expelled them from our system.Medical Depot, Inc., d/b/a Drive DeVilbiss Healthcare
May 25, 2020 | Unauthorized Access
Abstract
On or about June 4, 2020, we learned that an unauthorized third party had gained remote access to Drive Medical•s network in an effort to disrupt our operations. We quickly began to investigate, with the support of outside cybersecurity experts. We do not yet know when the unauthorized third party first gained remote access to our network. Although the investigation is ongoing, we learned recently that the unauthorized third party gained access to, acquired, and briefly possessed an electronic file system containing some of our internal company information, including information pertaining to our current and former employees, as well as their designated beneficiaries for company provided benefits such as life insurance.Minted, LLC
May 06, 2020 | Database Compromise
Abstract
We recently became aware of a report that mentioned Minted as one of ten companies impacted by a potential cybersecurity incident. We promptly undertook an investigation, with the assistance of outside forensic experts. The investigation determined that, on May 6, 2020, unauthorized actors obtained information from our user account database. Since determining this on May 15, we have been continuing to investigate as expeditiously as possible to assess what information was impacted and to identify and notify affected users.MaxLinear, Inc.
April 15, 2020 | System Compromise
Abstract
On May 24, 2020, we discovered a security incident affecting some of our systems. We immediately took all systems offline, retained third-party cybersecurity experts to aid in our investigation, contacted law enforcement, and worked to safely restore systems in a manner that protected the security of information on our systems.Mono County
April 9, 2020 | Unauthorized Access
Abstract
The incident leading to the potential breach of your protected health information involved unauthorized access into our database by at least one member of the public. The County became aware of this breach on July 28, 2020 and as required by law, is notifying potentially affected individuals in as timely a manner as possible, while protecting the integrity of the ongoing forensic investigation. While it remains unclear whether your personal health information was, in fact, accessed, it is the County’s duty to notify you of the possibility.Magellan Health, Inc.
April 06, 2020 | Ransomware
Abstract
On April 11, 2020, Magellan discovered it was targeted by a ransomware attack. The unauthorized actor gained access to Magellan’s systems after sending a phishing email on April 6 that impersonated a Magellan client. Once the incident was discovered, Magellan immediately retained a leading cybersecurity forensics firm, Mandiant, to help conduct a thorough investigation of the incident. The investigation revealed that this incident may have affected your personal information. At this point, we are not aware of any fraud or misuse of any of your personal information as a result of this incident, but we are notifying you out of an abundance of caution.McKinney & Company
April 01, 2020 | Third Party
Abstract
We recently received notice from our tax software company that some of our clients’ 2019 federal tax returns had been fraudulently filed. If you are one of those clients, we have already contacted you (or the primary filer) directly by phone.March 30, 2020
March 30, 2020 | Website Compromise
Abstract
Like many online retailers, we recently determined the eCommerce platform underlying our online retail sales webpage, cbdmd.com, was modified to include malicious code. The malicious code created a risk that customer-input elements on the webpage may have been skimmed by an unauthorized third party. We notified federal law enforcement and have been cooperating with their investigation.Metropolitan Community College of Kansas City
March 10, 2020 | Ransomware
Abstract
On June 19, 2020, MCCKC determined that your information may have been available to an unauthorized party due to a ransomware attack that resulted in certain data being encrypted. Following the incident, MCCKC immediately engaged a third party to conduct a forensic investigation with the objective of identifying the potential scope of access the threat actor may have had to the environment during the period of unauthorized access, which included arriving at a determination as to whether sensitive personal data was accessed by an unauthorized third party. The forensic investigation was recently completed and determined that an unauthorized individual may have had access to the MCCKC environment. The forensic investigation did not conclude or preclude that data was extracted from MCCKC’s systems however, it is possible that certain personal data, including names, Social Security numbers, drivers’ license information and medical information of former, prospective, and current students could have been accessed by an unauthorized party. The investigation further acknowledged that the names, Social Security numbers and bank account information of employees could have been accessible as well, however, there is no evidence that any personal information was extracted from MCC’s systems or subject to actual or attempted misuse. Although the investigation did not find any specific access to any individual’s information and MCCKC has no indication that data has been extracted from MCCKC’s systems or misused, we have chosen to notify all potentially impacted parties of this incident out of an abundance of caution and in full transparency.Merchant One, Inc.
February 24, 2020 | Third Party
Abstract
On or about February 24, 2020, Merchant One became aware of suspicious activity related to a third party IT provider. Upon discovery, we immediately launched an investigation, which included working with third-party forensic specialists to determine the full nature and scope of this incident. The investigation determined that an unknown individual may have accessed specific files in Merchant One’s system. Therefore, we began a comprehensive review of the files identified as potentially impacted to determine what information was contained therein and to whom it relates. Upon confirmation that personal information was present in the potentially accessed files, we began reviewing our files to determine address information for those individuals. We worked with a vendor to assist with determining address information for impacted individuals and on October 26, 2020, we received updated information to provide notice to those impacted individuals. Although we are unaware of any actual or attempted misuse of your personal information, we are providing you this notification out of an abundance of caution because your information was present in the potentially impacted files.Marshall Medical Center
February 18, 2020 | Database Compromise
Abstract
Through these investigations, PaperlessPay confirmed that an unknown person (the “Hacker”) on February 18, 2020 accessed PaperlessPay’s database where MMC employees’ data was stored. The available evidence has not, however, allowed DHS, the FBI, or Ankura to determine what data the Hacker may have accessed or viewed while connected to the database. It is possible the Hacker only used access to determine the size of the database and to stage it for subsequent access that could be sold to others, and that the Hacker did not directly access any employee data. The security system also has an alert system that is configured to detect data file transfers that exceed 1GB in size, and no alert was triggered during this security incident event. However, the Hacker would have had the capability to run queries against the database and view its data, so we cannot rule out the possibility of unauthorized access or acquisition.Mechanics Bank, dba CRB Auto
February 14, 2020 | Misconfiguration
Abstract
In February 2020, Mechanics Bank donated aging computers to a non-profit organization. As is standard, prior to donation, Mechanics Bank personnel removed the hard drives from the machines being donated. On the same day that the computers were donated, an information security official from the entity that received the donated computers contacted Mechanics Bank and notified it that a single hard drive had been missed and not removed. The hard drive was immediately secured and returned to Mechanics Bank.Made In Oregon
February 3, 2020 | Unauthorized Access
Abstract
Between the first week of February 2020 and the last week of August 2020, an unauthorized party may have gained access to your personal information submitted with your order entered through our website.Methodist Hospital of Southern California
February 1, 2020 | Ransomware
Abstract
On September 9, 2020, we were notified by the Foundation that Blackbaud discovered and stopped a ransomware attack that included the Foundation’s donor database, as well as those of many other nonprofit organizations. The ransomware attack occurred between February and May 2020, but Blackbaud and the Foundation took time to determine which organizations were impacted before we were notified of the attack.McKissock Investment Holdings, LLC
November 16, 2019 | Server Compromise
Abstract
McKissock became aware of unusual activity relating to certain McKissock systems and immediately began an investigation with the assistance of third-party forensic investigators. The investigation determined that a certain legacy virtual server was accessed without authorization between November 16, 2019 and March 4, 2020. While the investigation did not determine that personal information had been viewed by an unauthorized actor, McKissock could not rule out the possibility of such activity. Therefore, McKissock immediately began a thorough review of the contents of the server to determine whether sensitive information was present at the time of the incident.Mt. Diablo Unified School District
November 04, 2019 | Vulnerability
Abstract
MDUSD uses the Aeries Student information system to provide students and their parents access to information on school events, schedules, etc. Aeries learned in late November of 2019 that an unauthorized individual exploited a vulnerability in the Aeries software that would allow access to private student and parent information. Once discovered, Aeires notified law enforcement and together launched an investigation. As of today, the indiviual resposible ofr this breach is in custody.August 08, 2018 | User Error
Abstract
On Wednesday, August 8, 2018, Walnut Acres Elementary School intended to send out emails to 650 families. About 200 had been delivered when we realized that the emails included personal information about students other than those of the respective individual families.April 27, 2017 | Vulnerability
Abstract
On April 27, 2017, when parents tried to access their student’s data through the HomeLink Portal, they were able to view information, as described below, of a student other than their own. The period of time parents and students had inadvertent exposure to another student’s information was one hour—between 8:00 p.m. and 9:00 p.m. and the data of approximately 600 families was exposed. The District has no reason to believe that any personally identifiable student information was accessed by an unauthorized person; however, it was possible during this brief window. Once the District learned of the problem, we immediately took HomeLink offline and began working with our Student Information System provider (“Eagle Soft”) and with Microsoft. Eagle Soft and Microsoft have identified the malfunction as a caching problem that has now been repaired. Please note that the District is operating HomeLink as intended by Eagle Soft and Microsoft. The error occurred due to a software malfunction that was outside of the District’s control.Marks & Associates
November 01, 2019 | Phishing
Abstract
We were unfortunately the victims of a social engineering scam that allowed an unauthorized party or parties to access one of our employee’s email accounts and other portions of our network in November 2018. Although our IT support responded immediately by shutting down access to the account, replacing our entire server and implementing additional security measures, a recent forensic investigation found that our system was likely compromised. No evidence was found that files from our system were extracted in the incident. Due to the high percentage of e-file rejections in the tax season, we have engaged a third party and outside IT and information security consultant to further investigate, evaluate and respond to the situation. Although data breaches have been commonplace even in the most secure environments, we regret that this incident has occurred.Moss Adams LLP
October 08, 2019 | Email Compromise
Abstract
On October 10, 2019, we detected unusual activity associated with a single Moss Adams employee’s email account. We immediately took steps to secure the account and launched an investigation. Our investigation subsequently determined that the impacted Moss Adams email account was accessed by an unauthorized third party and this account contained some of your personal information, although we do not know if your personal information in the email account was actually accessed by the third party. Please note that this unauthorized access was limited to information transmitted via email and did not affect any other information systems.macys.com
October 07, 2019 | Website Compromise
Abstract
On October 15, 2019, we were alerted to a suspicious connection between macys.com and another website. Our security teams immediately began an investigation. Based on our investigation, we believe that on October 7, 2019 an unauthorized third party added unauthorized computer code to two (2) pages on macys.com. The unauthorized code was highly specific and only allowed the third party to capture information submitted by customers on the following two (2) macys.com pages: (1) the checkout page - if credit card data was entered and “place order” button was hit; and (2) the wallet page - accessed through My Account. Our teams successfully removed the unauthorized code on October 15, 2019.Metabolic Maintenance Products, Inc.
October 01, 2019 | Website Compromise
Abstract
On September 29, 2020, we were notified that an unknown third party may have gained unauthorized access to certain names and payment card numbers used on our website.Myron Corp. d/b/a Pen Factory (“Pen Factory”)
September 01, 2019 | Website Compromise
Abstract
Pen Factory values and respects your privacy and is committed to keeping your information confidential. Our commitment to these values includes notifying individuals if we believe the confidentiality of their personal information may have been compromised. Accordingly, we are writing to advise you of a recent incident that may have involved some of your personal information.MetaBrainz
April 26, 2019 | Programming Error
Abstract
The email address and date of birth (when present) of the user who wrote the latest annotation for any given MusicBrainz entity were available between 2019-04-26 and 2020-11-22 on a JSON block in the source of the entity page (e.g. [1]) We have investigated our database to determine which users were affected. You were one of those, and your email address and date of birth, if you entered it, were temporarily available on our web page. The data was never displayed on the page in a human visible way -- it was embedded in the web page source as JSON. The page source can be viewed with “view source” on your web browser.MetaBrainz Foundation Inc.
April 26, 2019 | Programming Error
Abstract
The email address and date of birth (when present) of the user who wrote the latest annotation for any given MusicBrainz entity were available between 2019-04-26 and 2020-11-22 on a JSON block in the source of the entity page (e.g. [1]) We have investigated our database to determine which users were affected. You were one of those, and your email address and date of birth, if you entered it, were temporarily available on our web page. The data was never displayed on the page in a human visible way -- it was embedded in the web page source as JSON. The page source can be viewed with “view source” on your web browser.McAlister’s Corporation, Moe’s Stores LLC, Schlotzsky’s Stores LLC, as well as entities that are franchisees
April 11, 2019 | Malware
Abstract
A thorough investigation is being conducted and is nearly complete. It appears that unauthorized code designed to copy payment card data from cards used in person was installed in certain corporate and franchised restaurants at different times over the general period of April 29, 2019 to July 22, 2019. The unauthorized code was not present at all locations, and at most locations it was present for only a few weeks in July. A list of the Moe’s Southwest Grill locations involved and the respective time frames, which vary by location, is available here.Mediant Communications Inc.
April 01, 2019 | Email Compromise
Abstract
Mediant Communications Inc., 3 Columbus Cir. #2110, New York, NY 10019, provides many mutual funds and public companies, including real estate investment trusts, with mailing and document processing services as well as services in connection with their annual and special shareholder meetings, including the distribution of proxy materials, coordination of votes, and tabulation of voting results. Mutual funds and public companies hire proxy agents such as Mediant in connection with their shareholder meetings as a matter of standard practice. Mediant received your information while providing its services to entities related to your ownership of certain securities including: [securities list].Miller Kaplan Arase LLP
March 22, 2019 | Email Compromise
Abstract
On March 22, 2019, MKA learned that an unauthorized individual had gained access to an employee’s email account for a limited period of time. Upon discovering this information, MKA immediately took steps to secure all MKA email accounts and began an investigationMikhail Education Corporation
March 20, 2019 | Email Compromise
Abstract
TBDBMicro-Mom Scooters LLC d/b/a Micro Kickboard
March 14, 2019 | Website Compromise
Abstract
? On or about April 2, 2019, Micro Kickboard discovered suspicious activity related to its online e-commerce website, www.microkickboard.com. Micro Kickboard immediately began working with third-party forensic investigators to determine what happened and what information may have been affected. Micro Kickboard also took steps to implement additional procedures to further protect the security of customer debit and credit card information on our website. You can safely and securely use your payment card on our website.Martin, Hutchison and Hohman, CPAs
February 15, 2019 | Email Compromise
Abstract
On Friday, February 15, 2019, while trying to resolve an email failure with our email host, Suddenlink, I was directed to a website that gave a phone number to call for immediate assistance. When I called this number, the technician stated he could certainly help. He requested access to my computer to understand the issue with the email. After I installed the software necessary to give him remote access to my computer, he pulled up some IP addresses on my computer screen and stated that this was the reason for the email failure. He then insisted that in order to fix the problem and prevent viruses from attacking, I would need to allow him to install a program on our office’s network server. I told him no and that our local computer technician would be contacted to deal with this. At that point, he stated that only a Microsoft Tech such as himself would be able to do this. This was a red flag as I thought I was dealing with a Suddenlink technician. At that point, I quickly disconnected my computer from the internet and from our office network. I then uninstalled the remote access software I had just allowed him to install, and turned the computer off. This entire interaction lasted less than eight minutes.Michael Koch, dba Lockhart, Britton & Koch
November 25, 2018 | Device Lost
Abstract
My car, parked in the driveway of my residence was broken into. My briefcase that was locked int the trunk was stolen. The briefcase contained an external backup disk drive. I normally run a data back-up disk and keep it off site in the event an office computer crashes or the building experiences fire or other damage.MUFG Union Bank, N.A.
November 09, 2018 | Account Compromise
Abstract
MUFG Union Bank, N.A. (“MUB”) recently determined that an unauthorized third party may have used your login credentials to gain access to your Union Bank Online and/or Mobile Banking account in November 2018. There is no indication that the compromised credentials were obtained through our systems, and we believe the credentials likely were obtained from third-party sources. Based on our investigation to date, we understand the unauthorized third party may have used this information to conduct unauthorized transactions on certain customer accounts. We have contacted those accountholders and are working with them to resolve the issueMJ Insurance, Inc
September 26, 2018 | Email Compromise
Abstract
MJ is an independent insurance agency with offices in Indiana and Arizona. On September 26, 2018, we discovered that an unknown individual gained access to one of our employee’s e-mail accounts. It appears that our employee may have been the victim of an email phishing campaign. The employee’s account contained stored e-mails that may have included some of your personally identifiable information (“PII”) including your name, date of birth, driver’s license number and/or Social Security number. We note that no financial account information was involved in this incident. Although we are not aware that any of your personal information was taken, we are notifying you on the basis that some of your information was contained in the employee’s email account. If you have not worked with MJ directly, we may have obtained limited information about you through one of the employers to whom we provide employee benefits consulting and support services.Marriott International, Inc.
September 10, 2018 | Database Compromise
Abstract
On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database. Marriott quickly engaged leading security experts to help determine what occurred. Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014. Marriott recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it. On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.Mark’s International Wines
July 22, 2018 | Malware
Abstract
On Sunday, August 26, 2018, The Wine House was alerted to the possibility that malicious code, aka malware, was present on our website, www.winehouse.com. Over the next two days, we worked diligently with our website developers to ascertain if this was the case, and unfortunately, they confirmed that it was. We believe that a Wine House Employee Account was compromised by a 3rd party and allowed malware to be added to the website unnoticed on or around July 22, 2018. Employee accounts have been secured and we believe there is no longer a threat.MSK Group, P.C.
May 07, 2018 | Network Compromise
Abstract
On May 7, 2018, we discovered that our computer networks were subject to a security event. We hired expert consultants to investigate, mitigate, and assess the extent of this event and to help further strengthen our information security.MASON LAW OFFICE, P.C.
May 05, 2018 | Website Compromise
Abstract
On or about May 5, 2018, we discovered evidence of unauthorized access to mycase.com by an unknown individual or group of individuals. It is unclear how this access was made since we have implemented all security measures offered by mycase.com. Client data was potentially accessed, client case information was deleted, and other administrative changes were made to the system. The extent of the information accessed will be thoroughly investigated by Mason Law Office, P.C. and mycase.com. You will be contacted if we discover any information specific to your case.Macy’s, Inc
April 26, 2018 | Website Compromise
Abstract
On June 11, 2018, our cyberthreat alert tools detected suspicious login activities related to certain macys.com customer online profiles using valid usernames and passwords. We immediately began an investigation. Based on our investigation, we believe that an unauthorized third party, from approximately April 26, 2018 through June 12, 2018, used valid customer user names and passwords to login to customer online profiles. We believe the third party obtained these customer usernames and passwords from a source other than Macy’s.MedEvolve
March 29, 2018 | Breach
Abstract
On or about May 11, 2018, MedEvolve discovered that an FTP containing a file with information related to certain Premier patients was inadvertently accessible to the internet. Upon discovery, MedEvolve launched an investigation, with the help of third-party forensic investigators, to determine the contents of the file, how long the file was internet accessible, and whether the file was subject to unauthorized access. This investigation is ongoing. However, the investigation determined that the file was internet accessible from March 29, 2018 to May 4, 2018. The investigation also determined that the file was subject to unauthorized access on March 29, 2018. Additionally, we learned that a screenshot of the internet accessible file was taken and posted online in an article regarding this incident. The screenshot posted online contained the first names, city, state and ZIP Code of fifteen (15) patients, but did not include patients’ last names or street addresses.Mise En Place Restaurant Services, Inc.
March 06, 2018 | Ransomware
Abstract
On March 15, 2018, we discovered that a part of our network was potentially subject to a ransomware attack. We immediately contacted our IT consultant, who began an investigation into the matter. Additionally, we hired a specialized, third-party, forensic IT firm to investigate and changed all network passwords. The specialized forensic IT firm has concluded its investigation and determined that there was unauthorized access to our server between March 6, 2018 and March 15, 2018.Milligan Chiropractic Group, Inc. d/b/a Del Mar Chiropractic Sports Group
January 31, 2018 | Laptop Stolen
Abstract
On January 31, 2018, we discovered that an employee’s laptop computer was stolen. We immediately took action and conducted an investigation to determine what information may have been stored on the laptop. Although the laptop was password protected and we are not aware of the misuse of your or anyone’s information, we could not rule out the possibility that your personal information, including your name, date of birth, clinic notes, and progress notes may be at risk. No Social Security numbers, financial transaction or payment information were involved in this incident.Mendes & Haney, LLP
January 23, 2018 | Computer Compromise
Abstract
After experiencing an unexpected rejected tax return on February 28, 2018, we immediately began an investigation into the matter and hired a specialized forensic IT firm to assist in our investigation. On March 21, 2018, the third-party forensic IT firm concluded their investigation and determined that there was unauthorized access to our network from a foreign IP address between January 23, 2018 and February 26, 2018 through Remote Desktop Protocol.Mindlance, Inc.
December 28, 2017 | Breach
Abstract
Certain Mindlance confidential and proprietary information was stolen on or about December 28, 2017. On December 29, 2017, the stolen information was e-mailed to several current corporate Mindlance employees.Muir Medical Group, IPA. Inc.
December 07, 2017 | Insider Threat
Abstract
On March 7, 2018, we discovered that a former employee of Muir IPA took with her certain information in the possession of Muir IPA before her employment ended with Muir IPA in December 2017. Muir IPA had this information because of the services it provided to your doctor.MetLife
November 09, 2017 | User Error
Abstract
On November 9, 2017, a group life enrollment report was sent by a MetLife associate to two associates that are affiliated with a group life customer with which you are not employed.MyHeritage Ltd.
October 26, 2017 | Email Compromise
Abstract
On June 4, 2018, at 1 pm EST, we became aware of a data breach involving the email addresses and hashed passwords (these are not actual passwords) of 92.3 million MyHeritage users.Movement Mortgage LLC
October 09, 2017 | Email Compromise
Abstract
Earlier this year Movement discovered several of our employee email accounts were sending phishing emails. Movement quickly launched an investigation, with the assistance of a third party forensic investigator, to understand the nature and scope of the event, and whether any sensitive data was at risk. The forensic investigator confirmed that numerous employee email accounts were subject to unauthorized access between October 9, 2017 and March 29, 2018. We then reviewed the affected email accounts to determine whether they contained any personal information. On August 1, 2018, Movement Mortgage determined that the affected email accounts contained personal information of certain loan applicants, including you.Mcdavid, Inc.
September 05, 2017 | Website Compromise
Abstract
McDavid, Inc. (“McDavid”) values and respects your privacy, which is why we are writing to advise you about a recent incident that may affect your personal information, steps that McDavid has undertaken since discovering the incident, and information on what you can do to better protect yourself, should you feel it is appropriate to do so. On April 6, 2017, McDavid discovered that your personal information may have been affected when an external actor or actors placed hidden code on the McDavid webservers (the “Incident”). The code may have targeted certain personal information of customers who made credit card purchases via the McDavid webservers between September 5, 2016 and November 11, 2016.Massachusetts Mutual Life Insurance Company
August 17, 2017 | Account Compromise
Abstract
On August 20, 2017, MassMutual’s fraud prevention team identified potential fraudulent telephone activity directed toward MassMutual call centers. Upon conducting an investigation into that the activity identified, it was determined that beginning on August 17, 2017 an unknown perpetrator contacted MassMutual call centers purporting to be two separate MassMutual insurance agents. The perpetrator requested assistance in resetting those two agents’ system access credentials (e.g., user name, password, multi-factor authentication). The perpetrator had readily available nonpublic personal information associated with these two agents and, through social engineering tactics, was able to provide such information to the call center personnel to successfully authenticate as the respective agents resulting in the access credentials being reset. MassMutual identified that this individual then used the credentials to access MassMutual business systems that included nonpublic personally identifiable information associated with each agents’ clients.December 03, 2013 | User Error
Abstract
On December 3, 2013, a MassMutual retirement services account manager sent a secure email to an individual at a MassMutual retirement services client. However, the account manager inadvertently included information about you and your retirement plan in that message to the other MassMutual client. The individual who received the information in error was contacted by MassMutual and confirmed to MassMutual both verbally and in writing that the email and the information received in error was deleted.September 13, 2013 | Files Lost
Abstract
On or about September 6, 2013, CRL sent an invoice via United States Postal Service (USPS) mail to MassMutual for services performed relating to your recent insurance application with MassMutual. Upon arrival at MassMutual on September 17, 2013, it was noted that the package was damaged and was accompanied by a letter from the USPS stating that the mailing was damaged during processing at the USPS facility in Springfield, Massachusetts and some pages may be missing.May 08, 2013 | User Error
Abstract
On May 8, 2013 a MassMutual account manager sent an email that inadvertently contained information about you and your retirement plan to a third party retirement plan service provider not associated with MassMutual.January 30, 2013 | Third Party
Abstract
MassMutual has an established business relationship with Convey Compliance Systems, Inc. (“Convey”) to provide print and mailing services for MassMutual’s annual IRS Form 1099 mailing. On February 1, 2013, Convey notified us of an incident that resulted in the Forms 1099 for a number of MassMutual clients being mailed to an incorrect mailing address. Unfortunately, your Form 1099 was in the affected group.July 13, 2012 | User Error
Abstract
This letter is to inform you that on July 13, 2012 MassMutual inadvertently sent via secure email a report containing your personal information to the Plan Sponsor of another retirement plan administered by MassMutual. We have conducted an investigation into the incident to determine the extent and its impact on our customers and have determined that the information involved in this incident included your name, Social Security number, and your 401(k) balance information.Mr. Cooper
July 05, 2017 | User Error
Abstract
Nationstar Mortgage LLC d/b/a Mr. Cooper (”Mr. Cooper”) discovered on July 5th 2017 that an incident occurred where your loan number and property address were inadvertently populated on another borrower’s letter.Michael T. Blevins, Inc.
March 26, 2017 | Network Compromise
Abstract
Shortly before this year’s tax deadline, we identified some unusual events for certain clients, including increased communications from the IRS and rejected e-filings. Because of this, we retained an independent forensic investigation firm to assist in our investigation. Based on their investigation, it appears that an unauthorized individual was able to gain access to our computer network for limited periods of time over the course of several days in late March and, while there, may have been able to access certain client files stored in our systems.Meepos & Company
February 24, 2017 | Misconfiguration
Abstract
On May 19, 2017, Meepos & Company (“Meepos”) received reports of issues with certain clients’ 2016 tax filings. Meepos immediately launched an investigation and has been working diligently, with the assistance of third party forensic investigators, to determine what caused the issues and whether other clients may be affected. Through the investigation, Meepos determined that an unauthorized actor or actors gained access to certain parts of Meepos’s network due to a misconfiguration of our two-factor password authentication and, as a result, may have had access to personal information for certain Meepos clients in our tax filing system, including documents that may be associated with our business client tax filings. After discovering the unauthorized access, we immediately worked with our IT professionals to identify the access point, quarantined the affected system and completed enterprise wide password changes to better prevent further unauthorized access to our systems. We also immediately contacted the IRS to alert them of the situation in order to stop the issuance of any fraudulent refunds. The investigation has determined that the unauthorized actor(s) may have had access to Meepos’s system beginning on February 24, 2017, although the first known access to tax information and fraudulent filings did not occur until May 2017.Manduka
February 22, 2017 | Website Compromise
Abstract
On February 25, 2018, Manduka learned of a potential data security incident involving the unauthorized installation of malware on its e-commerce web platform. Upon discovering this incident, Manduka took steps to secure customer payment card information and contacted law enforcement. In addition, Manduka launched an investigation and engaged a leading forensics firm to determine what happened and whether customer payment card information had been accessed or acquired without authorization. It appears that payment card information including names, card numbers, expiration dates, and security codes belonging to customers who utilized the Manduka web platform from February 22, 2017 to March 5, 2018 was affected.Merani Hospitality, Inc.
February 16, 2017 | Malware
Abstract
Merani Hospitality, Inc. ("Merani") is committed to protecting the privacy of the information entrusted to us and takes this responsibility seriously. This commitment extends to notifying individuals when their information may be compromised. On May 14, 2020, Merani discovered that certain of our customers' information could have been detained by a third-party that placed unauthorized computer code on payment processing system used at Parkway Prime Restaurant located at 401 Buffalo Avenue, Niagara Falls, NY 14303. The code may have targeted certain personal information of customers who made credit card purchases at the restaurant between February 16, 2017 and May 20, 2020. This information included customer names, credit or debit card numbers, CVV codes and expiration dates.MJ Freeway Business Solutions
November 19, 2016 | System Compromise
Abstract
MJ Freeway provides business management software to cannabis dispensaries, including Harborside. On or about November 19, 2016, MJ Freeway’s systems were accessed without authorization. MJ Freeway determined on November 27, 2017 that this unauthorized access resulted in the theft of certain data belonging to customers of Harborside. Upon learning of this unauthorized access, MJ Freeway immediately launched an internal investigation, with the assistance of third-party forensic investigators, to determine the full nature and scope of the incident. MJ Freeway also promptly notified and has been working with Harborside to determine the types of impacted information and to whom it belongs.Michigan State University
November 13, 2016 | Database Compromise
Abstract
TBDBMovement Mortgage (“Movement”)
August 01, 2016 | Email Compromise
Abstract
On September 8, 2016, Movement became aware of suspicious logins to certain company email accounts by an unknown source as the result of sophisticated phishing attacks on its email system. In response, Movement began an investigation and brought in an outside computer forensics expert to determine which employee email accounts were subject to unauthorized logins and what types of information inside those email accounts might be affected. It was confirmed that between approximately early August of 2016 and early October 2016, a company email account containing your personal information was subject to unauthorized log-ins by an unknown sourceM Holdings Securities, Inc.
July 29, 2016 | Computer Stolen
Abstract
One of our employees reported that his company computer had been stolen from his parked car. The theft was reported to law enforcement, but, to date, the laptop has not been recovered.Momentum for Mental Health
June 03, 2016 | Phishing
Abstract
On June 3, 2016, Momentum was targeted by an e-mail scam called “spoofing.” We discovered this incident within hours of it taking place. Nonetheless, it resulted in Momentum inadvertently making personal information from your Form W-2 available to an unknown third party.Mercy Medical Center Redding
June 01, 2016 | Insider Threat
Abstract
On June 6, 2016, Dignity Health learned your information was accessed inappropriately. Our business partner, naviHealth, assists Dignity Health hospitals with patient support after leaving the hospital. naviHealth employed a person as a case manager who was working under a false name and nursing license. This case manager was employed by naviHealth from June 2015 to May 2016. When naviHealth discovered the problem, it immediately severed ties with the case manager and prevented further computer access. Law enforcement was contacted, and naviHealth is cooperating in the on-going investigation.Multi-Color Corporation
Abstract
An East Coast law firm was representing Multi-Color in litigation. As part of that representation, the law firm collected data from Multi-Color's system, which included HR records and information on all current US employees as of April 13, 2016; certain former employees and some employees of a predecessor. company; and application. The data was saved to an external hard drive and password protected. The hard drive was delivered to the law firm and the password was separately emailed to the law firm.May 14, 2016 | Device Lost
Abstract
An East Coast law firm was representing Multi-Color in litigation. As part of that representation, the law firm collected data from Multi-Color’s systems, which included HR records and information on all current US employees as of April 13, 2016; certain former employees and some employees of a predecessor company; and applicants. The data was saved to an external hard drive and password protected. The hard drive was delivered to the law firm and the password was separately emailed to the law firm.Mitchell International, Inc.
February 24, 2016 | Email Compromise
Abstract
On February 24, 2016, an unknown, unauthorized person from outside of Mitchell impersonated a member of Mitchell’s executive leadership team and, using what appeared to be that person’s legitimate Mitchell email address, convinced one of our employees to provide certain personal information about current and former employees. We discovered the inadvertent disclosure on March 3rd and we immediately began investigating what happened. We also began to address this matter with the appropriate authorities. Please know that this information was stolen through a sophisticated phishing scam for employee information and did not involve any customer information or an intrusion into our computer systems or network. This disclosure was the result of an incredibly unfortunate human error.Mercy Housing, Inc., Mercy Housing Management Group, Inc.
February 19, 2016 | Phishing
Abstract
Late in the afternoon of Friday February 19, 2016 there was an unauthorized release of an electronic copy of all 2015 W2s issued by Mercy Housing's payroll department due to an email scam. As a result, unauthorized individuals may have personal information about you. This is a security breach of personal informationMagnolia Health Corporation
February 03, 2016 | Email Compromise
Abstract
On February 3, 2016 an unidentified third person impersonated our CEO, Kenny Moyle, and using what appeared to be his email address, obtained certain personal information for all active employees of Magnolia Health Corporation (MHC) and each of the facilities managed by MHC [Twin Oaks Assisted Living, Inc., Twin Oaks Rehabilitation And Nursing Center, Inc., Porterville Convalescent, Inc., Kaweah Manor, Inc. and Merritt Manor, Inc.]. It was not until February 10, 2016 that we realized that this information had not been requested by anyone at MHC and that it had been disclosed to an unauthorized third person whose identity is presently unknown.M&M Automotive Group, Inc.
July 27, 2015 | Files Lost
Abstract
On July 27, 2015, the dealership property was broken into and vandalized. The vandalism involved the theft of a vehicle and boxes of archived files from the secured storage room located on the third floor. We believe that some of the stolen boxes held sold vehicles jackets. Each sold vehicle jacket typically contains copies of the forms signed by the vehicle purchaser including the name, address, phone number, driver’s license information, bank account information, car insurance information and information on the vehicle purchased.Medical Informatics Engineering and NoMoreClipboard, a wholly owned subsidiary of Medical Informatics Engineering
May 07, 2015 | Server Compromise
Abstract
On May 26, 2015, the technical team at MIE discovered suspicious activity relating to one of our servers. We immediately initialed our Incident Response Plan and commenced an investigation to identify and remediate any identified security vulnerability.Matador Recordings, LLC (d/b/a “Matador Direct”)
April 28, 2015 | Website Compromise
Abstract
On May 4, 2016, we were advised by our third-party website developer that it had identified and removed suspicious files from the e-commerce websites of the record labels for which Matador Direct is the distributor. we quickly began an investigation and hired a third-party cybersecurity firm to assist us. Findings from the investigation show that if a customer attempted to or did place an order on one of the affected websites from april 28, 2015 to May 4, 2016, information associated with the order being placed may have been obtained by an unauthorized third-party.Mama Mio US, Inc.
April 28, 2015 | Website Compromise
Abstract
We are sorry to inform you that we have been the victim of a cyber-attack on our website. Given the nature of the attack, we have to assume it has resulted in the loss of your personal data.Molina Healthcare of California, Inc.
March 26, 2015 | Insider Threat
Abstract
On or about 3/26/15, a former CVS employee took PHI from CVS’ computers and sent it to his personal computer. CVS believes he did this to fraudulently obtain OTC products from CVS. Upon learning of this incident, CVS took prompt action to investigate this issue. No fraudulent use of your PHI has been found. The PHI involved in the breach is as follows: Full Name; CVS ID; CVS ExtraCare Health Card Number; Member ID; Rx Plan Number; Rx Plan State; Start Date; and End Date.Mark Riley, Inc., abd E. K. and Company
January 19, 2015 | Device Lost
Abstract
Mark Riley, Inc. dba E. K. and Company (“E. K. and Company”) is an accounting and payroll processing company. On January 19, 2015, E. K. and Company's office was broken into and a hard drive was stolen. This hard drive may have contained data files that include your name, Social Security number, address, telephone number, and financial account information. While this information could not be accessed without the tax preparation software, which was not on the hard drive, we wanted to make you aware of this event out of an abundance of caution.MEETME, INC.
August 05, 2014 | Network Compromise
Abstract
MeetMe, Inc. today announced that it has recently discovered a security breach within its network that compromised certain information in at least some MeetMe user accounts. Specifically, between August 5 and 7 of this year, MeetMe believes that hackers gained access to some user names, email addresses, and encrypted passwords. For a period of time, the hackers may have been able to access the affected MeetMe accounts, but there is no evidence that they did so and they can no longer do so.Mandarin Oriental
June 18, 2014 | Unauthorized Access
Abstract
We are writing to advise you that investigations by Mandarin Oriental have regrettably confirmed that the names and credit card numbers of some of our guests appear to have been acquired without authorization.Mercy Medical Center Redding Oncology Clinic
June 01, 2014 | Breach
Abstract
On December 13, 2014 Mercy Medical Center Redding Oncology Clinic discovered that transcribed physician progress notes containing your demographic and treatment information for services provided during June – October 2014, were publically accessible on a third party website. Upon discovery the third party removed the link from their website rendering the information no longer accessible.Mount Olympus Mortgage Company
April 28, 2014 | Insider Threat
Abstract
Following up on our prior communication to you regarding the conduct of some of our former employees, we are contacting you now because we have learned of a related data security incident that has occurred in connection with their departure from our company. We learned of this incident in June 2014, have been investigating it since that time, and have determined that it involves your information.Marian Regional Medical Center
March 02, 2014 | User Error
Abstract
A secured electronic file containing your limited patient information was sent to a contracted health insurance plan other than your own health insurance plan. Fortunately, the health insurance plan agent verified the file was sent in error and notified us promptly. We immediately stopped sending the files.MEI-GSR
February 19, 2014 | Breach
Abstract
On or around September 29, 2015, the Grand sierra resort was contacted by law enforcement regarding an investigation into a potential compromise of payment card information used at food and retail locations at the Grand sierra resort. We immediately began to cooperate with law enforcement and to investigate thsi matter. Third party forensics investigators were retained to assist the Grand Sierra Resort. On or around January 11, 2016, these investigators confirmed that certain guest payment card information for cards used at food and retail locations at the Grand Sierra Resort may have been compromised.Marsh & McLennan Companies, Inc. and our affiliates
June 13, 2013 | Third Party
Abstract
On September 25, 2013, Kroll notified us that its systems were targeted by third parties for the purpose of obtaining background check information maintained by Kroll. Kroll told that this intrusion into Kroll's network began in June 2013 and continued until the second week of September.Midwest Supplies, LLC
June 13, 2013 | Website Compromise
Abstract
We’re writing to tell you that it’s possible that the credit card you used at Midwest Supplies on [Month, Day, Year] might have been compromised at that time. Despite our best efforts, the security of our website was breached by an outside party. Your credit card information might have been improperly viewed including your name, address, email address, telephone number, credit card number, expiration date and security code.Millimaki Eggert, LLP
April 27, 2013 | Laptop Stolen
Abstract
On April 27, 2013, an unknown individual(s) burglarized Millimaki Eggert's San Diego, California office and stole, among other things, two password-protected laptops containing sensitive information.Monterey County Department of Social Services
March 17, 2013 | Computer Compromise
Abstract
A Monterey County computer that was connected to the California State Network was compromised the evening of 3/17/2013 by unauthorized users from overseas attempting to break-in over the network.Managed Med, A Psychological Corporation
March 01, 2013 | Misconfiguration
Abstract
On May 13, 2014, ManagedMed learned that certain patient scheduling information located in a computerized calendaring system had been viewed(via an unsecured webpage) by non-ManagedMed personnel, who were not authorized to do so.Mercedes-Benz of Walnut Creek
February 08, 2013 | Files Lost
Abstract
On Friday, February 8, 2013, around 7:00 am we discovered a forcible break-in at Mercedes-Benz of Walnut Creek's dealership. Between the close of business on Thursday, February 7th and the morning of Friday, February 8th, a thief or thieves pried open a locked exterior door to the dealership, another locked interior door into the Business Office as pried open, and once inside the Business Office, locked file cabinets containing customer deal jackets were pried open and some customer deal files were removed.Montefiore Health System, The University Hospital for Albert Einstein College of Medicine
January 01, 2013 | Insider Threat
Abstract
On May 15, 2015, Montefiore was informed by law enforcement that an employee stole patient account information from Montefiore’s electronic medical record system. The theft occurred between January 2013 and June 2013 and information stolen included names, addresses, Social Security numbers, next of kin, and health insurance information. There is no evidence that medical information, such as test results or diagnosis, was obtained. The employee was arrested, fired, and is being prosecuted for this crime.MT. DIABLO UNIFIED SCHOOL DISTRICT
December 01, 2012 | Computer Stolen
Abstract
One of our offices was burglarized on Saturday, December 1, 2012 and a password protected unencrypted computer was stolen after thieves broke a window. Law enforcement and District staff were immediately alerted because the office was protected by a security camera, motion detector, and an alarm. The stolen computer contained Excel and Word files that included employees’ names, dates of birth, addresses, and Social Security numbers for employees and former employees who worked at the District between 1998 and 2010.Massive Media Match NV
November 23, 2012 | Database Compromise
Abstract
Through proactive data security monitoring, our security team recently discovered that a database compromise occurred in November of 2012. The database contained users’ email address and password information if they registered on Netlog prior to December 2012. We have confirmed that the database did not contain any government issued identification numbers, payment card, or banking information and we have no reason to believe any other data or service was compromised.Monterey Institute of International Studies
September 14, 2012 | Laptop Stolen
Abstract
As you know, we learned that an employee's home was burglarized on September 14, 2012. Personal items and a password-protected laptop computer were among the items stolen.Mission Linen Supply Company
June 29, 2012 | Third Party
Abstract
On or about June 29, 2012 we received word from one of our customers that several of their employees had reported unauthorized charges on their credit cards. As you probably know, we are in the business of selling uniforms, apparel and related items. Many of these sales take place through “web stores” that are developed and hosted by a third party vendor on behalf of Mission Linen Supply. Although purchases made through these web stores are considered transactions with Mission Linen Supply, personally identifiable information that was provided by persons who purchased goods through the web stores was stored and maintained by this third party vendor and not by Mission Linen Supply.Manhattan Prep
March 25, 2012 | System Compromise
Abstract
With the help of data security experts, we are currently conducting a thorough investigation of the breach, which occurred and was identified on Sunday, March 25. We are also working with law enforcement as part of this investigation. At this time, we have determined that an unauthorized third party (a "hacker") temporarily penetrated our system and, during the incursion, had access to the following personal information in your account: name, mailing address, email address, birth date, username, password, phone number, and credit card details for the following card(s) in your account:Morgan Stanley
Abstract
In 2016, Morgan Stanley closed two data centers and decommissioned the computer equipment in both locations. As is customary, we contracted with a vendor to remove the data from the devices. We subsequently learned that certain devices believed to have been wiped of all information still contained some unencrypted data. Separately, in 2019, Morgan Stanley disconnected and replaced a computer server in a local branch office. That server had stored information on encrypted disks that may have included personal information. During a recent inventory, we were unable to locate that device. The manufacturer subsequently informed us of a software flaw that could have resulted in small amounts of previously deleted data remaining on the disks in unencrypted form. We have worked with outside technical experts to understand the facts and any potential risks.Mathway LLC
Abstract
We are writing to let you know that we recently discovered that certain Mathway customer account data was acquired by an unauthorized party. After receiving a tip, we retained a leading data security firm to investigate and confirmed on May 15 that Mathway data had been inappropriately acquired.Marriott International
Abstract
Marriott learned on September 4, 2019, that an unknown person gained access to information about certain Marriott associates by accessing the network of an outside vendor formerly used by Marriott. Once we became aware, Marriott immediately confirmed that the vendor was taking appropriate to steps to investigate the incident. The vendor reported that it was working with a forensic firm and had notified law enforcement. This vendor served as Marriott’s agent for receiving service of official documents, such as subpoenas and court orders. A document containing your information was sent to this vendor, and it was accessed during the incident. This incident did not impact the security of Marriott’s internal HR systems or platforms.Moda Operandi Inc.
Abstract
On April 15, 2019, we discovered that in September 2018, credentials for this information were uploaded onto a publicly-available database. While the passwords were protected through encryption, we have determined it is in your best interest to assume that this information was accessed.MSA Accounting CPA, Professional Corp.
Abstract
After receiving reports that some MSA Accounting, CPA Professional Corp. clients or their employees have received letters from the IRS telling them that someone had filed or attempted to file a 2016 tax return that was not authorized and experiencing unusual activity during this filing season with an escalated number of rejected returns, we immediately changed all of our passwords as a precaution. Further, we notified the IRS of the activity and contacted local IT professionals who ran ‘deep scans’ on our system. The scans found no malicious activity. As a further precautionary measure, we hired specialized forensic IT consultants to investigate.Mollie Stone’s Markets
Abstract
On March 17, 2017, we learned that one of our employees received a phishing email designed to appear as if it came from one of our Senior Executives. As a result of this phishing incident, we learned that an unauthorized individual may have obtained IRS Form W-2s for the 2016 employment year for some of our employees. When we learned of this, we immediately secured the email account and enabled restrictions to prevent further unauthorized access.MetWest Terra Hospitality, LLC
Abstract
On February 9, 2017, we learned that a targeted "spear phishing" email message had been sent to a MetWest Terra Hospitality employee. The email our employee received was designed to appear as though it had been sent to the employee by a MetWest Terra Hospitality manager from the MetWest Terra Hospitality manager's email account. The request was for all 2016 W2 information, and believing the email to be legitimate, the employee provided the requested informationMyspace LLC
Abstract
Shortly before the Memorial Day weekend, we became aware that stolen Myspace user login data was being made available in an online hacker forum. The data stolen included user login data from a portion of accounts that were created prior to June 11, 2013 on the old Myspace platform.Matson Navigation Company, Inc.
Abstract
I am writing to let you know that a device containing information regarding mariners who have served aboard vessels operated by Horizon Lines has been identified as missing. While we have no indication that the device has been used or was even intentionally removed, and while accessing any information on the device requires a valid user ID and password, we take the security of such information seriously and are accordingly writing to inform you of this incident.MUJI U.S.A. LIMITED
Abstract
Based on the outcome of our recently completed investigation, we have determined that an unauthorized third party used malicious software (malware) to infiltrate our on-line server, which is hosted by a reputable service provider. We learned of the incident as the result of a thorough investigation, which we initiated immediately following the receipt of information suggesting a possible data compromise on our on-line shopping site. To adequately protect our customers, we shut down our on-line shopping site during the course of the investigation. Our investigation was recently completed, and we are now able to determine the scope of customers whose information was potentially exposed during the incident. At this time, we believe order information that you and other customers provided during the period of January 22, 2015 -- July 20, 2015 may have been at risk.Martinelli Winery
Abstract
We greatly value your business and respect the privacy of your information, which is why we are writing to inform you that our consumer direct sales systems provider, Missing Link Networks, Inc., (“Missing Link”) notified us on May 27th, 2015 of a security incident involving credit and debit card data. Missing Link has advised us that during the window of April 1, 2015 to April 30, 2015, a third party might have gained access to certain personal information, including customer names, card numbers, related payment addresses, passwords, and dates of birth.Michaels Stores, Inc.
Abstract
We are working closely with federal law enforcement and are conducting an investigation with the help of third-party data security experts to establish the facts. Although the investigation is ongoing, based on the information we have received and in light of the widely-reported criminal efforts to penetrate the data systems of U.S. retailers, we believe it is appropriate to notify our customers that a potential issue may have occurred.Maricopa County Community Colleges District
Abstract
We recently discovered that Maricopa County Community Colleges District IT systems may have been accessed without authorization, and we are cooperating with law enforcement officials investigating the matter. On October 18~h, 2013, we determined that your information, including your name, address, phone number, e-mail address, Social Security number, date of birth, financial and bank account information, certain demographical information, information related to your employment, education and training, and limited benefits information such as your plan selection, vacation accrual, or dependent's information may have been accessed without authorization. The systems did not contain credit card information or personal health information.N
NetGalley, LLC
December 21, 2020 | Database Compromise
Abstract
On Monday, December 21, 2020, NetGalley experienced a data security incident. What initially seemed like a simple defacement of our homepage has, with further investigation, resulted in the unauthorized and unlawful access to a backup file of the NetGalley database. Our database backup was stored in the Amazon Cloud. One of our testing servers had been left unsecured, and the credentials became easily attainable by a hacker.National Railroad Corporation
July 24, 2020 | Account Compromise
Abstract
On July 24, 2020, Amtrak detected that an unknown third party may have gained unauthorized access to certain Amtrak Guest Rewards accounts. Your account was not among these accounts. However, in responding, our security team identified some suspicious activity relating to other rewards accounts including your account. We reset the passwords for potentially affected accounts and implemented additional safeguards.Abstract
On July 24, 2020, Amtrak detected that an unknown third party may have gained unauthorized access to certain Amtrak Guest Rewards accounts. Your account was not among these accounts. However, in responding, our security team identified some suspicious activity relating to other rewards accounts including your account. We reset the passwords for potentially affected accounts and implemented additional safeguardNorthwest Foundation, Inc.
July 16, 2020 | Ransomware
Abstract
On July 16, 2020, we were contacted by Blackbaud, one of the world’s largest providers of customer relationship management systems for not-for-profit organizations and the higher education sector. Company representatives informed us that a Blackbaud service provider had been the victim of a ransomware attack that culminated in May 2020. The cybercriminal was unsuccessful in blocking access to the database involved in the attack, however, the cybercriminal was able to remove a copy of a subset of data from several of Blackbaud’s clients including data of Northwest Foundation.Abstract
On July 16, 2020, we were contacted by Blackbaud, one of the world’s largest providers of customer relationship management systems for not-for-profit organizations and the higher education sector. Company representatives informed us that a Blackbaud service provider had been the victim of a ransomware attack that culminated in May 2020. The cybercriminal was unsuccessful in blocking access to the database involved in the attack, however, the cybercriminal was able to remove a copy of a subset of data from several of Blackbaud’s clients including data of Northwest Foundation.Nutranext, LLC
May 27, 2020 | Malware
Abstract
We are writing to inform you that Nutranext recently became aware that it was the victim of a malware attack, which may have resulted in a breach of your personal information. On May 27, 2020 someone outside our company maliciously installed software without authorization that potentially allowed them to capture personal information from people using our websites for Rainbow Light®, Natural Vitality® and Neocell®. As soon as we became aware of this intrusion, we shut down our websites to prevent unauthorized access to consumer data and partnered with cybersecurity experts to investigate the issue.Northern Light Health
May 14, 2020 | Ransomware
Abstract
Blackbaud reported that in May 2020, it experienced a ransomware attack during which certain information it maintained for its customers was taken “hostage” by a cybercriminal. Blackbaud reported the incident to law enforcement and worked with forensic consultants to investigate. Following its investigation, Blackbaud notified its customers that a cybercriminal may have accessed or acquired certain Blackbaud customer data before Blackbaud locked the unknown actor out of the environment on May 20, 2020. Upon learning of the Blackbaud incident, Northern Light Health immediately began to determine what, if any, sensitive Northern Light Health data was potentially involved. This investigation included working diligently to gather further information from Blackbaud to understand the scope of the incident. On July 30, 2020, Northern Light Health received further information from Blackbaud that allowed us to determine that the information affected included some limited protected health information.NCP Healthcare Management Company
April 27, 2020 | Ransomware
Abstract
On April 27, 2020, an unauthorized individual obtained access to the email account of an NCP employee. NCP became aware of the unauthorized access on May 19, 2020 and took immediate steps to contain the incident. We terminated the unauthorized access to the email account the same day it was discovered and worked with a leading cybersecurity forensics firm to investigate this matter. As part of our investigation, NCP conducted an extensive review of the employee’s email account to determine if any emails contained personal information. Unfortunately, on or around June 18, 2020, we identified information about you within the employee’s mailbox. All available evidence suggests that the unauthorized individual’s purpose was to attempt to commit financial fraud against NCP—not to seek and obtain any personal information about the Clinic’s patients. Importantly, there is no evidence that the unauthorized person actually viewed any emails containing your information.New Heights Ventures Inc.
March 11, 2020 | Email Compromise
Abstract
On March 11, 2020 New Heights Ventures learned that an outside entity gained access to a member of management’s email and cloud-based server password. They then forwarded an email to the member of management’s contacts. Two New Heights Ventures office employees received the email from the member of management and entered their passwords, as well. At that point, it was quickly discovered that this was a malicious event and we took steps to cut access from the outside entity. The member of management, whose account was breached, realized he had received an email seemingly from an employee of another agency and entered his email and password on 3/6/2020 to try to open a document. This appears to be how the perpetrators emailed his contact list.National Institute for Automotive Service Excellence
December 18, 2019 | Website Compromise
Abstract
ASE began investigating recent reports from a small number of customers who made purchases from https://portal.asecrm.com. In response, ASE worked with an outside forensics expert to investigate these reports to determine what may have happened. Through this investigation, ASE confirmed on February 13, 2020, that an unauthorized actor placed malicious code on ASE’s checkout page, which could capture customer payment card information when entered on the checkout page for transactions between December 18, 2019, to February 3, 2020, and February 4, 2020, to February 13, 2020. ASE immediately worked to remove the malicious code to prevent any further issues. You can safely and securely use your payment card at our website.New Media Trader Inc.
October 01, 2019 | Database Compromise
Abstract
It just has come to our attention that in October 2019 that a third-party gained unauthorized access to our database and as a result was able to access information. No credit card or payment information was compromised as a result of this breach.NRI USA, LLC
September 3, 2019 | Email Compromise
Abstract
On October 15, 2019, we learned that an unauthorized individual attempted to use one of our corporate email addresses to misdirect a payment intended for NRI. We immediately began an investigation and, based on the available evidence, determined that there had been unauthorized access to two (2) corporate email accounts between September 3, 2019 and October 23, 2019. Our investigation showed that the email accounts were used by employees from NRI and our related companies. On October 24, 2019, we determined that your personal information may have been accessed.NYR Organic, Inc.
August 21, 2019 | Email Compromise
Abstract
Recently, Neal’s Yard Remedies became aware of suspicious activity related to a user’s email account. We immediately launched an investigation to determine the full nature and scope of the email activity. With the assistance of computer forensics investigators, we learned that certain Neal’s Yard Remedies user email accounts were accessed without authorization between August 21, 2019 and September 4, 2019Niche.com Inc.
July 24, 2019 | Website Compromise
Abstract
On July 24, 2019, we discovered that the login point for users on the Niche.com website was subject to an automated attack. The attack attempted to gain access to Niche user accounts using username and password pairs from externally available sources. While our investigation found no evidence that user account information was compromised or changed, there were successful logins detected for certain Niche users from a source believed to be a part of the attack. We promptly investigated the scope of the attack and disabled potentially compromised passwords. Though we did not find any evidence that any account information was collected from the users following the unauthorized login, we locked user accounts and prompted users to reset passwords out of an abundance of caution.Northwood, Inc.
May 03, 2019 | Phishing
Abstract
On May 6, 2019, Northwood became aware of suspicious activity relating to an employee email account, as a result of a phishing email that captured the employee’s login credentials. We immediately launched an investigation to determine what may have happened and what information may have been affected. Working together with a leading computer forensics expert, our investigation determined that an unauthorized individual accessed the email account between May 3 and May 6, 2019. Because we were unable to determine which email messages in the account may have been accessed or viewed by the unauthorized individual, we reviewed the entire contents of the email account to identify what personal and protected information was stored within it. On June 19, 2019, we identified the individuals potentially impacted by this incident after a thorough review of the email account. No other email accounts or Northwood systems were impacted by this incident.Nutraceutical Wellness Inc. dba Nutrafol
April 10, 2019 | Unauthorized Access
Abstract
We became aware on September 11, 2019 that Company may have been the victim of a cybercrime. As a result of a security incident, some of your data may have been accessed by an unauthorized third party. We have been working closely with a nationally recognized computer security firm to investigate this. While the investigation is ongoing, we have taken initial steps to address the incident and prevent this from happening again.Nemadji Research Corporation d/b/a California Reimbursement Enterprises
March 28, 2019 | Phishing
Abstract
On March 28, 2019, a Nemadji employee fell victim to an email phishing attack. A phishing email tries to trick someone into giving up important information by appearing to come from a reliable source. Email accounts are used by employees to communicate about and perform services for the County Department of Health Services (DHS). The phishing email compromised one email account and led to the data breach we are currently notifying you of.Northgate Gonzalez, LLC
January 7, 2019 | Email Compromise
Abstract
Northgate Gonzalez discovered suspicious activity related to a certain Northgate Gonzalez employee’s email account. Upon discovery, Northgate Gonzalez immediately launched an investigation, with the aid of forensic investigators, to determine the nature and scope of the activity. Northgate Gonzalez’s investigation determined that there was unauthorized access to certain emails and attachments between January 7, 2019 and January 7, 2020. Northgate Gonzalez began reviewing the affected email account to determine what, if any, sensitive information it contained. On April 7, 2020 Northgate Gonzalez’s review determined that the email account contained certain information related to you, and as such, is providing notice.National Wildlife Federation
January 03, 2019 | Third Party
Abstract
On or about April 25, 2019, NWF identified signs that a back-end database hosted by a third party vendor that contained Ranger Rick Zoobooks customer information was accessed without authorization. NWF worked with third party investigators to determine what happened, what information was involved and to prevent further access. Through this investigation NWF learned that the back-end database was accessed without authorization on or around January 3, 2019. The database involved was used to maintain customer information to assist with processing of payments and fulfilment of customer orders. The investigation included a review of the information accessible within the database to identify the types of information accessible and to whom this information may relate.North Country Business Products, Inc.
January 03, 2019 | Malware
Abstract
On January 4, 2019, North Country learned of suspicious activity occurring within certain business partner networks. North Country immediately launched an investigation, working with third-party forensic investigators to determine the nature and scope of the event. On January 30, 2019, the investigation determined that an unauthorized party was able to deploy malware to one hundred and forty-two (142) of North Country’s business partners’ restaurants between January 3, 2019, and January 24, 2019, that collected credit and debit card information.New Bit Ventures Ltd.
December 09, 2018 | Unauthorized Access
Abstract
In order to sell cryptocurrency, we ae required by regulation to collect certain personal information from our customers, including your name, address, email, gendar and ID number. From some of our customers we are also required to collect images and copies of documents, including goverment issued IDs. We do not store or record any credit card information, nor do we hold any customer funds.National Baseball Hall of Fame and Museum
November 15, 2018 | Website Compromise
Abstract
The National Baseball Hall of Fame (“Hall of Fame”) values and respects the privacy of your information, which is why we are writing to advise you of a recent incident that may have involved some of your personal information. On June 18, 2019, we learned that some of your information could have been obtained by an unauthorized third-party that placed malicious computer code on the Hall of Fame web store (shop.baseballhall.org) e-commerce system. The code may have targeted certain personal information of customers who made a credit card purchase via the web store between November 15, 2018 and May 14, 2019.Nordstrom, Inc.
October 09, 2018 | Insider Threat
Abstract
We are investigating an incident where a contract worker improperly handled some Nordstrom employee data. This happened on October 9, 2018. Our Information Security team promptly discovered the incident that day, notified law enforcement and began a comprehensive investigation.Net32, Inc.
September 22, 2018 | Third PartyThird Party
Abstract
Based on its ongoing forensic investigation, Net32 has discovered that one of Net32's third-party vendors had its log-in credentials to the Net32 platform misused to improperly access Net32's order management system between september 22, 2018, and september 25, 2018. These credentials appear to have been used to generate anomalous order activity for old orders placed with that vendor in a way that revealed credit card information to the user of the vendor's credentials. During this four-day period, customers began reporting to Net32 increased incidents of what appeared to be fraudulent charges relating to the credit cards used to make purchases from this vendor. After learning of the anomalous order activity and the increased fraud reports, Net32 suspended the vendor's credentials on September 25, 2018. Net32 also required all vendors to reset their passwords at this time.Newegg Inc.
August 13, 2018 | Website Compromise
Abstract
On September 18, 2018, we received information about possible unauthorized access to the servers that run our website. We immediately began an investigation with the assistance of a leading computer security firm and identified the possibility that an unauthorized user changed our website’s checkout page to collect certain customer information without authorization. We removed the unauthorized code, took further measures to secure our servers, and reported the incident to law enforcement and the payment card networks. On October 15, 2018, the investigation determined what information may have been collected and the time period that the unauthorized change affected our site.NorthBay Healthcare Corporation
May 08, 2018 | Third Party
Abstract
On October 3, 2018, Jobscience, Inc. advised NorthBay that an unauthorized individual accessed NorthBay applicant information. Jobscience, Inc. is a contracted vendor that provides NorthBay with online employment application management system services. The access involved information pertaining to applicants that applied for a position with NorthBay between December 2012 and May 2018.Notre Dame de Namur University
April 23, 2018 | Email Compromise
Abstract
On May 18, 2018, we learned that an unauthorized individual may have gained access to an employee’s email account containing some of your personal information. Upon discovery, we immediately began an investigation to determine what happened and what information may have been affected.NC Financial Solutions of California, LLC d/b/a NetCredit (“NetCredit”)
February 19, 2018 | Account Compromise
Abstract
On or about February 20, 2018, our security team discovered that an unauthorized party used valid email addresses and passwords to log in to a small percentage of NetCredit accounts. Based on our investigation, we do not believe that the unauthorized party obtained account holder email addresses or passwords from us or that our security systems were breached. In some instances, after gaining access to an account using the login credentials, the unauthorized party changed some of the personal information in the account, such as the email address and bank account information associated with the account.North American Risk Services, Inc.
February 07, 2018 | Email Compromise
Abstract
Earlier this year NARS discovered suspicious emails being sent from an employee’s email account. NARS quickly launched an investigation, with the assistance of a third party forensic investigator, to understand the nature and scope of the event, and whether any sensitive data was at risk. The forensic investigation confirmed that just a few employee email accounts were subject to unauthorized access from February 7, 2018 until March 27, 2018 some of which were accessible for much less time. The forensic investigator then reviewed the email accounts to determine if they contained any personal information. On June 27, 2018, NARS determined the affected email accounts contained information relating to you. Unfortunately, the forensic investigator was only able to locate a small percentage of the addresses for the individuals and entities whose information was stored within these emails. NARS then undertook an extensive search of its internal records and a third-party vendor was retained to locate the missing addresses. Once these addresses were found, NARS finalized all documents required to move forward with notice to affected individuals and businesses, including you.North 40 Outfitters
February 02, 2018 | Website Compromise
Abstract
On or about November 8, 2018, as a result of advanced platform monitoring and security controls, North 40 identified suspicious activity regarding our online payment processing platform. North 40 immediately launched an investigation with the assistance of a third-party forensic firm to determine the nature and scope of the activity. On or about December 14, 2018, the forensic investigation determined that customer credit and debit card information for transactions that occurred on North 40’s website between February 2, 2018, and November 20, 2018 may have been subject to unauthorized access and/or acquisition. North 40 is notifying you because we have confirmed that your credit or debit card was used for a transaction on our website during the relevant time period, and your information may be affected.January 20, 2017 | Website Compromise
Abstract
On or about January 10, 2018, North 40 was alerted that certain credit and debit cards used on its e-commerce site may have been subject to unauthorized access. North 40 immediately launched an investigation to determine the nature and scope of the incident. On or about January 29, 2018, North 40 discovered that customer credit and debit card information for transactions that occurred on its e-commerce website between January 20, 2017 and January 29, 2018 was subject to unauthorized access and/or acquisition. North 40 is notifying you because we have confirmed that your credit or debit card was used for a transaction on our e-commerce website during the relevant time period, and your information may be affected.NHS, INC.
December 29, 2017 | Website Compromise
Abstract
On December 29, 2017, NHS's third-party e-commerce vendor discovered that our website was the target of a cybersecurity attack aimed at acquiring customer credit card informatio. NHS was notified of this breach on January 2, 2018. On the same day that we received this information, NHS immediately began to work to investigate and take appropriate corrective steps. During this discovery process, NHS confirmed that unauthorized code was placed onto our e-commerce website which may have captured data from our customers that could have resulted in exposure of personal information.NextGen Global Resources
November 12, 2017 | Phishing
Abstract
On November 12, 2017, we discovered that an employee had inadvertently responded to a phishing attack email, allowing an unauthorized person to create an email rule in that employee’s email account automatically forwarding incoming email to an unknown third party. To address this situation, we have scanned the email accounts of all employees and we have not found any other instances of unauthorized access due to this phishing attack. We are in the process of continuing our investigation, but to date we have learned that the unauthorized access appears to date back to July 2017.While this employee does not generally send or receive sensitive information related to our employees or contractors, this employee did communicate with our customers in identifying employees and/or contractors (i.e. workers) assigned to work for such customer.Nevro Corporation
November 11, 2017 | Laptop Stolen
Abstract
Nevro was recently the victim of a criminal break-in at our corporate headquarters in which several laptop computers were stolen. Nearby businesses were also targeted by the same perpetrators, who stole laptops from those businesses as well. Nevro has been unable to recover the stolen laptops on which limited information relating to you has been stored.National Capital Poison Center (“NCPC”)
October 21, 2017 | Ransomware
Abstract
? In October 2017, NCPC discovered it had experienced a ransomware infection. Upon discovery of this incident, NCPC immediately launched an investigation, with the assistance of a third-party forensic investigator, to determine the nature and scope of the event and ensure the security of their systems. While this investigation is ongoing, on November 27, 2017, NCPC determined that unauthorized access to a database server occurred on October 21, 2017, and that unauthorized access to the data stored on that server cannot be ruled out. The possibly affected database contains information provided during calls made to or from the center between January 1997 and October 21, 2017.Northwestern Mutual Life Insurance Company
August 31, 2017 | Phishing
Abstract
I was the victim of a computer scam. During the course of a telephone call, fraudsters used social engineering methods to gain remote access to my desktop computer on August 31, 2017, and several times thereafter. I have notified law enforcement, and we are working with the Northwestern Mutual Home Office to investigate and address this situation.National Stores, Inc.
July 16, 2017 | Malware
Abstract
On December 22, 2017, National Stores received an alert that a data security incident may have affected customer payment card information. We immediately launched an investigation and engaged cybersecurity experts to assist with the investigation. We also contacted the FBI and payment card brands in order to prevent fraudulent activity on payment cards that may have been affected.Northern Humboldt Union High School District
April 17, 2017 | Database Compromise
Abstract
On an unknown date, a person or persons accessed protected files within the NHUHSD's computer database. The files included log-in credentials for the PASS/FamilyLink Parent portal. All evidence indicates this access was perpetrated from an unattended staff or faculty computer which was logged in with elevated permissions to access an area within NHUHSD's SIS computer system. A student reported to NHUHSD on April 24, 2017 that this information was on a website, and NHUHSD immediately notified school administrators. NHUHSD determined that the scope of this incident is relatively non-sensitive, but it does involve a release of "personally indentifiable" as defined by law. In this case , the information is considered "personally indentifiable" because it included "a user name or email address, in combination with a password or security question and answer that would permit access to an online account." Cal. Civ. Code 1798.82(h)(2).NEO Tech
January 27, 2017 | Phishing
Abstract
On Friday, January 27, 2017, NEO Tech was the victim of an email “phishing” incident that resulted in the release of employee W-2 wage and tax data to an unauthorized email recipient outside the company. This was an isolated incident that did not involve an intrusion into our computer systems or network.Nakawatase & Kaminsky, CPAs, LLP
October 31, 2016 | System Compromise
Abstract
In January 2017, we confirmed through the use of our forensic information technology investigation firm, Navigant, that the Lacerte tax system we utilize for maintaining and filing tax returns was compromised by an intruder on October 31, 2016, November 1, 2016, November 5, 2016, and November 8, 2016. The attacker managed to hack into our computer system despite the use of firewalls and anti-virus software. This resulted in four tax returns being fraudulently filed.National Wholesale Incorporated
September 01, 2016 | Website Compromise
Abstract
On October 14, 2016, National Wholesale discovered that it had been the victim of a computer related incident. Unknown individuals targeted our website and inserted harmful code. This code allowed unauthorized individuals to monitor the information our customers typed into the website when placing an online order. We believe that the information of 14,281 of our customers may have been compromised; we are notifying you because our records indicate that you placed an order on www.shopnational.com during the relevant time periods.Napa Valley Dentistry
August 11, 2016 | Server Stolen
Abstract
Someone broke into our locked storage unit, which was within a gated storage facility, and stole a password-protected server. Upon discovery of the theft, we promptly notified the Napa Police Department and will provide whatever cooperation is necessary to identify the perpetrator(s) and hold them accountable. On September 8, 2016, we confirmed that your personal information may have been on the server. In December 2012, Dr. Justin Newberry, DDS, purchased Napa Valley Dentistry, including this server, from Dr. C. Michael Quinn, DDS. The server may therefore contain personal information of Dr. Quinn’s former patients who may not currently have a relationship with Napa Valley Dentistry. While there is no indication that your personal information was, in fact, accessed without authorization, we are notifying you out of an abundance of caution and offering you identity protection services.Noble House Hotels & Resorts
August 10, 2016 | Third Party
Abstract
The Sabre Hospitality Solutions SynXis Central Reservations system (Sabre) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. These services include reservations for Noble House Hotels & Resorts (Noble House). On May 2, 2017 Sabre informed us that it retained “expert third parties” to investigate a data security incident that may have affected personal information you provided in making reservations at a Noble House property. Sabre informed us that upon discovering the incident, it engaged a digital forensics firm to conduct an investigation. On June 6, 2017, Sabre informed us that certain reservation information may have been accessed between August 10, 2016 and March 9, 2017 without authorization.April 25, 2016 | Malware
Abstract
We began an investigation after we were notified by the Secret Service about possible fraudulent activity on the payment card system at one of our properties. We engaged a computer security firm to examine the payment systems at all of the properties we manage for any signs of an issue. Through our investigation, we learned that malware may have been installed on payment processing systems that potentially affected cards swiped at the following hotels, restaurants, and bars during the periods identified:Newkirk Products, Inc.
May 21, 2016 | Server Compromise
Abstract
On July 6, 2016, Newkirk discovered that a server containing member information was accessed without authorization. We shut down the server and started an investigation into the incident. The server did not include SOcial security numbers, dates of birth, banking or credit card information, medical information or any insurance claims information. We hired a third-party forensic investigator to determine the extent of the unauthorized access and whether the personal information of our clients' members may have been accessed. We also notified federal law enforcement. While the forensic investigation is ongoing, it appears that the unauthorized access first occurred on May 21, 2016. Although the information contained on the server may have been accessed, NewKirk has no evidence to date that such data has been used inappropiately.Northrop Grumman Systems Corporation
April 18, 2016 | Third Party
Abstract
Equifax Workforce solutions (aka TALX), our W-2 online portal provider, recently confirmed that an unauthorized third party (ies) gained access to its portal during various time periods from April 18, 2016 through March 29, 2017, and may have accessed your personal information and downloaded a copy of your 2016 W-2 form.Noodles & Company
January 31, 2016 | Computer Compromise
Abstract
On May 17, 2016, Noodles & Company began investigating unusual activity its credit card processor reported to the Company. Noodles & Company immediately began working with third-party forensic experts to investigate these reports and to identify any signs of compromise on its computer systems. On June 2, 2016, Noodles & Company discovered suspicious activity on its computer systems that indicated a potential compromise of guests’ debit and credit card data for some debit and credit cards used at certain Noodles & Company locations.Neiman Marcus Group LTD LLC
December 26, 2015 | Account Compromise
Abstract
On or around December 26, 2015, unauthorized individuals began an attempt to access Neiman Marcus Group customers' online accounts on our Neiman Marcus, Bergdorf Goodman, Last Call, CUSP and Horchow websites (collectively, the "NMG websites") by trying various login and password combinations using automatic attacks. We suspect this activity was due to large breaches at other companies (not the Neiman Marcus Group), where user login names and passwords were stolen and then used for unauthorized access to other accounts ...Nationstar Mortgage LLC
July 27, 2015 | User Error
Abstract
On July 27th. an email with a copy of your W2 form was inadvertently sent to an employee at Greenlight. The email and its contents has since been deleted from the respective employee’s mailbox.North East Medical Services
July 11, 2015 | Laptop Stolen
Abstract
However, on July 11, 2015, an employee's vehicle was broken into, and the employee's work laptop belonging to NEMS was stolen from the trunk of a locked vehicle, along with other items. NEMS learned of the incident on Monday, July 13, 2015, and immediately began an investigation.Native Canada Footwear
April 28, 2015 | Website Compromise
Abstract
Native Shoes became aware of a potential vulnerability in the security of our website in late June 2017 and immediately launched an investigation. That investigation has confirmed that malware may have infected the Native Shoes website as early as April 2015. As a result, we are informing you that it is possible that your payment information was compromised if you bought shoes from nativeshoes.com using Visa or Mastercard between April 28, 2015, and June 23, 2017. If that payment information was indeed stolen, your information may be affected.NLU Products, LLC
April 20, 2015 | Breach
Abstract
We recently discovered that we have been the victim of a data security incident that began in April 2015, during which personal, private and unencrypted credit/debit card information may have been exposed to an outside party and compromised.New Horizons Computer Learning Centers, Inc.
April 04, 2015 | Server Compromise
Abstract
On May 28, 2015, we detected suspicious activity on a certain server within our network. We immediately launched an investigation into the activity and , on June 11, 2015, determined unauthorized access to certain employee and vendor information stored on our network had occureed. while our investigation is ongoing, we've determined the following information relating to your business was accessed without authorization: name, and bank account information. Again, we are unaware of any actual or attempted misuse of this information.Nite Ize, Inc.
March 03, 2015 | Website Compromise
Abstract
We recently learned from our service provider that our online store was subject to an attack in early March, and as a result, approximately 309 credit card numbers and certain other customer information may have been accessed by unauthorized parties. We immediately worked with our website provider to block the attack, repair the system, and investigate the incident and damage it caused.Noble House Hotel and Resorts
January 28, 2015 | Malware
Abstract
Noble House began an investigation after we received calls from some of our guests who saw unauthorized charges on their payment cards used at one of our hotels, The Commons. We notified the FBI regarding the incident. We engaged a computer security firm to examine our payment system for any signs of an issue. The computer security firm identified malware on the payment card system for The Commons on September 25, 2015.Noble House Hotels and Resorts
December 29, 2014 | Malware
Abstract
Noble House began an investigation after we received calls from some of our guests who saw unauthorized charges on their payment cards used at certain Noble House properties. We notified the FBI regarding the incident and engaged a computer security firm to examine our payment processing system. Through our investigation, Noble House learned that malware may have been installed on payment processing systems that potentially affected cards swiped at the following properties ...Nvidia Corporation
October 08, 2014 | Network Compromise
Abstract
We recently learned during the week of December 1st that there was unauthorized access to our network, that involved a number of employee usernames and passwords, including yours. There is no indication that any other data of yours has been accessed.Northern Trust
May 17, 2014 | User Error
Abstract
Regrettably, we are writing to inform you about an inadvertent disclosure by Northern Trust of some of that information. Although we believe that there is minimal risk of misuse of your personal information due to this inadvertent disclosure now or in the future as described in further detail below, we are making sure you are fully informed.NCO Financial Systems, Inc.
March 29, 2014 | Third Party
Abstract
On March 29, 2014 our communications vendor, RevSpring, Inc. sent an email to a number of loan customers that mistakenly included an attachment containing unrelated loan statements. You are receiving this notice because our records indicate your statement was among those incorrectly attached to these emails. This email attachment potentially contained the following personal information of affected customers: name, address, social security number, and account number.NECA/IBEW Family Medical Care Plan
December 28, 2012 | Misconfiguration
Abstract
We are contacting you as a precautionary measure because we have learned of a potential data security incident involving your personal information. Recent correspondence sent to you near the end of 2012 containing the NECA/IBEW Family Medical Care Plan’s (FMCP) generic Summary of Benefits Coverage and the Summary of Material Modifications disclosure documents inadvertently included your Social Security number on the envelope.North Los Angeles County Regional Center
November 10, 2012 | Laptop Stolen
Abstract
We learned on November 13, 2012 that a NLACRC lap top was stolen that contained your contact information. The information on the lap top contained the consumer's name, address, phone number, consumer's date of birth ...Nationwide Mutual Insurance Company
October 03, 2012 | Network Compromise
Abstract
On October 3, 2012, a portion of our computer network that is used by Nationwide Insurance agents and Allied Insurance agents was criminally intruded upon by an unidentified criminal perpetrator. We discovered the attack that day, and took immediate steps to contain the intrusion. We believe that we successfully contained the attack through our responsive actions.Nordstrom fsb
June 07, 2012 | Misconfiguration
Abstract
Due to an attempt to reformat addresses to U.S. Postal Service standards, a previous billing statement may have gone to an address other than your correct address.Nebraska State College System
May 23, 2012 | System Compromise
Abstract
On May 23, 2012, there was unauthorized access into the Nebraska Student information System (NeSIS--a data management system shared by the NSCS and the University of Nebraska (NU). The illegal intrusion was disvovered by technical staff, and immediate corrective action was taken to stop and prevent futher unauthorized access to the system. Although initial indications were that only NU records were involved, on May 30, 2012, further investigation determined that the breach also included data for NSCS's three institutions belonging to a University of Nebraska-Lincoln (UNL) undergraduate student who is believed to be involved in this incident.New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E) (subsidiaries of Iberdrola USA)
January 05, 2012 | Insider Threat
Abstract
We take our responsibility to protect your personal data very seriously. For this reason, we are writing to inform you that earlier this month we discovered that an employee of an independent software development consulting firm (contracted by NYSEG and RG&E) allowed unauthorized access to one of our customer information systems. The customer records contain Social Security numbers, dates of birth and, in some cases, financial institution account numbers.Next Glass, Inc.
Abstract
We recently became aware of a breach of BeerAdvocate user data that occurred between 2012 and 2013. After a thorough investigation from an independent third party cyber security firm, it was confirmed that BeerAdvocate user login credentials (email address, BeerAdvocate forum password) were lost and aggregated along with breaches of other websites into a breach dataset that became known as CouponMom 2014. We are notifying you as your BeerAdvocate forum login credentials may have been affected at that time. Importantly, BeerAdvocate did not possess or lose any financial information or information that is likely to lead to identity theft.Nicopure Labs, LLC
Abstract
We have received reports from several customers of fraudulent charges appearing on their payment cards shortly after they were used to make a purchase on our website. We have proactively initiated an investigation and engaged a cyber security firm to examine our website.NSC Technologies, LLC
Abstract
On March 2, 2017 an on-line hacker posing as NSC’s CEO emailed the company’s payroll department and directed that copies of employee W-2 forms be sent to him. Believing the request to come from the CEO, the payroll department forwarded PDF copies of a number of employee IRS W-2 forms to the requestor, who was using a false email address that appeared to belong to NSC’s CEO. Although this “spoofing” episode was identified for what it was literally moments after the W-2 forms were sent to the hacker, by that point the forms themselves had already been shared with him or her. At this point we have no indication that any of the information contained on the W-2 forms that the payroll department was tricked into sharing with the hacker has been misused in any way, but the potential for such misuse certainly exists.Novation Settlement Solutions
Abstract
In late August, Novation learned that some of its confidential information may be in the possession of an unidentified third-party. Novation promptly initiated a fact-gathering process and, subsequently, on September 8, 2016, determined that an unidentified third-party was likely in possession of a set of Novation files including applications and contracts. Novation has no evidence that any of your information has been misused. Novation is notifying you of this event so that you can, if you choose, take steps to protect against the potential misuse of your information.NextBus, Inc.
Abstract
On September 18th, 2015, NextBus detected suspicious activity from an account and our IT experts worked quickly to minimize the issue. Although only a very limited part of our system was affected, during that time an unauthorized individual may have gained access to a database containing your account information. While our investigation is ongoing, we have taken steps to further secure our system and to prevent this type of incident from occurring in the future, including disabling the compromised account, increasing the minimum password strength and blocking traffic to or from any suspect Internet addresses.National Credit Adjusters, LLC
Abstract
National Credit Adjusters, LLC ("NCA") receives certain personal information about retail customers from retailers that sell NCA delinquent accounts. Some customers reported being contacted by certain unauthorized third-party debt collectors. The personal information that may have been accessed by these unauthorized third-party debt collectors include name, address ...Neiman Marcus Group
Abstract
We deeply regret and are sorry that some of our customer's payment cards were used fraudulently after making purchases at our stores. We have taken steps to notify those affected customers for whom we have contact information.National Processing Company, Inc.
Abstract
On September 24, 2012, it was learned that an unauthorized person may have gained access to the computer network that supported the 4Access terminals. The computer network was shut down and a forensic investigation started immediately. The results of the investigation indicate that the unauthorized person may have gained access to check processing information stored in the network ...O
One Workplace Ferrari, LLC dba One Workplace
August 14, 2020 | Ransomware
Abstract
On August 14, 2020, One Workplace was alerted to suspicious activity on our computer network. We hired cybersecurity experts and a computer forensic investigator to help us investigate the incident, ensure the safety of our environment, and confirm whether anyone’s personal information was impacted. The investigation confirmed that we were the victim of a ransomware attack, and an unauthorized individual had gained access to our network. Based on the investigation, the attacker viewed and removed some data stored in the system. On September 17, 2020, we confirmed that the data viewed or taken by the attacker included employees’ personal informationOsmose Utilities Services, Inc.
July 6, 2020 | Ransomware
Abstract
On July 13, 2020, Osmose suffered a cyber attack against our computer systems, whereby some of our systems were encrypted. We immediately secured the affected systems, launched an investigation to determine the nature and scope of the incident, and a specialized cybersecurity firm was engaged to assist. We restored our computer systems to fully operational.Optima Family Services, Inc.
April 21, 2020 | Ransomware
Abstract
On April 21, 2020, CodeMetro systems suffered a ransomware attack, which was detected within hours of its deployment. Upon discovery, we took immediate steps to contain the threat and engaged a third-party forensic firm to investigate the incident and assist with remediation efforts. We also notified federal law enforcement authorities of the incident.Orchard Medical Consulting
January 16, 2020 | Email Compromise
Abstract
On January 30, 2020, we discovered that an unauthorized individual potentially gained access to a single employee’s email account. Upon discovery of the incident, our information technology department took swift action and prevented any further unauthorized access.OTR Leasing, LLC
January 14, 2020 | Email Compromise
Abstract
We recently learned that an unauthorized person gained access to a limited number of employee email accounts with personal information between January 14, 2020 and January 20, 2020. We immediately secured the accounts and a leading cyber security firm was hired to assist with the investigation.Overlake Medical Center & Clinics
December 06, 2019 | Email Compromise
Abstract
On December 9, 2019, we learned that unidentified third parties obtained the login credentials of one Overlake email account. The third parties acquired the credentials by sending a deceptive email to Overlake’s staff members asking them to enter the username and password of their Overlake account on a web page that was linked in the emails. This type of cybersecurity incident is commonly known as a “phishing” scam. The third parties then used the credentials of the one email account to send a second series of phishing emails to Overlake staff members in another attempt to obtain additional account usernames and passwords.Oklahoma Department of Securities
November 29, 2018 | Vulnerability
Abstract
On or about December 11, 2018, the Department received a report of a vulnerability in a firewall that made a Department server accessible. The Department took immediate steps to close the vulnerability in its computer system and took the server offline. The Department launched an investigation into the incident, and hired third party investigators to confirm what information, if any, may have been accessible. The department reported this incident to the FBI, and has cooperated with the investigation.OXO International, Ltd.
July 01, 2018 | Website Compromise
Abstract
On December 17, 2018, OXO confirmed through our forensic investigators that the security of certain personal information that you entered into our e-commerce website (https://www.oxo.com) may have been compromised. We currently believe that information entered in the customer order form between June 9, 2017 – November 28, 2017, June 8, 2018 – June 9, 2018, July 20, 2018 – October 16, 2018 may have been compromised. While we believe the attempt to compromise your payment information may have been ineffective, we are notifying you out of an abundance of caution.OXO
July 01, 2018 | Website Compromise
Abstract
On October 1, 2018, OXO learned that the security of certain personal information entered into our e-commerce website (https://www.oxo.com) may have been compromised. The incident involved an outside source inserting unauthorized code on OXO’s website on or around July 1, 2018 that collected information entered into the customer order pages on our website.OnCourse Learning Corporation (“OCL”), a predecessor-in-interest to Relias LLC (“Relias”)
June 11, 2018 | Unauthorized Access
Abstract
Specifically, we have learned that an unauthorized third party may have obtained access to the personal information of our customers. The incident was limited to the time period between approximately June 11, 2018 and February 4, 2019.Orbitz
October 01, 2017 | Service Compromise
Abstract
While conducting an investigation of a legacy Orbitz travel booking platform (the “platform”), we determined on March 1, 2018 that there was evidence suggesting that, between October 1, 2017 and December 22, 2017, an attacker may have accessed personal information, stored on this consumer and business partner platform, that was submitted for certain purchases made between January 1, 2016 and June 22, 2016. We took immediate steps to investigate the incident and enhance security and monitoring of the affected platform, and made every effort to remediate the issue, including taking swift action to eliminate and prevent unauthorized access to the platform.Occidental College
June 01, 2017 | Unauthorized Access
Abstract
The college has reason to believe that on or around June 1, 2017, an unauthorized person may have gained access to a computer file containing a limited amount of personally identifiable information. The college has conducted a thorough investigation into what happened.OSIsoft, LLC
March 23, 2017 | Account Compromise
Abstract
OSIsoft is experiencing a security incident that may affect employees, interns, consultants and contractors. Stolen credentials were used to remotely access OSIsoft computers.Operating Engineers Local Union No. 3
February 09, 2017 | Website Compromise
Abstract
On or about February 9, 2017, OE3 learned that the security of user data stored on our website, www.oe3.org, had been breached. OE3 is not currently aware of the reason for the breach, but does not have any reason to believe that it was caused by intentional interference or a deliberate effort by any unauthorized perosn to misappropriate the data. OE3 immediately tested the website ofr malware and viruses, and found no traces of any.Orange County Global Medical Center
February 08, 2017 | User Error
Abstract
In connection with preparing research regarding labor and delivery services provided to patients in 2016, on February 8, 2017, we discovered that an employee inadvertently emailed an Orange County Global Medical Center statistical report. The error was discovered that same day, and we reached out to the recipient and instructed him to permanently delete the information.Ondracek & Company
November 21, 2016 | System Compromise
Abstract
On February 6, 2017, we learned that some clients had received notification letters from the IRS telling them that someone had filed or attempted to file a 2016 tax return. Knowing that neither they nor we filed the returns, we immediately began an investigation into the matter (specifically, whether the breach was from a third party or our network). That same day we contacted our IT consultant, immediately changed all system passwords and user information, and started running scans and reviewing our systems to identify any malicious malware on our network. None was found. We further contacted the IRS and FTB, and hired a specialized forensic IT firm for additional investigation.Oilandgasjobsearch.com Limited
September 03, 2016 | Website Compromise
Abstract
We are writing to you today to inform you of an incident in which we experienced unauthorized access to data within our systems. Oilandgasjobsearch.com, an independent UK subsidiary of CareerBuilder, investigated the incident with a leading IT security firm and law enforcement to understand all of the facts. Based on our investigation, we believe that your candidate account credentials (user name and password) and your CV (or resume) may have been accessed by an unauthorized third party. Our investigation has revealed that the unauthorized third party accessed Oilandgasjobsearch.com systems beginning in September of 2016Opes Advisors
May 26, 2016 | Email Compromise
Abstract
On or about May 26, 2016, email login credentials were compromised allowing an outside party to gain access to one specific account. Although we are still investigating the incident, the email may have contained your private information so we wanted to let you know about this incident right away.OptumRx
March 16, 2016 | Laptop Stolen
Abstract
On March 22, 2016, we were notified that an unencrypted laptop computer belonging to a vendor of OptumRx, which provides home delivery prescription services to you, was stolen from one of its employee’s vehicles. The theft occurred on March 16, 2016 in Indianapolis, Indiana.Omni Hotels & Resorts
December 23, 2015 | Malware
Abstract
On May 30, 2016, we discovered we were the victim of malware attacks on our network affecting specific point of sale systems on-site at some Omni properties. The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date.Orange County Employees Association
June 05, 2015 | Network Compromise
Abstract
Regrettably, we recently learned that OCEA has been the victim of a cyber attack that may have put at risk some of the personal information of OCEA members, certain non-members, OCEA Health & Welfare Trust participants, ....orlantino dyoco, M.D.
June 03, 2015 | Network Compromise
Abstract
On July 23, 2015, we determined that one or more attackers had successfully penetrated parts of the OCEA network and potentially gained access to personal information, including yours, that my have included: name, address, date of birth ....OneStopParking
August 01, 2014 | Website Compromise
Abstract
On December 25, 2014 we learned of a potential exposure of personal information provided to OneStopParking. We immediately began an internal investigation into this issue and were able to remediate the issue by December 31, 2014. Independent forensic investigators were retained to assist with this investigation. Our investigation has determined that customers who used our website between August 1, 2014 and December 31, 2014 may have been impacted by this incident. Unfortunately we are not able to determine which specific individuals may have been affected by this incident. While we cannot determine exactly what information may have been compromised, the information potentially compromised includes the customer’s name, address, credit card number, credit card expiration date and CVV code.OppenheimerFunds
April 24, 2014 | User Error
Abstract
On January 9, 2015, a brokerage firm (“Firm”) that has a business relationship with us notified us that, on April 24, 2014, your name, address, Oppenheimer Fund account number, and social security number were erroneously made accessible to a registered representative of the Firm.OANDA Corporation
March 03, 2014 | Server Compromise
Abstract
We are writing to inform you of an unauthorized breach affecting some of our clients, which occurred on the morning of Monday March 3, 2014. Please note that this incident did not impact the fxTrade services, client trades or funds. However;OnCore Manufacturing Services
July 05, 2013 | Laptop Stolen
Abstract
On July 5, 2013, a Company laptop of an Oncore employee was stolen from the employee’s home along with all other valuable contents in their home. At the time of the theft, the laptop stored files including Oncore payroll reports for the following site locations and time period ...Ouidad
June 30, 2013 | Database Compromise
Abstract
Regrettably, we are writing to inform you of an incident involving some of that information. We only recently were alerted that our Company was the victim of an illegal data security attack by sophisticated criminals between the dates of June 30 and July 4, 2013. Based on our ongoing review, we believe that the attackers gained access to the Ouidad customer database, compromising your Ouidad account informationOCS America, Inc.
March 04, 2013 | Phishing
Abstract
On March 4, 2013, OCS America, Inc. discovered that one of its computers may have been affected by a malicious phishing attack. We are sending you this letter as a cautionary measure because we believe that certain information about you, which may have included your name, address, telephone number, date of birth, job title, salary information and Social Security number, was contained in a file on the computerOutdoor Network LLC
December 14, 2012 | Website Compromise
Abstract
We recently learned of an incident on our websites (boats.net and partzilla.com) that may have exposed your personal information to unauthorized persons. This notification to you was not delayed as a result of a law enforcement investigation.We believe the incident occurred when unauthorized third parties compromised and inserted malware into the shopping cart portions of our websites. The malware appears to have targeted transactions by customers that made purchases on our websites using a credit card between December 2012 and July 2013.
Opening Ceremony Online LLC
February 14, 2012 | Website Compromise
Abstract
Due to an inadvertent breach of security that occurred during the period from February 16, 2012 to March [__], 2012, some or all of your personal information inputted by you during your purchase from our website [______] during such period may have been acquired by an unauthorized person, including without limitation your name, address, credit card number, credit card expiration date and credit card security code. Opening Ceremony recommends that you contact your bank, your credit card companies, and the credit reporting agencies to ensure the safety of your accounts.Oak River Insurance Company
October 01, 2011 | Insider Threat
Abstract
The Company discovered that a former employee, while employed with the Company, disclosed personal information about workers compensation claimants to certain individuals who were cooperating in an investigation of suppliers of medical services.OneWest Bank, FSB
January 01, 2011 | Third Party
Abstract
We recently learned that one of our service providers, was the victim of an illegal and unauthorized intrusion into its network (“Network Intrusion”) during the first quarter of 2011. In response, the service provider enhanced the security of its network systems, cooperated with law enforcement including the United States Secret Service (“USSS”), and investigated using leading outside security firms. Given the size and complexity of the issues, they have continued to investigate the scope and extent of the Network Intrusion. As a result, the service provider recently notified us that they have determined that an unauthorized person had access to files which contain some or all of the following information about you: name, address, birthdate, phone number, drivers license number, passport number, and Social Security Number.Outpost Vineyards
Abstract
Our consumer direct sales systems provider, Missing Link Networks, Inc., (“Missing Link”) notified us on May 27, 2015 of a security incident involving credit and debit card data. Missing Link has advised us that during the window of April 1, 2015 to April 30, 2015, a third party might have gained access to certain personal information, including customer names ...P
Promo.com Ltd.
June 22, 2020 | Third Party
Abstract
On July 21, 2020, our team became aware that a data security vulnerability on a thirdparty service which affected many companies had caused a breach affecting certain non-finance related Slidely and Promo user data. We immediately launched an internal investigation to identify what had occurred and to take all necessary steps to protect our customers.PULAU Corporation
June 11, 2020 | Unauthorized Access
Abstract
We are writing to notify you of a data security issue involving certain of your personal information. We recently learned that an unauthorized party accessed some systems on our network between approximately June 11 and June 29, 2020. Promptly after learning of the matter, we began to investigate its nature and scope and secure our systems. We engaged leading security experts to assist with our investigation and we coordinated with law enforcement authorities on the matter. Based on our investigation, we believe the unauthorized party acquired certain employment-related records stored on the affected systems. The affected records contained certain personal information, such as name, contact information, date of birth, government-issued ID (such as Social Security, passport, military ID, tax ID and/or driver’s license numbers), financial account information (such as bank account and/or payment card information), online account usernames and passwords, and/or health-related information (including health insurance information). Importantly, not all of this information was affected for each impacted individual.Pivot Technology Solutions, Inc.
June 9, 2020 | Ransomware
Abstract
On June 12, 2020, the Companies were the victim of a cybersecurity attack by an unauthorized third party, where the unauthorized party attempted to encrypt parts of the Companies’ technology infrastructure (the “Incident”). On July 1, 2020, the Companies discovered that the unauthorized third party had gained access to and exfiltrated limited personal information of US employees and consultants, and immediately undertook an investigation to determine the scope of the information affected.Polycystic Kidney Disease Foundation
May 1, 2020 | Ransomware
Abstract
On July 16, 2020, we were contacted by Blackbaud, one of the world’s largest providers of customer relationship management systems for not-for-profit organizations and the higher education sector. Company representatives informed us that a Blackbaud service provider had been the victim of a ransomware attack that culminated in May 2020. The cybercriminal was unsuccessful in blocking access to the database involved in the attack, however, the cybercriminal was able to remove a copy of a subset of data from several of Blackbaud’s clients including data of Polycystic Kidney Disease Foundation.Pacific Huntington Hotel Corporation
April 10, 2020 | Phishing
Abstract
On 28 April 2020, The Langham, Huntington, Pasadena confirmed that through a phishing attack, a third party gained unauthorised access to the mailbox of an employee of the hotel on April 10, 2020 and had access to the mailbox for approximately two weeks.Patriot Growth Insurance Services, LLC
March 10, 2020 | Email Compromise
Abstract
On March 11, 2020, CBM discovered suspicious activity related to a CBM employee’s email account. We immediately took steps to secure the employee’s email account and launched an investigation which included working with a third-party forensic investigator to determine the nature and scope of the activity. On March 21, 2020, the investigation determined that a CBM employee email account had their account credentials being used by an unknown actor(s) to gain unauthorized access to the account on separate occasions on March 10, 2020 and March 11, 2020. During this limited timeframe, the unauthorized actor may have had access to certain emails and attachments within the account.December 23, 2019 | Email Compromise
Abstract
On January 7, 2020 VBS discovered suspicious activity in a VBS employee’s email account. We immediately took steps to secure the employee’s email account and launched an investigation which included working with a third-party forensic investigator to determine the nature and scope of the activity. On January 17, 2020, the investigation determined that two (2) VBS employee email accounts had their account credentials being used by an unknown actor(s) to gain unauthorized access to each account. The investigation confirmed the unauthorized actor(s) gained access on separate occasions to one account between December 23, 2019 and January 13, 2020 and the second account between January 6, 2020 and January 7, 2020. During this limited timeframe, the unauthorized actor may have had access to certain emails and attachments within the accounts.PCL Constructors, Inc.
February 18, 2020 | Third Party
Abstract
We were recently informed by our third-party vendor that assists with payroll operations that an unauthorized actor accessed the vendor’s database that stores the personal information of current and former PCL employees. As a result, the unauthorized user may have been able to access the database that contained your personal information. However, we have no direct evidence that your personal information was misused.PupBox, c/o Petco Animal Supplies Stores, Inc.
February 11, 2020 | Website Compromise
Abstract
We are writing to inform you that on September 2, 2020, PupBox (a business unit of Petco Animal Supplies Stores, Inc.) became aware of a security incident which affected the PupBox website and may have resulted in a breach of your personal information. On August 7, 2020, we received a notification that fraudulent activities may have occurred on credit cards that were used on the PupBox website between February 26, 2020 and July 21, 2020. We promptly launched an investigation with the assistance of a leading cybersecurity firm, which revealed an unauthorized plugin on the PupBox website. The plugin allowed personal information to be captured and shared with a third-party server between February 11, 2020 and August 9, 2020.Prostate Cancer Foundation
February 7, 2020 | Ransomware
Abstract
We were recently notified by one of our third-party service providers of a security incident. At this time, we understand they discovered and stopped a ransomware attack. After discovering the attack, the service provider’s Cyber Security team—together with independent forensics experts and law enforcement— successfully prevented the cybercriminal from blocking their system access and fully encrypting files; and ultimately expelled them from their system. Prior to locking the cybercriminal out, the cybercriminal removed a copy of our backup file containing your personal information. This occurred at some point beginning on February 7, 2020 and could have been in there intermittently until May 20, 2020.Principal Life Insurance Company
December 12, 2019 | Programming Error
Abstract
In late 2019, we updated a portion of our website. We later determined that a software coding issue was intermittently resulting in instances where a customer navigating within their own account on our website would inadvertantly be shown a single webpage containing information related to another Principal customer's account. On December 16, 2019, we believe a single webpage that included your personal information was misdirected to a Principal.com user while he was navigating in his own online account. We have since fixed the website code that caused this issue. Our forensics review indicates that the misdirected wepage, if it was displayed at all, was only displayed for a few seconds. in addition, the Principal.com user who received the misdirected webpage has stated that he does not remember ever seeing the information. Out of an abundance of caution, however, we are writing to make sure you are aware that this issue occurred.Prime Communications
December 11, 2019 | User Error
Abstract
On April 27, 2020, we became aware of a situation in which a former Prime employee inadvertently received an email with a file containing information related to other Prime employees. Upon learning of this incident, we immediately began investigating to understand what happened and the scope of potentially affected information. Our investigation determined that the file included your information and was inadvertently sent via email to one (1) former Prime employee on December 11, 2019. We have no evidence indicating that your information has been released or otherwise disclosed beyond this former employee or to the general public.Pacific Guardian Life Insurance Co. Ltd.
November 04, 2019 | Email Compromise
Abstract
On November 4, 2019, Pacific Guardian Life became aware of suspicious activity within the email account of one of its employees. It immediately took steps to secure the email account and began an internal investigation. In the course of the investigation, Pacific Guardian Life engaged a leading independent digital forensics firm to determine the nature and scope of the incident. On November 21, 2019, this investigation determined that an unauthorized individual obtained access to the employee email account, and may have viewed or downloaded emails from the account.PKF LLP
August 17, 2019 | Laptop Stolen
Abstract
PKF, LLP (“we,” “us,” or “our”) is a CPA firm that provides auditing services to employee benefits plans. The protection and privacy of the personal information entrusted to us is one of our highest priorities. Because of this, we are writing to make you aware of a recent data security incident.Ply Gem Residential Solutions
July 26, 2019 | Email Compromise
Abstract
We recently concluded an investigation and analysis of a data security incident involving unauthorized access to some employees’ email accounts. Upon learning of the incident, we immediately secured the accounts, launched an investigation, and engaged a cyber security firm to assist. Our investigation determined that an unauthorized person obtained access to the email accounts at various times between July 26, 2019 and November 18, 2019.Pacific Press Publishing Association
June 22, 2019 | Website Compromise
Abstract
In late October, 2019 unauthorized code was discovered on our adventistbookcenter.com website. This code may have been on our website from as early as June of 2019. It is possible that this code was able to read information that you may have typed on the website and potentially transfer that information to unknown third parties. This information may have included data (including first name, last name, mailing address, shipping address, credit card number, credit card type, credit card security code, email address, and account information) that was entered while creating an account or placing an order.PIH Health
June 11, 2019 | Phishing
Abstract
On June 18, 2019, PIH Health learned that certain PIH Health employee email accounts had potentially been accessed without authorization as a result of a targeted email phishing campaign. After learning of this information, PIH Health reset the passwords required to access the affected employee email accounts and implemented additional email and network security measures. PIH Health also immediately began an investigation and, in so doing, engaged leading, independent cybersecurity experts for assistance. As a result of the independent investigation conducted thereby, PIH Health learned on October 2, 2019 that certain PIH Health employee email accounts were accessed without authorization between June 11, 2019 and June 18, 2019 as a result of the above-referenced phishing campaign.Paul Quinn College
May 24, 2019 | Email Compromise
Abstract
On August 16, 2019, we learned that certain PQC employee email accounts had been accessed without authorization. In immediate response, we took steps to secure the impacted email accounts and to further secure our email system, and we began an extensive and detailed analysis of the email accounts to determine if they contained any personal information that may have been affected by the incident. The analysis was completed on February 19, 2020, and it revealed that some of your information was contained in the affected email accounts. After the analysis was complete, we worked diligently to identify up-to-date address information in order to effectuate notification and took steps to notify you of this incident as quickly as possible in light of significant challenges arising from responding to the COVID-19 situation.Presbyterian Healthcare Services
May 09, 2019 | Phishing
Abstract
On June 6, 2019, Presbyterian discovered anonymous, unauthorized access gained through a deceptive email to some of Presbyterian’s workforce members around May 9, 2019. We believe that the unauthorized access to these email accounts was part of a scam or deceptive email trying to get information, known as “phishing.” These email accounts included your name and social security number and might have contained your date of birth, clinical and/or health insurance information.Pacific Specialty Insurance Company
March 20, 2019 | Email Compromise
Abstract
? On June 14, 2019 Pacific Specialty became aware of a pattern of suspicious activity relating to certain Pacific Specialty employee email accounts. In response, Pacific Specialty changed the employee’s account password and worked with an outside forensics expert to investigate the nature and scope of the activity. The investigation determined that certain Pacific Specialty email accounts were accessed without authorization between March 20, 2019 and March 30, 2019. The period of unauthorized access varied for each account at issue. Every potentially accessible file within the impacted accounts was reviewed to determine what files may have been accessible to the unauthorized actor. On November 7, 2019 we became aware of the identities of the individuals whose information was included in the impacted accounts. We continued working to obtain contact information for impacted individuals through January 14, 2020.Princess Polly Group Pty Ltd
November 01, 2018 | Website Compromise
Abstract
On or around april 24, 2019, Princess Polly Online Pty Ltd ("Princess Polly") was notified of suspicious activity related to certain credit cards used in transactions on its Australian website www.pricesspolly.com princess Polly immediately launched an investigation into this report. Through this investigation, Pricess Polly determined that an unidentified third party recently gained unauthorized access to our website. During this process, the third party may have accessed your perosnal information and payment details entered at check-out between November 1, 2018 and April 29, 2019.Paylocity Corporation
November 01, 2018 | User Error
Abstract
Paylocity contracts with Group 1 Automotive, Inc. to provide payroll services. On November 1, 2018, an incident occurred where certain personal information of some Group 1 Automotive employees was inadvertently and temporarily exposed to the administrator of another Paylocity client. The information was not viewed or otherwise compromised, and we have already taken steps to ensure this will not happen in the future.Prosper Marketplace, Inc.
October 03, 2018 | Unknown
Abstract
TBDBPie Five Pizza
September 07, 2018 | Malware
Abstract
Pie Five Pizza was recently alerted to a potential security incident. Based upon an extensive forensic investigation, it appears that an unauthorized individual was able to gain access to and install malicious software designed to capture payment card information on some of our payment processing systems at a limited number of our locations. Although we do not store payment card information on our systems, based on the forensic investigation, it appears that the malicious software was able to capture card information date in real time as card information as it was being entered into certain of our systems. To find out if your Pie Five location was impacted, please visit https://www.piefivepizza.com/paymentcardsecurity/store-list/ (https://www.piefivepizza.com/paymentcardsecurity/store-list/) for a list of affected locations and corresponding dates. Please note that this incident did not affect any purchases made on the PieFivePizza.com website.Pharmaca Integrative Pharmacy Inc.
July 19, 2018 | Malware
Abstract
? After receiving reports of fraud related to a small number of customers from payment card issuers, Pharmaca began an investigation, and on or around December 6, 2018, identified suspicious code on its point-of-sale systems. Pharmaca immediately began working with leading security experts to help determine what happened. Through this investigation, Pharmaca confirmed, on or about December 19, 2018, that malicious code may have captured customer credit and debit card information used for purchases at certain Pharmaca stores between July 19, 2018 and December 12, 2018.Pharmacy Times Office of Continuing Professional Education (“PTCE”)
July 06, 2018 | Misconfiguration
Abstract
On or about July 6, 2018, PTCE learned that an unauthorized party may have accessed a file containing PTCE data. PTCE immediately launched an investigation and began working with third-party forensic investigators to determine the nature and scope of the potential data event. On September 17, 2018, based on investigative developments to date, PTCE concluded that a file containing its data had been publicly available between May 11, 2018 and July 6, 2018, and on the latter date, may have been subject to unauthorized access by an unknown party. On or around October 12, 2018, PTCE confirmed that the file contained information that included personally identifiable information for a limited number of PTCE clients. PTCE then took steps to confirm the identity of the clients whose personally identifiable information was contained in the data file.Paysafe Group Holdings Limited
May 13, 2018 | Website Compromise
Abstract
On November 6, 2020, through Merchant Services’* internal cybersecurity program, we discovered a potential compromise of a website used by part of our U.S. business. We promptly initiated an investigation to determine the nature and potential impact of the vulnerability. In the course of doing so, we identified suspicious activity indicating that an unauthorized actor submitted automated queries to the website. We created a secure environment to test the queries, using available logs and other information to assess potential impact. By November 19, 2020, we determined that a subset of the queries identified might have involved data held on the website. We analyzed logs and other information available to assess whether those queries could have returned information to unauthorized actors, and we engaged external forensics experts to assist. By December 3, 2020, we determined that some queries may have compromised certain information held on the website, although the evidence is not conclusive. At this time, we have identified evidence of suspicious activity on the website between May 13, 2018, and November 24, 2020. We have notified law enforcement. Although we are not aware of any evidence confirming that the activity resulted in unauthorized actors acquiring or misusing your personal information, we are providing this notice out of an abundance of caution so that you can take steps to protect yourself.Plant Therapy
March 29, 2018 | Malware
Abstract
On May 11, 2018, Plant Therapy learned of a potential data security incident involving the unauthorized installation of malware on our e-commerce web platform. Upon discovering the incident, we took immediate steps to secure this information. We also launched an investigation and worked with a leading forensics firm to determine what happened and whether customer payment card information had been accessed or acquired without authorization. This letter serves to inform you of the incident and to share with you steps that you can take to help protect your information.PLAE INC.
March 15, 2018 | Website Compromise
Abstract
Protecting your financial information is our top priority and while we have extensive security systems in place to protect your data, a cyber-attack took place that may have affected customers who placed online orders between March 15, 2018 and May 11, 2018. We began an investigation as soon as we became aware of a potential breach on May 10, 2018, and were able thereafter to stop further unauthorized account access by this attacker.Phillip Capital Inc.
February 28, 2018 | Phishing
Abstract
On February 28, 2018, Phillip Capital received a phishing email from a third-party vendor. Phillip Capital responded to this phishing email by logging onto what we believed was the vendor’s legitimate platform. This enabled the attacker to access a few of our employees’ email accounts before we discovered the incident and cut off all unauthorized access.POPSUGAR Inc.
February 22, 2018 | Account Compromise
Abstract
On April 30, 2018, we discovered that, in February 2018, an unauthorized third party gained access to account credentials and accessed certain user information.PF@-Com, Inc.
February 20, 2018 | Website Compromise
Abstract
On March 12, 2018, we discovered that information entered on some of our websites (aveneusa.com, renefurtererusa.com, kloraneusa.com, and glytone-usa.com (the “Websites”)) had been captured and potentially sent to unauthorized third parties. We immediately began a full investigation of the incident, which concluded on March 28, 2018, by which time we were able to identify the types of information that may have been compromised and the population of potentially affected visitors. Any information entered on any of the Websites between February 20, 2018 and March 15, 2018 may have been exposed.Paycor, Inc.
February 16, 2018 | User Error
Abstract
During the normal course of business, a Paycor employee accidentally mailed an encrypted computer disc (“CD”) containing images of IRS W-2 tax information for you and fellow employees from Supreme Corporation and its affiliates. The CD was mailed directly to one recipient at another trusted Paycor client company. The same recipient of the CD also received the corresponding password to unencrypt the CD’s contents via a separate email. The recipient conducted a “spot check” of random entries in the report to ensure it contained the information she expected for her company’s employees. The recipient did not view all entries in the CD. Upon realizing that the CD did not contain information for her company, the recipient immediately notified Paycor of the mailing error. Paycor immediately took steps to ensure the CD was securely returned by the recipient, that the recipient securely deleted any relevant data from her company systems, and that the file had only been viewed by the single recipient.Peaceful Valley Farm & Garden Supply
February 09, 2018 | Website Compromise
Abstract
We value your business and respect the privacy of your information, which is why we are writing to let you know about a serious data security incident that occurred between February 9, 2018 and August 22, 2018 that involved your personal information. The breach involved the unauthorized access by an unknown third party of personal information of customers who placed orders on the Peaceful Valley Farm Supply website during the above time period.PAR Electrical Contractors, Inc.
December 22, 2017 | Files Lost
Abstract
On or about December 22, 2017, a thief stole a container holding daily backup tapes that, as part of PAR's regular practices, had been taken off-site. Upon learning of thsi incident (on December 22), we promptly notified law enforcement and initiated an investigation. We believe the thief was seeking physical items, not electronic data, and we are not aware of any actual misuse of the backup tape data.November 24, 2017 | Account Compromise
Abstract
We take privacy and security very seriously at Pinterest and wanted to let you know that we detected suspicious activities on your account. During this incident, unauthorized login attempts to your Pinterest account were made. Your account may also contain Pins, boards and messages that may not have been added by you. If you see any, don’t click, share, or save this suspicious content.Providence Saint John’s Health Center
November 20, 2017 | Third Party
Abstract
On December 8, 2017, one of our vendors, Nuance Communications, Inc. (Nuance), a medical transcription software company,1 experienced an unauthorized intrusion into their computer system that resulted in the theft of your personal information.Pedes Orange County
November 14, 2017 | Unauthorized Access
Abstract
We share our medical facility with another medical group to conduct surgical procedures throughout the week. To assist in scheduling surgical procedures, we share a scheduling tool with other medical professionals in the building. On November 14, 2017, we learned that a physician from another medical group in the facility accessed our Pedes electronic medical records database without permission and disclosed the database materials to their attorney. Since discovering this incident, we have been working with the unauthorized individual to destroy all patient medical information that was accessed without permission.Pension Fund of the Christian Church (“Pension Fund”)
November 09, 2017 | Server Compromise
Abstract
Pension Fund of the Christian Church values and respects your privacy, which is why we are writing to advise you about two recent incidents that may affect your personal information, to explain the steps that we have undertaken since discovering the incidents and to provide you with guidance on what you can do to protect yourself.Pizza Hut, Inc.
October 01, 2017 | Website Compromise
Abstract
Pizza Hut has recently identified a temporary security intrusion that occurred on our website. We have learned that the information of some customers who visited our website or mobile application during an approximately 28-hour period (from the morning of October 1, 2017 through midday on October 2, 2017) and subsequently placed an order may have been compromised. Pizza Hut identified the security intrusion quickly and took immediate action to halt it.Palomar Health
September 27, 2017 | User Error
Abstract
I regret to inform you that on September 27, 2017, an employee of Palomar Health unintentionally misdirected an email containing a worklist which included certain patient-related information about you to an unintended recipient.February 22, 2014 | Device Lost
Abstract
On February 22, 2014, Palomar Health learned that two flash drives were stolen from an employee’s vehicle overnight. We immediately began a thorough investigation, including hiring an outside expert forensic company to reconstruct the information contained on the devices. The investigation concluded on March 25, 2014, and determined that the devices may have contained your name, date of birth, diagnosis, treatment information, and insurance information. Your Social Security number, financial information and medical records were not on the devices.Preferred Hotel Group, Inc.
August 10, 2017 | Third Party
Abstract
Sabre Hospitality Solutions, a company that facilitates the booking of our reservations either through our member hotels, our call centers, travel agencies, online travel agencies, or similar booking services informed us that an unauthorized party gained access to their SynXis Central Reservations system. We have been told that this unauthorized party could view unencrypted payment card information, as well as certain reservation information, for a subset of hotel reservations processed through their system.Pacific Alliance Medical Center
June 14, 2017 | Computer Compromise
Abstract
On June 14, 2017, PAMC became aware that certain of its networked computer systems were being affected by a cyber incident. We suspect that the incident began on or shortly before that date. Shortly after becoming aware of the issue, PAMC's informtion Technology Department completed a preliminary assessment and determined that certain networked computer systems had been infected by a computer virus that was encrypting (making unreadable) certain files on PAMC's computer network.PAMC promptly shut down our networked computer systems, initiated our incident response and recovery procedures, notified the Federal Bureau of investigtion, and began a privileged and confidential forensic investigation. Since then, we have decrypted (made readable again) the affected files and have taken, and are continuing to take, actions to restore the affected systems and prevent similar incidents.Professional Publications, Inc. (PPI)
June 11, 2017 | Website Compromise
Abstract
During routine security monitoring of the PPI website, we found indications of suspicious activity and immediately launched an investigation. On September 19, 2018, our investigation determined that a hacker had implemented malicious code that allowed the hacker to obtain access in June 2017 to personal information that was submitted in connection with certain transactions made on the website between March 9 and April 5, 2017. We immediately began efforts to identify and notify affected individuals and sent notifications to these individuals in October 2018, which may have included you.Provo Craft & Novelty, Inc., d/b/a/ Cricut
May 27, 2017 | Website Compromise
Abstract
We have learned that the checkout page on a prior version of our website was the subject of a cyberattack, which was designed to scrape payment and personal information of customers at checkout while making purchases. You are receiving this letter because you entered information to check out on shop.cricut.com between the dates of May 27 and July 12, 2017.Palo Alto Unified School District
April 04, 2017 | Misconfiguration
Abstract
After a recent upgrade to their backup systems, a configuration error exposed Schoolzilla’s backup files. A computer security researcher doing targeted vulnerability analysis detected this issue late on April 4, 2017, downloaded those files, and notified Schoolzilla of the problem. As soon as Schoolzilla received the notice on the morning of April 5, 2017, they immediately fixed the error, verified via log files that nobody other than the one security researcher accessed those exposed files, and ensured that the security researcher who discovered and alerted us to this vulnerability permanently and securely deleted the data.Performant Financial Corporation
January 27, 2017 | Network Compromise
Abstract
By letter dated April 7, 2017, C&T informed Performant that after noticing unusual activity on its network, C&T had hired a specialist forensic information technology firm to investigate. As a result of that investigation it was determined that an unauthorized individual had accessed a C&T network drive between January 27, 2017, and February 2, 2017. C&T, however, could not determine whether any specific files were accessed. The network drive, unfortunately, contained the Company’s 401K audit files for certain years.Platt College, Los Angeles LLC
January 17, 2017 | User Error
Abstract
A technical error caused Student’s 1098T Tuition Statements to be addressed with another student’s mailing address, and the Statements were inadvertently mailed to another student on January 13, 2017.Pool Supply Unlimited
January 09, 2017 | Website Compromise
Abstract
On January 11, 2017 Pool Supply Unlimited learned that a third party computer server utilized for our website was hacked. In the last week poolsupplyunlimited.com has been held hostage by a group of hackers in Iran.Palomar Community College District
January 05, 2017 | Network Compromise
Abstract
On January 19, 2017, we learned that an unauthorized individual may have accessed part of our network that contained IRS Form W-2s for some of our employees. Upon learning of this, we immediately began an investigation and contacted law enforcement.prAna
December 14, 2016 | Server Compromise
Abstract
On February 6, 2017, we detected that an unauthorized third party may have obtained access to the servers that operate our e-commerce website, ww.prana.com. We immediately hired a leading cybersecurity firm to assist us in our investigation and remediate the website.Pacific Hospitality Group
November 03, 2016 | Account Compromise
Abstract
The Sabre Hospitality Solutions SynXis Central Reservations system (CRS) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following an examination of forensic evidence, Sabre informed us that an unauthorized party had gained access to account credentials that permitted unauthorized access to unencrypted payment card information, as well as certain reservation information, for a subset of hotel reservations processed through the CRS. Sabre notified our company about the possible breach on or about June 6, 2017 and then sent us the dates of breach by property and the list of the impacted guest records on June 13, 2017.Print EZ, Inc.
September 01, 2016 | Website Compromise
Abstract
During a routine review, Print EZ identified an anomaly in scan results for its e-commerce website printez.com. Upon receiving these results, Print EZ immediately commenced an investigation and later identified suspicious file that was inserted into its e-commerce website. Print EZ quickly removed the infected file and took additional steps to secure its website. Additionally, Print EZ completely modified its checkout process to implement additional security measures. Print EZ determined on December 14, 2018 that it was unable to determine how the file may have affected information entered onto its website. In an abundance of caution, Print EZ is notifying customers who used a credit card on its website from September 1, 2016 until September 23, 2018 when Print EZ moved to its new checkout process.Pacifica Hotel Management, LLC
August 10, 2016 | Third Party
Abstract
The Sabre Hospitality Solutions SynXis Central Reservations system (CRS) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following an examination of forensic evidence, Sabre notified us on or about June 6, 2017 that an unauthorized party gained access to account credentials that permitted unauthorized access to unencrypted payment card information, as well as certain reservation information, for a subset of hotel reservations processed through the CRS.Pratap S. Kurra, M.D.
August 08, 2016 | User Error
Abstract
On August 9, 2016, I was informed that papers related to my practice were found in a trash container. I immediately began an investigation into the matter and determined that on August 8, 2016, the day before, billing tickets used by my practice were accidentally thrown away during my move. Fortunately, all known records were retrieved within 24 hours, and upon further investigation, it was determined to have been a singular incident.Public Health Institute
July 04, 2016 | Database Compromise
Abstract
The California Environmental Health Tracking Program (CEHTP) of the Public Health Institute (PHI) became aware on August 4, 2016 that an electronic database containing email addresses and corresponding passwords for individual user accounts at one or more of the sites listed below was accessible on the internet without encryption or other security features for approximately 30 days. The accounts in question are:Premier America Credit Union
June 29, 2016 | Insider Threat
Abstract
We recently learned that a departing employee of Premier America emailed to his non-Premier America account lists that reflected some of your personal information, in violation of our company policies, during late June 2016. At this point, we assume that the purpose of the acquisition was solely for solicitation purposes (which we consider to be inappropriate) and do not believe that you are at risk for identity theft.PAX Labs, Inc.
June 25, 2016 | Website Compromise
Abstract
On July 15, 2016, we discovered that an unauthorized party had gained access to one of our cloud-based website servers and installed unauthorized software. PAX removed this software on July 15, 2016. Subsequently, an unauthorized party added similar software on July 22, 2016, which PAX removed that same day. Our investigation revealed that the unauthorized party accessed personal payment card information of approximately 6,000 customers who had made purchases from either www.JUULvapor.com or www.PAXvapor.com between June 25, 2016, and July 22, 2016.Preferred Hotel & Resorts
June 01, 2016 | Third Party
Abstract
The Sabre SynXis Central Reservations System (CRS) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following their internal investigation, Sabre notified us that an unauthorized party gained access to user credentials that enabled the party to view some reservation information for a subset of hotel reservations that Sabre processed on behalf of some of its customers, including certain Preferred hotel properties. The investigation determined that the unauthorized party was able to access Sabre’s system between June of 2016 and November of 2017. Please note that no Preferred computer or network systems were affected in any way by this incident.Project Management Institute
April 23, 2016 | Third Party
Abstract
PMI was informed on June 14, 2016, that one of its vendors, Comnet Marketing Group, Inc. (“Comnet”), had been the victim of an intrusion of its computer systems. An unauthorized user gained administrative access to Comnet’s systems on April 23-24, 2016, and issued commands to delete all the data housed on Comnet’s servers. That data may have included certain PMI customer credit card information that Comnet had collected on behalf of PMI. Comnet did not discover any evidence indicating that the credit card data was accessed or acquired by an unauthorized user or that the unauthorized user intended to steal data. But Comnet has been unable to definitively rule out any unauthorized access to or acquisition of data. Thus, PMI provides this notice out of an abundance of caution.Pivotal Software, Inc.
March 22, 2016 | Phishing
Abstract
As we stated earlier, Pivotal was recently involved in an e-mail “phishing” scam targeting personal information of Pivotal employees. On March 22, 2016, an unknown third party sent a fraudulent email message impersonating CEO Rob Mee to an employee requesting certain information about Pivotal employees. The employee responded to the request, mistakenly believing that it came from Mr. Mee.PerkinElmer, Inc.
February 24, 2016 | Phishing
Abstract
We became aware of an incident in which an unauthorize third party was provided information regarding employees of PerkinElmer, Inc. ("PerkinElmer" or the "company") on February 24, 2016. we began investigating the incident as soon as we became aware of the incident. Late in the afternoon on february 24, 2016 the company discovered that a perkinelmer empoyee received an email that was disguised to appear that it was sent from another perkinelmer employee, requeseting certain employee information. The employee who received the email had access to salary and other employee information and, believing the email was legitimate, provided the requested information. At this time, we have no reason to believe that our IT systems are compromised.Pirthipal Dhillon
December 02, 2015 | Network Compromise
Abstract
Wendy’s recently reported additional malicious cyber activity involving some franchisee-operated restaurants. The Company believes this criminal cyberattack resulted from a service provider’s remote access credentials being compromised, allowing access – and the ability to deploy malware – to some franchisees’ POS systems. Soon after detecting the malware, Wendy’s identified a method of disabling it and thereafter has disabled the malware in all franchisee restaurants where it has been discovered. The investigation has confirmed that criminals used malware believed to have been effectively deployed on some Wendy’s franchisee systems starting in late fall 2015.Peninsula Foods, L.P.
December 02, 2015 | Network Compromise
Abstract
Wendy’s recently reported additional malicious cyber activity involving some franchisee-operated restaurants. The Company believes this criminal cyberattack resulted from a service provider’s remote access credentials being compromised, allowing access – and the ability to deploy malware – to some franchisees’ POS systems. Soon after detecting the malware, Wendy’s identified a method of disabling it and thereafter has disabled the malware in all franchisee restaurants where it has been discovered. The investigation has confirmed that criminals used malware believed to have been effectively deployed on some Wendy’s franchisee systems starting in late fall 2015.Peter Michael Winery
April 12, 2015 | Third Party
Abstract
Regretfully, we are writing to inform you that our third party e-commerce vendor experienced a security breach of its system, and as a result, your personal information and credit/debit card information, stored on their server may have been accessed by an unauthorized party. Because our vendor is used widely in the wine industry, you may also be hearing from other wineries whose data was similarly affected.Packers Sanitation Services, Inc. Ltd.
February 05, 2015 | Third Party
Abstract
We are contacting you to advise you that we have learned of a serious data breach that was discovered last week involving Anthem Inc. (“Anthem”) whom Packers Sanitation Services, Inc. (“PSSI”) utilized for its health plan insurance until December 31, 2013. We have been informed that your personal information, along with any beneficiaries of the plan (e.g., your spouse and/or children enrolled in the plan), may have been in Anthem’s database which was compromised.Piedmont Advantage Credit Union
January 31, 2015 | Laptop Stolen
Abstract
On January 31, 2015, we discovered that there was a credit union owned laptop that could not be located. While incidents like this are not uncommon, it is a first occurrence for us.Phoenix House Foundation, Inc. and its affiliates
December 19, 2014 | Insider Threat
Abstract
On December 22, 2014 phoenix House learned that, on December 19, 2014, a consultatn hired to perform payroll activities for us appears to have made unauthorized changes in our electronic payroll system hosted by third parties. Upon learning this, we immediately removed the consultant's access to the systems at issue and conducted an investigation to determine what information may have been changed.Piech Sales Company, LLC dba ValuePetSupplies.com
November 25, 2014 | Website Compromise
Abstract
On or about November 25, 2014, ValuePetSupplies.com was the victim of a cyberattack. Unauthorized persons accessed our servers and installed malicious files to capture personal information entered by individuals onto our website (http://www.valuepetsupplies.com). The information impacted could include name, address, credit or debit card number, card value verification (CVV) and expiration date, telephone number, electronic mail address, and/or account password.Physicians Skin and Weight Centers, Inc.
November 04, 2014 | Laptop Stolen
Abstract
On November 4, 2014, an employee’s vehicle was broken into in Fresno, California and a password protected laptop and external hard drive were stolen from the vehicle. Fortunately, the theft was discovered within an hour of its occurrence and the Fresno Police Department was immediately notified and a formal police report was filed.Providence Saint Joseph Medical Center
November 01, 2014 | User Error
Abstract
On February 18, 2015, Providence St. Joseph Medical Center discovered that a Providence staff member inadvertently sent your billing information to a company that handles billing for some of our physician medical groups that Providence contracts with in Southern California.Palm Springs Federal Credit Union
October 20, 2014 | Device Lost
Abstract
Financial institutions are required to have their operations and records audited regularly. As part of the audit process, the Credit Union provided information regarding the Credit Union's members on an external drive containing members' names, addresses, social security numbers and account numbers. Regrettably, the drive was lost and its location is now unknown.Peppermill Casinos, Inc.
October 12, 2014 | Files Lost
Abstract
This security incident relates to the unauthorized and illegal acquisition, by criminal hackers, of certain credit and debit cards used at Peppermill's front desk. The criminal attack was limited to credit or debit transactions between October 12, 2014 and February 16, 2015, and we became aware of the existence.Point Loma Nazarene University
October 07, 2014 | Phishing
Abstract
Between October 7, 2014 and October 20, 2014, the University became aware of and remediated instances of unauthorized access to five employee email accounts that occurred during this time period as a result of phishing attacks. Upon learning of this matter, we immediately launched an investigation and retained outside forensic experts to determine the scope of this incident. While the investigation into the matter is ongoing, the external forensics experts have confirmed that the following categories of your personal information were potentially subject to unauthorized access:Pacific Biosciences of California, Inc.
September 16, 2014 | Laptop Stolen
Abstract
We write to inform you about the recent theft from an employee's home of a password-protected work laptop that occurred on or about September 16, 2014. The laptop may have contained files with some personal information about you, including your name ...Perspectives
September 08, 2014 | Website Compromise
Abstract
In September 2014, the Perspectives class site experienced a criminal database attack which took the form of an unauthorized advertising attack. These advertisements were hidden in our class site to the public viewer and were most likely used to gain greater search engine page ranking for other websites. You may have noticed suspicious advertisements for "abortion pills" on certain portions of our website which can, potentially, be electronically malicious if clicked. Perspectives leadership learned of the breach in January 2015.Paytime Harrisburg Inc. d/b/a Paytime, Inc.
Abstract
On April 30, 2014, we learned that unauthorized individuals accessed usernames and passwords associated with our system. We immediately launched our own investigation, and retained outside forensic experts to determine whether employee information may have been accessed by the intruders.P.F. Chang’s China Bistro
October 19, 2013 | Breach
Abstract
On Tuesday, June 10, the United States Secret Service alerted P.F. Chang's to a possible security compromise involving credit and debit card data reportedly stolen from certain P.F. Chang’s China Bistro branded restaurants located in the continental United States. APetrochem Insulation, Inc.
July 18, 2013 | Laptop Stolen
Abstract
On the evening of July 18, 2013, an unknown person broke into the locked car of a Petrochem employee and took a laptop computer, various documents and other items. Stored on the stolen laptop were spreadsheets containing certain personal information about you and other Petrochem employees, including, for example, your name, employee identification number and social security number. Petrochem currently has no reason to believe that the thieves targeted your personal information, and additional items, such as a computer bag, paperwork and reading glasses, were also stolen from the vehicle.Pinkerton Government Services, Inc.
November 15, 2012 | Computer Stolen
Abstract
During the night of November 15, 2012, a number of computers were stolen from a PGS operating center. At this time it appears that the theft was intended for the actual value of the computers, and not the information that may have been stored.Pepperdine University
November 11, 2012 | Laptop Stolen
Abstract
On November 12, 2012, we discovered that a University laptop computer was stolen from an employee’s locked car. After analyzing the data that was contained on this password protected laptop, we believe that your personal information may have been included. The compromised personal information may include your name and one or more of the following: Social Security number, addresses or date of birth.Philip P Corneliuson
September 15, 2012 | Computer Stolen
Abstract
On the afternoon of Saturday , September 15th 2012, we discovered our office suite broken into and our computer stolen. The computer stored both medical records and insurance information, including social security numbers of several patients, including yours. As a result, your personal information is now potentially accessible to unauthorized individuals.Petco Animal Supplies, Inc.
May 18, 2012 | Laptop Stolen
Abstract
On Tuesday, July 3, 2012, the outside auditor of Petco's 401(k) Plan (the "Plan") informed us that five laptop computers had been stolen from their offices during the weekend of May 18-20, 2012.Perry Dental
February 16, 2012 | Computer Stolen
Abstract
We are contacting you about a recent burglary in our office that may result in an identity theft problem. The theft involved computer equipment that contained patient insurance information that may be compromised.Pacifica-Coastside Credit Union / SF Fire Credit Union
December 29, 2011 | Laptop Stolen
Abstract
. On the night of December 29, 2011, a laptop used in preparation for the merger of SF Fire Credit Union with Pacifica-Coastside Credit Union was stolen from a parked car in San Francisco. While the laptop was password-protected, it is possible that the information could be retrieved with the use of specialized tools.Pono Products, Inc. dba reuseit.com
August 22, 2011 | Website Compromise
Abstract
The data breach occurred from August 22 – September 28, 2011 and stemmed from an intruder gaining unauthorized access to our system. They were able to intercept portions of personal information as it was entered into our site. One thousand of our valued customers were affected, and we have taken corrective action to prevent such intrusions from occurring in the future.Placer Union High School District
Abstract
We are writing to inform you of a student data vulnerability reported by Total Registration, a company that your child may have used to register for AP (or PSAT @ Colfax only) exams. Our understanding is this was not a database breach, but rather a 48-hour period when student reports were left viewable in plain text.Port City Operating Company, doing business as St. Joseph’s Medical Center
Abstract
On August 9, 2018, St. Joseph's discovered that two old laboratory machine analyzers, powered down for removal and replacement, did not contain their computer had drives. Personnel of St. Joseph's and TriMedx, a business associate of St. Joseph's. searched diligently, but without success, for the hard drives, which contained limited patient information.Paul Stuart, Inc.
Abstract
On May 15, 2017, we learned that an unknown individual may have accessed your credit or debit card information used to make purchases at our online store. We immediately took action to secure our system and commenced an investigation to determine what information may have been accessed. We determined that the unknown individual may have accessed customer payment card information, including name, address, telephone number, and credit/debit card information.Praetorian Digital which operates PoliceOne.com
Abstract
On Friday, February 3, 2017, we were notified that the content of our PoliceOne Forum was the subject of unauthorized access and acquisition. The incident occurred in our forums, which are run on third party software and are entirely separate from our main PoliceOne member database and other systems, which have not been compromised. We have become aware of a security incident in our PoliceOne Forums that allegedly occurred in 2015. We are aggressively addressing the matter and want to make you clear on the scope of the issue and its potential impact to you. Security is incredibly important to us and we've worked hard to protect your information over the past 17 years.Pride Mountain Vineyards
Abstract
Our consumer direct sales systems provider, Missing Link Networks, Inc., (“Missing Link”) notified us, along with a significant number of other wineries, that on May 27, 2015 of a security incident involving credit and debit card data. Missing Link has advised us that during the window of April 1, 2015 to April 30, 2015, a third party might have gained access to certain personal information, including customer names, card numbers, related payment addresses, passwords, and dates of birth.Palmaz Vineyards
Abstract
Our consumer direct sales systems provider, Missing Link Networks, Inc., (“Missing Link”) notified us on May 27, 2015 of a security incident involving credit and debit card data. Missing Link has advised us that during the window of April 1, 2015 to April 30, 2015, a third party might have gained access to certain personal information, including customer names, card numbers, related payment addresses, passwords, and dates of birth.Premera Blue Cross, including Academe, Inc. (formerly known as LifeWise Health Plan of Arizona, Inc.), Connexion Insurance Solutions, Inc., Life Wise Health Plan of Washington, Life Wise Health Plan of Oregon, Inc., LifeWise Assurance Company, Vivacity
Abstract
On January 29, 2015, we disvovered that cyberattackers had executed a sophisticated attack to gain unauthorized access to our information Technology (IT) systems. Our investigation further revealed that the initial attack occurred on May 5, 2014. We worked closely with Mandiant, One of the world's leading cybersecurity firms, to conduct our investigation and to remove the infection created by the attack on our IT system.Park ‘N Fly
Abstract
Park ‘N Fly (“PNF”) has become aware of a security compromise involving payment card data processed through its e-commerce website. PNF has been working continuously to understand the nature and scope of the incident, and has engaged third-party data forensics experts to assist with its investigation.Public Architecture
Abstract
Last Monday, December 8th, we discovered that theonepercent.org had been hacked. A malicious hacker broke through our security protocols and firewalls and put up his own vanity page to brag about his destructive success. In responding to this unexpected and unprovoked attack, we contacted our web developers to repair the site.PLS Financial Services, Inc.
Abstract
We learned on July 26, 2013 from the company that operates our website that their recent programming change inadvertently allowed access by a certain segment of site visitors to a restricted part of the site.PHH Corporation
Abstract
We are writing to let you know that, on April 3, 2013, we learned that a temporary worker placed at a PHH Corporation (“PHH”) location had been indicted in connection with identity fraud unrelated to the work performed at PHH. The individual is no longer working at PHH. Because the temporary worker had access to personal information of certain PHH current and former employees and applicants, we promptly initiated a review of the individual’s access to this information.Postcard Press, Inc. d/b/a Next Day Flyers
Abstract
On April 2, 2012, we discovered an electronic file on our system that was storing transaction information, including the name, address, e-mail address, and credit card information for customers who placed orders through our website between March 23, 2012 and April 2, 2012. We do not know if any unauthorized person accessed this file or how the file was created, but we detected the file near the time an unauthorized person was trying to disrupt traffic to our website.Q
Quality-Care Pharmacy
March 11, 2018 | Device Lost
Abstract
This letter serves to follow-up with our previous letter of March 24, 2018. In our previous letter, we notified you of a burglary that occurred on March 11, 2018. As stated in the previous letter, this incident involved the possible unauthorized disclosure of our patients personal information including, but not limited to, patient names, telephone numbers, Social Security numbers, and identification of their medications, in an external hard drive and paper documents stolen during the burglaryQuest Nutrition
November 10, 2017 | Phishing
Abstract
We recently learned that an outside individual sent emails to certain Quest Nutrition employees soliciting their login information to our email system. The individual appears to have been able to use these credentials to gain unauthorized access to an employee email account, which contained certain personal information about a limited number of our employees, influencers/partners, and other individuals.Quench USA, Inc
February 10, 2017 | Server Compromise
Abstract
On February 13, 2017, we discovered our Coffee Service server had been infected with a virus that prohibited our access to our files. We restored the server and launched an investigation to determine the capabilities of the virus and how it was introduced to the server. On February 22, 2017, as part of our ongoing investigation, we determined this virus was introduced by an unknown third party that had access to a server on our information system and confirmed this server contains information relating to Quench Coffee Service customers.Quest Diagnostics
November 26, 2016 | Website Compromise
Abstract
On November 26th an unauthorized third party accessed the MyQuest by Care360® internet application and obtained PHI of approximately 34,000 patients. The data included name, date of birth, lab results, and, in some instances, telephone numbers.November 17, 2014 | User Error
Abstract
On November 17,2014, a Quest Diagnostics employee inadvertently sent a standard report via secured email to two individuals from outside companies with whom we have a business relationship.Qvale Auto Group, Inc.
June 27, 2016 | Third Party
Abstract
The incident occurred when, during the course of an upgrade by a third party IT vendor, employee access limitations were removed to certain information of employees for a limited time period in June 2016. This allowed certain employees to potentially access that information. As soon as this error was discovered, it was corrected.Quayside Publishing Group
April 29, 2013 | Website Compromise
Abstract
We have established that malicious software planted by an outside source may have been able to access credit card information, names, and addresses during recent transactions with our ecommerce sites Qbookshop.com, Qbookshop.net, Motorbooks.com and WalterFoster.com. The estimated time this may have occurred was between April 29, 2013 and June 17, 2013. There were 639 orders (affecting 552 customers) Placed on our sites during this period from most of the states/provinces in the US and Canada and from countries overseas.QVC, Inc.
Abstract
QVC uses technology to track activities that occur on its website, and the tracking technology sends data to companies that provide services to QVC. We recently learned that as the result of a technical setting, instead of sending anonymous data, the tracking technology unintentionally sent limited information about website visitors to those online marketing partners. While the information was sent securely, neither QVC nor the online marketing partners intended for this data to be sent.R
River City Bank
September 29, 2020 | Insider Threat
Abstract
On September 29, 2020, we discovered some unauthorized activity performed by a Bank employee. This individual downloaded customer data, including yours, to a personal storage drive and later sent the information to a third party. In doing so, the employee exceeded their authorized access, which was limited to accessing the Bank’s data for legitimate bank purposes. When we first learned of this incident, we took immediate steps to restrict the employee’s system access. We also reported the incident to law enforcement. A thorough investigation was conducted by a forensic investigation firm to determine what happened, who was impacted, and what information may have been affected.Rocklin Unified School District
September 18, 2020 | Vulnerability
Abstract
On September 17, 2020 we were informed by Rocklin Unified Parent that there was a bug in the NutriLink software that may allow unauthorized access to the NutriKids-NutriLink system. The initial report was focused on NutriKids-NutriLink Databases where families can look up information on their student(s), which we do use and Link® to through our district website.November 04, 2019 | Third Party
Abstract
On April 27, 2020 we were informed there may have been unauthorized access to the Aeries® SIS on November 4th, 2019. The initial report was focused on Aeries Hosted Databases, which we do not use. Our Student Information System is housed on our own servers here in Rocklin.On May 6, 2020 we learned that it may have also affected on-premise databases similar to ours. Following directions provided by Aeries, we immediately contacted Aeries and got confirmation on May 11, 2020 that our data was also accessed.
Abstract
On September 17, 2020 we were informed by Rocklin Unified Parent that there was a bug in the NutriLink software that may allow unauthorized access to the NutriKids-NutriLink system. The initial report was focused on NutriKids-NutriLink Databases where families can look up information on their student(s), which we do use and Link® to through our district website.RadNet, Inc.
July 18, 2020 | Unauthorized Access
Abstract
I am writing to let you know of an incident that may have affected your personal information. On July 18, an unknown third party gained access to a RadNet server that was used to store certain employee data, and copied certain files to an external server. RadNet quickly discovered this activity and blocked further access to the files and its systems and retrieved the copied files.Robie & Matthai APC
May 7, 2020 | Ransomware
Abstract
On May 7, 2020, Robie & Matthai, APC (the “Firm”) was the victim of a ransomware attack. We were able to recover our information from offline backups with no significant interruption in service. After a third-party forensic analysis, however, we determined that the individual(s) who carried out this attack (the “Attacker”) may have accessed some of the personal information on our system. You are receiving this notice because we believe your personal information may have been included among that data set.Romanazzi & Associates
April 16, 2020 | Unauthorized Access
Abstract
On April 22, 2020, we learned that fraudulent tax returns were filed for a few of our clients. Based on this information, we contacted our tax software vendor and the Internal Revenue Service as well as the local police and FBI offices to investigate the issue. We also engaged IT professionals to perform a scan and analysis of our system. We immediately took steps to secure the access to our systems and tax software and the client information contained therein.Rady Children’s Hospital - San Diego and Rady Children’s Hospital Foundation – San Diego
February 7, 2020 | Unauthorized Access
Abstract
Blackbaud recently informed us that it experienced a data security incident that may have involved information pertaining to members of our community who provided information to Rady Children’s Hospital – San Diego or the Rady Children’s Hospital Foundation – San Diego. Upon learning of the incident, we immediately launched an investigation to determine what happened and whether any personal information was impacted. According to Blackbaud, between February 7, 2020 and June 4, 2020, an unauthorized party had access to backup files related to the Blackbaud fundraising and donor management software we use. Upon learning this information, we retained outside cybersecurity experts, including a vendor to review the backup data at issue. On October 7, 2020, we determined that some of your personal information was contained in the backup files. Blackbaud has informed us that it has no reason to believe that any information in the files has been or will be misused, or will otherwise be made available publicly. We nonetheless wanted to make you aware of this incident and offer you complimentary identity monitoring services to help alleviate any concern you may have.Rady Children’s Hospital – San Diego and Rady Children’s Hospital Foundation – San Diego
February 07, 2020 | Third Party
Abstract
Blackbaud recently informed us that it experienced a data security incident that may have involved information pertaining to members of our community who provided information to Rady Children’s Hospital – San Diego or the Rady Children’s Hospital Foundation – San Diego. Upon learning of the incident, we immediately launched an investigation to determine what happened and whether any personal information was impacted. According to Blackbaud, between February 7, 2020 and June 4, 2020, an unauthorized party had access to backup files related to the Blackbaud fundraising and donor management software we use. Upon learning this information, we retained outside cybersecurity experts, including a vendor to review the backup data at issue. On October 7, 2020, we determined that some of your personal information was contained in the backup files. Blackbaud has informed us that it has no reason to believe that any information in the files has been or will be misused, or will otherwise be made available publicly. We nonetheless wanted to make you aware of this incident and offer you complimentary identity monitoring services to help alleviate any concern you may have.RailWorks Corporation
January 27, 2020 | Server Compromise
Abstract
As you know, RailWorks was the victim of a sophisticated cyberattack in which an unauthorized third party encrypted its servers and systems, which may have involved access to your name, address, driver’s license number and/or government issued ID, Social Security number, date of birth and date of hire/termination and/or retirementRed Bluff Joint Union High School District
November 04, 2019 | Third Party
Abstract
The District uses the Aeries Student Information System to provide students and their parents with online access to information regarding school events and schedules. In late November 2019, Aeries learned that an unauthorized individual attempted to exploit a vulnerability in the Aeries software that would allow access to student and parent information. Aeries later determined that the exploit was successful. Upon discovery, Aeries began an investigation and law enforcement launched an investigation to identify the person responsible, who Aeries believes is now in police custody. On May 3rd, 2020, we learned that this individual may have accessed the District’s Aeries System. We then conducted our own investigation, and on May 6th, 2020, determined that the individual did access parent and student data in the District’s Aeries System.River Valley Farms LLC
August 12, 2019 | Insider Threat
Abstract
El 3 de octubre de 2019, o en una fecha cercana, tuvimos conocimiento de que un ex empleado de la compañía de servicios administrativos que gestiona nuestra nómina envió informes que contenían nombres, direcciones, números del Seguro Social y, en algunos casos, fechas de nacimiento e informació n de cuentas financieras de empleados a una cuenta de correo electrónico personal. Los correos electrónicos no autorizados fueron enviados el 12 de agosto de 2019 y el 26 de agosto de 2019. Descubrimos los correos electrónicos como parte de una investigación sobre una sospecha de robo cometido por este ex empleado, la cual fue identificada por la compañía de servicios administrativos por primera vez el 23 de septiembre de 2019.Reiter Brothers, Inc
August 12, 2019 | Insider Threat
Abstract
El 3 de octubre de 2019, o en una fecha cercana, tuvimos conocimiento de que un ex empleado de la compañía de servicios administrativos que gestiona nuestra nómina envió informes que contenían nombres, direcciones, números del Seguro Social y, en algunos casos, fechas de nacimiento e informació n de cuentas financieras de empleados a una cuenta de correo electrónico personal. Los correos electrónicos no autorizados fueron enviados el 12 de agosto de 2019 y el 26 de agosto de 2019. Descubrimos los correos electrónicos como parte de una investigación sobre una sospecha de robo cometido por este ex empleado, la cual fue identificada por la compañía de servicios administrativos por primera vez el 23 de septiembre de 2019.Reiter Berry Farms, Inc.
August 12, 2019 | Insider Threat
Abstract
El 3 de octubre de 2019, o en una fecha cercana, tuvimos conocimiento de que un ex empleado de la compañía de servicios administrativos que gestiona nuestra nómina envió informes que contenían nombres, direcciones, números del Seguro Social y, en algunos casos, fechas de nacimiento e informació n de cuentas financieras de empleados a una cuenta de correo electrónico personal. Los correos electrónicos no autorizados fueron enviados el 12 de agosto de 2019 y el 26 de agosto de 2019. Descubrimos los correos electrónicos como parte de una investigación sobre una sospecha de robo cometido por este ex empleado, la cual fue identificada por la compañía de servicios administrativos por primera vez el 23 de septiembre de 2019.Rady Children’s Hospital San Diego
June 20, 2019 | Network Compromise
Abstract
On January 3, 2020, we learned of a data security incident that involved radiology-related patient information. Upon learning of the incident, we secured the affected information and launched an immediate investigation. We learned that, between the dates of June 20, 2019 and January 3, 2020, some information for a limited number of patients was accessed without authorization via an Internet port. On February 5, 2020, our investigation determined that your information may have been involvedRaley’s/Bel Air Mart/Nob Hill General Store, Inc.
September 24, 2018 | Laptop Stolen
Abstract
On September 24, 2018, a pharmacy laptop was stolen, which may have contained electronic files with some of your personal information. On September 24, 2018, law enforcement was notified of the theft. We have taken steps to investigate this incident and to prevent similar incidents from occurring again. Among other steps taken to investigate this incident, we interviewed employees with access to the laptop to understand potential content on the laptop and examined emails received by those employees with links to download files that may have been temporarily downloaded to cache files on the laptop. Among other steps taken to protect against further incidents, we have encrypted all pharmacy laptops.Redwood Eye Center
September 19, 2018 | Third Party
Abstract
On September 20, 2018, we learned that at sometime during the night of September 19, 2018, IT Lighthouse, the third-party vendor that hosts and stores our electronic medical records experienced a ransomware attack that affected our patient records. Ransomware is a type of malicious software that is used by cybercriminals to encrypt or lock up files on computers or servers and demand a ransom payment in order to restore access to the locked information. This ransomware attack locked the server that stored some of our patient information.Rite Aid Corporation
August 30, 2018 | Programming Error
Abstract
As a result of Rite Aid’s sale of 1,932 stores and 3 distribution centers to Walgreens, Rite Aid provides certain transition services to Walgreens to support the sale of the stores and distribution centers until converted to Walgreens’ systems (“Transition Services”). To support the Transition Services, Rite Aid provides weekly administrative files to certain Walgreens vendor partners including Empower. Due to a programming update made by Rite Aid on August 30, 2018, Rite Aid associates were inadvertently included in the standard eligibility file that goes to Empower.Abstract
We recently learned that PNI Digital Media (“PNI”), the third-party service provider that manages and hosts mywayphotos.riteaid.com, experienced a data security issue that impacted certain online and mobile photo account customer data. Based on PNI’s investigation, we understand that malware placed on PNI’s servers may have enabled an unauthorized party to obtain certain customer information between August 20, 2014 and July 14, 2015.RSC Insurance Brokerage, Inc.
August 23, 2018 | Laptop Stolen
Abstract
On January 22, 2019, RSC provided written notification to your healthcare provider that it had completed its investigation and analysis of an incident involving the theft of an RSC employee’s password-protected laptop. The laptop was stolen on August 23, 2018. Upon learning of the theft, RSC notified law enforcement, changed the employee’s account credentials, and launched an investigation with the assistance of a leading cyber security firm.Reddit, Inc.
June 14, 2018 | Database Compromise
Abstract
On June 19, Reddit was alerted about a security incident during which an attacker gained access to account credentials from 2007 (usernames + salted password hashes). We’re messaging you because your Reddit account credentials were among the data that was accessed.Renaissance Philanthropic Solutions Group (“RenPSG”)
June 05, 2018 | Third Party
Abstract
On June 13, 2018 RenPSG became aware of suspicious activity relating to certain employee email accounts hosted by a third-party service provider, possibly related to a malicious phishing email received by employees. They immediately launched an investigation with the assistance of a leading outside computer forensics expert to determine what may have happened and what information may have been affected. During the investigation, RenPSG determined certain employee email accounts were logged into by an unauthorized actor(s) between June 5, 2018 and June 13, 2018. The compromise was limited to the email accounts hosted by the third-party service provider. No RenPSG systems were subject to unauthorized access.Rennline Automotive
May 28, 2018 | Website Compromise
Abstract
On January 18, 2019, we discovered unauthorized code on our website. The unauthorized code was removed, and we worked with a leading cyber security firm to investigate the incident. The investigation determined that the unauthorized code was added by an unauthorized individual so that payment card information entered by purchasers on our e-commerce website was copied and sent to an unauthorized server. The code was active between May 28, 2018 and June 13, 2018; June 15, 2018 and July 12, 2018; July 20, 2018 and August 13, 2018; and August 22, 2018 and January 18, 2019.R.R. Bowker LLC
May 01, 2018 | Website Compromise
Abstract
On October 23, 2018, our investigation identified unauthorized code that was added to the checkout page on www.myidentifiers.com. Findings from the investigation indicate that the code may have been present and capable of copying information entered by customers during the checkout process from May 1, 2018 to October 23, 2018.Roadrunner Transportation Systems, Inc.
April 01, 2018 | Phishing
Abstract
On July 2, 2018, RRTS became aware that they were the subject of a phishing campaign attack and that several employees had inadvertently clicked on the phishing email. RRTS immediately commenced an investigation into this activity to determine what happened and what information may be affected.Rady Children’s Hospital-San Diego
March 29, 2018 | User Error
Abstract
On April 12, 2018, Rady Children’s Hospital – San Diego (RCHSD) became aware that your child’s information was inadvertently included on a Compact Disc (CD) that was generated for Quality Control (QC) purposes and sent via Federal Express to one of our contracted entities on March 29, 2018. The receiving entity contacted RCHSD to report that patient information was included on the CD, and made immediate arrangements to securely send the CD back to RCHSD. The CD has been received and secured by RCHSD. Please rest assured that this entity is bound by the same federal privacy standards as RCHSD and has the same obligations to protect the confidentiality, privacy and security of patient information.June 06, 2014 | User Error
Abstract
On June 6, 2014, an employee of Rady Children's Hospital-San Diego inadvertently sent an electronic file containing information about you in an email to four individuals.Rail Europe North America Inc.
November 29, 2017 | Website Compromise
Abstract
On February 16, 2018, as a result of a query from one of our banks, we discovered that beginning on November 29, 2017, through February 16, 2018, unauthorized persons gained unauthorized access to our ecommerce websites’ IT platform. Upon discovery that this malicious intrusion may have compromised users’ personal information, we immediately cut off from the Internet all compromised servers on February 16, 2018, and engaged information security experts to assist with forensic analysis, system restoration and security hardeningRehabilitation
November 22, 2017 | User Error
Abstract
On Wednesday, November 22, 2017, a file containing your name and social security number was inadvertently emailed without encryption to an outside entity. The file has been deleted, and there is no indication that your personal information was compromised; however, we believe it important to err on the side of caution and notify you of this incident.Ron’s Pharmacy Services
October 03, 2017 | Email Compromise
Abstract
On October 3, 2017, Ron’s Pharmacy identified unusual activity in an employee email account. Ron’s Pharmacy immediately changed the employee’s credentials and commenced an investigation, with the assistance of third-party forensic investigators, to determine what happened.Richard Owen Nursery, Inc. d/b/a Dutch Gardens USA
September 29, 2017 | Website Compromise
Abstract
On or about August 6, 2018, Dutch Gardens became aware that its website had become infected with malware resulting in the potential compromise of some of its customers' personal information, including yours. Dutch Gardens has determined that its website may have been infected during the period of September 29, 2017 until July 31, 2018.Roberts Hawaii, Inc.
July 30, 2017 | Website Compromise
Abstract
Roberts Hawaii received reports from several customers of fraudulent charges appearing on their payment cards shortly after they were used to make a purchase on our website. We immediately initiated an investigation and engaged a leading cyber security firm to examine our website network.RM Acquisition, LLC d/b/a Rand McNally
April 12, 2017 | Website Compromise
Abstract
On February 28, 2017, we became aware of suspicious activity on the server for our e-commerce store. When you purchased anything via this website you entered information, including your credit card and other personal information. Through this breach, an unauthorized party may have been able to gain access to your credit card information by installing malware that obtained that information. Though we believe this party may have first gained access to credit card information around April 2016, we only recently discovered on or around April 11, 2017 that your information may have been collected as a result of the incident.Real Estate Business Services, Inc.
March 13, 2017 | Website Compromise
Abstract
We recently learned that malicious code (“malware”) uploaded by an unauthorized third party was present in payment processing software used for store.car.org. This malware may have copied and transmitted to an unknown third party personal information that briefly went through our servers during the store.car.org payment processing step of purchases of REBS (Real Estate Business Services) products and services between March 13, 2017 and May 15, 2017. The malware was removed from our systems, and we now use an entirely different payment system through PayPal.Rent the Runway
February 23, 2017 | Account Compromise
Abstract
It was discovered that your Rent the Runway account was accessed by an unknown party between December 25, 2016 and February 23, 2017.Rite Aid Online Store, Inc.
January 30, 2017 | Website Compromise
Abstract
We recently learned that unauthorized third parties accessed Rite Aid Online Store’s e-commerce platform and acquired certain personal information of customers who manually entered their payment card details at the online store between January 30, 2017 and April 11, 2017.Renovate America, Inc.
January 20, 2017 | Phishing
Abstract
We recently discovered that our company was the targeted victim of an email spoofing attack on January 20, 2017 in which an individual pretended to be our Chief Executive Officer. A request was made from what appeared to be a legitimate Renovate America email address for all 2016 Renovate America employee W-2 information. Unfortunately, copies of all 2016 employee W¬2 forms were provided before we discovered that the request was made from a fraudulent account by someone using an email address that appeared to belong to our CEO. We discovered the fraudulent nature of the request within a few hours and have been working tirelessly to investigate and to mitigate the impact of the attack.Rod’s Western Palace
October 11, 2016 | Website Compromise
Abstract
After identifying suspicious activity within our e-commerce site on February 8, 2017, we immediately initated an internal investigation and engaged external IT consultants to assist us. By February 10th, we identified the malicious code, permanently removed it from our site, and took additional steps to prevent a similar intrusion.Remington Lodging & Hospitality, LLC and Affiliates
August 10, 2016 | Third Party
Abstract
The Sabre Hospitality Solutions SynXis Central Reservations system (CRS) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following an examination of forensic evidence, Sabre notified us on June 6, 2017 that an unauthorized party gained access to account credentials that permitted unauthorized access to unencrypted payment card information, as well as certain reservation information, for a subset of hotel reservations processed through Sabre’s reservation system.Rosewood Hotel Group
May 29, 2016 | Third Party
Abstract
Sabre notified us in late December 2017 that it had uncovered evidence that, between May 29, 2016 and January 11, 2017, an unauthorized party had gained access to certain Rosewood guest reservation information that was maintained on Sabre’s systems.Ronald L. Ross
January 13, 2016 | Malware
Abstract
Wendy’s recently reported additional malicious cyber activity involving some franchisee-operated restaurants. The Company believes this criminal cyberattack resulted from a service provider’s remote access credentials being compromised, allowing access – and the ability to deploy malware – to some franchisees’ POS systems. Soon after detecting the malware, Wendy’s identified a method of disabling it and thereafter has disabled the malware in all franchisee restaurants where it has been discovered. The investigation has confirmed that criminals used malware believed to have been effectively deployed on some Wendy’s franchisee systems starting in late fall 2015.RDR Foods, Inc.
January 13, 2016 | Malware
Abstract
Wendy’s recently reported additional malicious cyber activity involving some franchisee-operated restaurants. The Company believes this criminal cyberattack resulted from a service provider’s remote access credentials being compromised, allowing access – and the ability to deploy malware – to some franchisees’ POS systems. Soon after detecting the malware, Wendy’s identified a method of disabling it and thereafter has disabled the malware in all franchisee restaurants where it has been discovered. The investigation has confirmed that criminals used malware believed to have been effectively deployed on some Wendy’s franchisee systems starting in late fall 2015.RealSelf, Inc.
December 25, 2015 | Server Compromise
Abstract
For a brief period over the holiday weekend, an unauthorized party gained access to some consumer data from our servers.RateMyProfessors.com LLC
November 26, 2015 | Website Compromise
Abstract
On December 24, 2015, RateMyProfessors.com first noticed anomaious activity associated with one of the backend systems used by RateMyProfessors.com. RateMyProfessors.com investigated and subsequently learned that, on or about November 26, 2015, hackers gained access to a decommissioned version of the RateMy professors.com website ("Decommissioned Site") by exploting a vulnerability in an internet facing application within the Decommissioned Site. These hackers acquired email addresses and passwords for some registered users of the active RateMyProfessors.com website ("site"). We regret that your email address and password for the Site may be among those affected. Please be assured that we have submitted to the Site were acquired as part of this incident.ROBERT SOPER, M.D.
June 27, 2015 | Computer Stolen
Abstract
During a visit to San Francisco On June 27 my car was broken into and my computer stolen, along with camera, suitcases, and other equipment. The computer was an older office desktop I planned to give to my brother. It was hidden in the trunk.Rea.deeming Beauty Inc. d/b/a beautyblender
April 23, 2015 | Website Compromise
Abstract
Beautyblender was recently contacted by two customers reporting fraud on credit cards used to make purchases on our site. We immediately launched an internal investigation and contacted our website hosting company. The website hosting company discovered what it believed was a form of malicious code on our site on October 26, 2017 which it then removed. A third party forensic investigator was also retained to assist with our investigation. On November 27, 2017, the forensic investigator confirmed that the malware inserted into our website collected certain payment card information used at checkout. The forensic investigator then began efforts to determine when the malware was placed on our website. Unfortunately, due to the lack of backups of our website that were available from our website hosting company, we have been unable to confirm the date that the malware was placed on our website.Rob Kirby, CPA
December 19, 2014 | Laptop Stolen
Abstract
On Friday December 19, 2014, my vehicle was broken into. My briefcase, laptop (password protected) and a flash drive containing confidential client information was stolen. The car was locked and parked on a well-lit commercial area in front of a busy restaurant.Riverside County Regional Medical Center (RCRMC)
November 26, 2014 | Laptop Stolen
Abstract
On December 1, 2014, we learned that a password protected laptop used by our Ophthalmology and Dermatology clinics was missing. We immediately notified law enforcement and began an internal investigation, but to date, have been unable to locate the laptop.Rosen Hotels & Resorts
September 02, 2014 | Malware
Abstract
We received unconfirmed reports on February 3, 2016 of a pattern of unauthorized charges occurring on payment cards after they had been used by some of our guests during their stay. We immediately initiated an investigation into these reports and hired a leading cyber security firm to examine our payment card processing system. Findings from the investigation show that an unauthorized person installed malware in RH&R’s payment card network that searched for data read from the magnetic stripe of payment cards as it was routed through the affected systems.Recreational Equipment Inc.
July 04, 2014 | Account Compromise
Abstract
On July 23, REI discovered that a third-party may have accessed your account without authorization, having apparently obtained your email address and password from a security breach at a site or service unassociated with REI and unknown to the co-op. Between July 4 and 18, the user was able to confirm your log-in credentials at REI.com and access the following information in your account—your billing and shipping address, order history, and dividend amount.Riverside County Regional Medical Center
June 17, 2014 | Laptop Stolen
Abstract
The laptop was determined to be missing from a diagnostic services office in the hospital sometime between 4:30 p.m. on June 17 and 3:30 p.m. on June 18. The computer contained your name, date of birth, medical record number and the results of your nerve conduction study (electromyogram).Riverside Community College District
May 30, 2014 | User Error
Abstract
On Monday, June 2, 2014, RCCD learned that an email containing student records was sent to an incorrect external e-mail address the previous Friday, May 30. We immediately began an investigation and determined that the e-mail contained information about RCCD students enrolled in spring 2014 semester classes.Record Assist LLC
May 28, 2014 | System Compromise
Abstract
On May 28, 2014, we discovered that, earlier that morning, someone obtained unauthorized access to our order processing system for ExpressVitals.com. The access was immediately terminated. However, this incident may have resulted in unauthorized access to information obtained from you during a recent order, including your name, address, credit card number, security code, and social security number.Robert Meaglia, DDS
December 16, 2013 | Computer Stolen
Abstract
On the morning of December 16, 2013 we were shocked to discover our office suite broken into and our computer stolen. The computer stored both medical records and dental insurance information, including social security numbers.R.T. Jones Capital Management Equities
July 22, 2013 | Website Compromise
Abstract
R.T. Jones Capital Equities Management, Inc. ("R.T. Jones") is, or was, the managed account provider for your current or former employer. On July 26, 2013, R.T. Jones learned of the possibility that the web hosting facility that hosts its Artesys website was the subject of a cyber-attack originating from an IP address in China on July 22, 2013.Reeves International, Inc.
March 31, 2013 | Website Compromise
Abstract
On September 9, 2014, we learned that unauthorized individuals installed malicious software on the computer server hosting the Breyer Horses website and took certain personal data entered by our customers. After an extensive forensic investigation, it appears that the initial compromise occurred on March 31, 2013 and ended on October 6, 2014. The malicious software and fraudulent use of our website could have compromised the personal information and other information of visitors that made purchases on our website, including name, address, website username and password, payment card account number, card expiration date, and payment card security code. According to our records, you made a payment card purchase at the Breyer Horses website and your information may be at risk.Rollins, Inc.
March 04, 2013 | Misconfiguration
Abstract
We are writing to inform you of an incident that came to our attention on March 12, which may have involved the unintentional exposure of your Social Security number (SSN). This occurred as a result of a system mistake involving the recent Rollins TODAY mailing. This distribution may have inadvertently displayed your SSN in a number sequence on the mailing label.Roy’s Holdings, Inc.
January 28, 2013 | Malware
Abstract
Roy's Holdings, Inc. ("Roy's"), the holding company which includes six restaurants in Hawaii, has confirmed that the desktop computer of a Roy's corporate employee became infected by malware of unknown origin, resulting in a potential compromise of credit card information from individuals who patronized Roy;s restaurants in Ko'Olina, Waikiki, ...Rosenthal Collins Group, LLC
November 27, 2012 | Website Compromise
Abstract
On Tuesday morning, November 27, RCG detected unauthorized access to personal information contained in an RCG web application. The unauthorized access began late Monday night and was detected by RCG Tuesday morning. Access to the web application (https:\\accountforms.rcgdirect.com) was shut down immediately and the unauthorized access was terminated. RCG conducted an internal investigation and is working with law enforcement and security professionals to identify the person(s) responsible for the unauthorized access.Reyes Beverage Group
November 09, 2012 | User Error
Abstract
On November 9, 2012, a report containing the names and social security numbers of some of Reyes Beverage Group's California employee was inadvertently sent to the personal email address of an employee of Reinhart Foodservice, a Reyes Holding company.Rentpath, Inc., formerly knwon as Primedia, Inc.
June 20, 2012 | Computer Stolen
Abstract
We recently experienced the theft of over fifty pieces of computer hardware from our facilities. Upon investigating this event, we learned that three computer storage devices were among those stolen.River Arch Dental/Hamner Square Dental
May 18, 2012 | Device Lost
Abstract
On May 10, 2012, in the course, of upgrading to a new imaging and management software called Eaglesoft to better serve you, a representative of one of our dental practice’s business partners, Patterson Dental, visited our offices and, without our knowledge or consent in violation of our policies and procedures in exporting your data for the new systems conversion process had placed an unencrypted USB memory chip containing data from our practice into a sealed envelope and deposited it at a local post office to be sent through the U.S. mail to their technical headquarters. On May 14, 2012, this envelope arrived at its destination with a tear on the side and without the USB memory chip. The representative and this business partner have searched and continue to search for this USB memory chip, but have not located it to date. They believe it is most likely that the memory chip was “squeezed out” of the envelope and the envelope torn when the letter was put through a processing machine at the post office. We were notified by Patterson Dental on May 18, 2012 of this occurrence.Rent-A-Center, Inc.
April 01, 2012 | Computer Stolen
Abstract
On April 1, 2012, various electronics were stolen from a Rent-A-Center store including the store’s inventory and the computer equipment used to run the store. We discovered the theft on April 2, 2012 when the store’s employees returned to work. The incident was reported to the Clovis Police Department and we immediately began a thorough investigation to identify the information contained on the store’s computer equipment. One of the store’s servers contained some of your personal information including your name and Social Security number or driver’s license number. The server also contained any additional information you may have provided on your initial rental application. The information on the server was password protected. To date, the server has not been recovered.Rubio’s Restaurants, Inc.
February 05, 2012 | Device Lost
Abstract
On February 5, 2012, a CD-ROM containing a list of certain people who owned equity shares in Rubio's Restaurants, Inc. was taken offsite by a third-party vendor, BDO USA, LLP. Rubio's contracted with BDO to perform financial auditing services. A BDO employee removed the CD-ROM from the site, where they believe it was stolen from her vehicle.RJL Insurance Services
October 01, 2011 | Vulnerability
Abstract
RJL Insurance services, a consultant of [Client], recently became aware of a vulnerability in its computer network that may have resulted in the exposure of some electronic files.Ronald L Wolfe & Associates Inc.
Abstract
On March 5, 2020, the Santa Barbara Police Department first notified us that data thieves, operating out of San Diego, breached the secured online data base of several companies, including that of Ronald L. Wolfe and Associates, Inc. (“Wolfe & Associates, Property Services”). We were advised that it is possible the breach may have occurred as much as six months ago, and that the alleged culprits have since been arrested. The Santa Barbara Police Department has been investigating the matter and informed us that the thieves likely used “strong-arm” tactics to force breaching of security measures that were in place.Redtail Technology, Inc.
Abstract
On March 4, 2019, we discovered that our logging systems inadvertently captured a small subset of personal information that we store for advisors and retained the data in a debug log file that was accessible to Internet users. We are working hard and increasing our efforts to help safeguard your personal data that is in our custody and protect it from future incidents.Regency Theatres
Abstract
At the beginning of June, we discovered that in January, 2018, information on the www.regencymovies.com website was accessed by an unauthorized third partyRebecca Minkoff
Abstract
On August 10, 2016, Rebecca Minkoff learned that there may have been unauthorized access to our website. We hired an outside forensic expert to determine whether the incident resulted in the unauthorized access to any personal information.Round Pond Estates
Abstract
Our consumer direct sales systems provider, Missing Link Networks, Inc., (“Missing Link”) notified us on May 27, 2015 of a security incident involving credit and debit card data. Missing Link has advised us that during the window of April 1, 2015 to April 30, 2015, a third party might have gained access to certain personal information, including customer names, card numbers, related payment addresses, passwords, and dates of birth.Rhys Vineyards
Abstract
Our third-party ecommerce provider, Missing Link Networks, Inc., (“Missing Link”) notified us on May 27, 2015 of a security incident involving credit and debit card data. Missing Link has advised us that during the window of April 1, 2015 to April 30, 2015, a third party might have gained access to certain personal information, including customer names, card numbers, related payment addresses, passwords, and dates of birth.Repris Vineyards
Abstract
Our sales systems provider, Missing Link Networks, Inc., (“Missing Link”) notified us on May 27th, 2015 of a possible security incident involving your credit and debit card data. Since then we have been working tirelessly with Missing Link and their other affected clients to understand the scope of the situation and how to best help you.Rombauer Vineyards, Inc.
Abstract
Our consumer direct sales systems provider, Missing Link Networks, Inc., (“Missing Link”) notified us on May 27, 2015 of a security incident involving credit and debit card data. Missing Link has advised us that during the window of April 1, 2015 to April 30, 2015, a third party might have gained access to certain personal information, including customer names, card numbers, related payment addresses, passwords, and dates of birth. We are working proactively and aggressively with Missing Link to address the issue.REEVE-WOODS EYE CENTER
Abstract
On September 17, 2014, our information technology consultant discovered that unknown individuals had breached the Eye Center’s server and installed malware on two computers, one at each facility. The malware was capturing screenshots (i.e., a copy or image of what is seen on a computer screen at a given time) which included patients’ protected health information. We suspect the malware may have been installed in or around August 2014.RR Donnelley
Abstract
According to RR Donnelley, a print and mailing vendor that UnitedHealthcare uses, sometime between the second half of September and the end of November, 2012, an unencrypted desktop computer was stolen from one of its facilities.Regions Financial Corporation
Abstract
I am writing to let you know about a recent situation involving one of our service providers that affects some of your personal information.Ernst & Young serves as the audit firm for Regions’ 401(k) plan. Recently, Ernst & Young mailed to one of its other offices a flash drive containing an electronic file that included your name and Social Security number and possibly your date of birth. When the package arrived at its destination, the package had an opening and the flash drive was missing. At this time, we have no indication that any fraud has occurred due to this situation.
S
Sam’s Club
September 24, 2020 | Ransomware
Abstract
We recently learned that, in mid-September, an unauthorized party used your login credentials (email address and password) to access your Sam's Club account. Based on our investigation, the credential s used did not come from Sam's Club. Instead, it is likely that your credentials were taken from another source, for example another company's website, where you may have used the same or similar login information. The unauthorized party may have used this login information to conduct fraudulent transactions involving your Sam's Club Cash Rewards.Southbeachsmoke.com; directvapor.com; vaporfi.com
September 14, 2020 | Website Compromise
Abstract
On September 23, 2020, SBS became aware of suspicious activity associated with its online check-out page. We immediately began an internal investigation and determined that an unauthorized user may have gained access to information entered into the check-out page of Southbeachsmoke.com between September 14, 2020 through September 23, 2020. On October 13, 2020, we completed our investigation and determined that your information may have been impacted by this incident.Sonoma Valley Healthcare District
September 10, 2020 | Ransomware
Abstract
SVH experienced a ransomware cyberattack on October 11, 2020 by what is believed to be a Russian “threat actor.” This event was part of a broader attack on dozens of hospitals across the country. We discovered the attack on that same day and immediately responded by shutting down all systems to contain the damage. We promptly notified law enforcement of the incident and engaged a leading external cybersecurity firm to assess the potential disclosure of protected health information.In a ransomware attack, cybercriminals attempt to disrupt the business by locking companies out of their own data and servers. After discovering the attack, our cyber security team – in partnership with outside information technology and forensics experts – successfully prevented the cybercriminal from blocking our system access and ultimately expelled them from our system. As recommended, SVH did not pay ransom.
Southern Mono Healthcare District d/b/a Mammoth Hospital
September 5, 2020 | Laptop Stolen
Abstract
The incident occurred on 09/05/2020. Mammoth Hospital was notified on that date. A laptop of a Mammoth Hospital staff member was stolen from a vehicle.SiteOne Landscape Supply, Inc.
July 2, 2020 | Network Compromise
Abstract
Upon identifying the incident on July 14, 2020, we immediately took steps to protect and secure our systems and launched an investigation. Through our investigation, we determined that an unauthorized party gained access to our IT network between July 2, 2020 and July 14, 2020, and removed certain files.Sonoma Recovery Services, LLC d/b/a Olympia House
July 1, 2020 | Unauthorized Access
Abstract
On August 7, 2020, Olympia House was alerted to suspicious behavior within its network. Olympia House immediately began an investigation to determine the nature and scope of the event. This investigation included working with third-party forensic experts. Once Olympia House systems were secure, our efforts focused on determining what information was impacted, to whom the information related, and valid address information for those individuals to provide notice of the event. The investigation determined that certain files within the Olympia House system were accessed without authorization between July 1, 2020 through August 7, 2020.Salinas Valley Memorial Healthcare System
April 29, 2020 | Email Compromise
Abstract
On April 30, 2020, SVMHS determined that the email account of one of its employees had been compromised. On May 7, 2020 and June 5, 2020 respectively, SVMHS subsequently determined that email accounts of a contractor and three other employees were also compromised. These five email accounts were compromised through Outlook Web Access, SVMHS’s browser-based email access solution.April 24, 2020 | Compromise
Abstract
On April 30, 2020, SVMHS determined that the email account of one of its employees had been compromised. On May 7, 2020 and June 5, 2020 respectively, SVMHS subsequently determined that email accounts of a contractor and three other employees were also compromised. These five email accounts were compromised through Outlook Web Access, SVMHS’s browser-based email access solution.Steel Partners
April 18, 2020 | Email Compromise
Abstract
Steel Partners discovered unauthorized activity in the email account of one of its employees and immediately initiated an investigation, which identified unauthorized access to that email account. Steel Partners locked the account and promptly engaged a forensic security firm to assist. The investigation identified that the method by which the email account was accessed allowed for a local download of the entire mailbox. On May 29, 2020, it was determined that there were documents within the employee’s email account that contained personal information. A broader review of our systems indicated that only one email account was impacted. We are notifying you because some of your personal information was contained in documents within the Steel Partners employee’s email account.Steel Partners Holdings L.P.
April 18, 2020 | Email Compromise
Abstract
Steel Partners discovered unauthorized activity in the email account of one of its employees and immediately initiated an investigation, which identified unauthorized access to that email account. Steel Partners locked the account and promptly engaged a forensic security firm to assist. The investigation identified that the method by which the email account was accessed allowed for a local download of the entire mailbox. On May 29, 2020, it was determined that there were documents within the employee’s email account that contained personal information. A broader review of our systems indicated that only one email account was impacted. We are notifying you because some of your personal information was contained in documents within the Steel Partners employee’s email account.Stockpile, Inc.
April 17, 2020 | Unauthorized Access
Abstract
On or about July 9, 2020, Stockpile discovered that an unauthorized person gained access to a folder in its cloud environment containing personal information collected as part of Stockpile’s registration process. As a result, the unauthorized third party may have viewed certain elements of your personal information. The incident occurred potentially as early as April 17, 2020, and Stockpile recently identified you as a potentially affected individual.Spotify USA Inc.
April 9, 2020 | Vulnerability
Abstract
On Thursday November 12th, Spotify discovered a vulnerability in our system that inadvertently exposed your Spotify account registration information, which may have included email address, your preferred display name, password, gender, and date of birth only to certain business partners of Spotify. Spotify did not make this information publicly accessible. We estimate that this vulnerability existed as of April 9, 2020 until we discovered it on November 12, 2020, when we took immediate steps to correct it.San Dieguito Union High School District
April 1, 2020 | Database Compromise
Abstract
On January 28th, 2020, San Dieguito alerted Aeries that their database may have been potentially subject to unauthorized access. We immediately launched an investigation into the nature and scope of the incident and took measures to secure the database. We also assisted San Dieguito and its forensic experts with their investigation into the incident. On February 25, 2020, the forensic investigations revealed that San Dieguito’s Aeries database was subject to unauthorized access from April 2019 to January 2020. San Dieguito undertook a labor-intensive review of the affected database to determine the scope of personal information contained within. San Dieguito has asked Aeries to notify you out of an abundance of caution because your information was present in the affected database.July 01, 2019 | Email Compromise
Abstract
SDUHSD became aware of unusual activity related to certain employees’ email accounts. SDUHSD immediately launched an investigation, with the aid of forensic experts, to determine the nature and the scope of the activity. SDUHSD learned of unauthorized access to certain employees’ email accounts. The unauthorized access occurred between July 1, 2019 to July 17, 2019. SDUHSD undertook a lengthy and labor-intensive process to identify the personal information contained in the affected email accounts along with the contact information for the affected individuals. While the investigation was unable to determine the scope of information that was actually accessed within the affected email accounts, SDUHSD is notifying you in an abundance of caution because we have confirmed that your information was present in the affected email accounts.April 01, 2019 | Database Compromise
Abstract
On January 28th, 2020, San Dieguito alerted Aeries that their database may have been potentially subject to unauthorized access. We immediately launched an investigation into the nature and scope of the incident and took measures to secure the database. We also assisted San Dieguito and its forensic experts with their investigation into the incident. On February 25, 2020, the forensic investigations revealed that San Dieguito’s Aeries database was subject to unauthorized access from April 2019 to January 2020. San Dieguito undertook a labor-intensive review of the affected database to determine the scope of personal information contained within. San Dieguito has asked Aeries to notify you out of an abundance of caution because your information was present in the affected database.SFO
March 05, 2020 | Website Compromise
Abstract
SFOConnect.com and SFOConstruction.com were the targets of a cyberattack in March 2020. The attackers inserted malicious computer code on these websites to steal some users’ login credentials.St. Paul Center for Biblical Theology
March 3, 2020 | Website Compromise
Abstract
On August 20, 2020, St. Paul Center received notice from a payment processing vendor that our website (http://www.stpaulcenter.com) was a common point of purchase for some unauthorized payment card transactions and that there may have been a possible compromise of our website. We investigated to find out what happened, to prevent something like this from happening again, and to provide notice to potentially affected individuals.We determined that a cyber-criminal installed malware in software that we use to enhance our online purchasing. The malware permitted the unauthorized collection or “scraping” of certain payment card data provided through the website. We believe the incident only involved customers who made purchases or donations on the website between March 3, 2020 and August 9, 2020. On August 26, 2020, we determined that the incident may have involved your personal information because you made a payment card purchase or donation using our website during that time period.
San Francisco Employees’ Retirement System
February 24, 2020 | Third Party
Abstract
The Retirement System contracts with vendors to provide SFERS members with on‐ line access to their account information. One of the vendors, 10up Inc., set up a test environment on a separate computer server which included a database containing data from approximately 74,000 SFERS member accounts as of August 29, 2018. The server data was not subsequently updated.STRATA Trust Company
February 10, 2020 | Email Compromise
Abstract
STRATA recently detected unusual activity involving an employee email account. Upon detecting a potential incident, we took immediate steps to contain the incident and launched an investigation to determine whether it involved any unauthorized access to personal information. Our investigation included retaining a digital forensics firm to assist. On May 21, 2020, we determined that your personal information could have been accessed in the incident. This access, if any, may have occurred in early February 2020. We therefore are notifying you of the incident, providing you with steps you can take to help protect your personal information, and offering you complimentary identity monitoring services for 12 months.Saint Luke’s Foundation
February 7, 2020 | Ransomware
Abstract
On July 16, 2020, we were notified by one of our third-party vendors, Blackbaud, that it had experienced a security incident potentially involving certain limited information it obtained from SLF. Blackbaud is a widely used constituent relationship management software provider for engagement and fundraising offices in higher education and nonprofits. Blackbaud informed us that it discovered and stopped a ransomware attack, but not before some information may have been compromised. According to information provided to us by Blackbaud, the cybercriminal removed a copy of our backup file for the purpose of extorting funds from Blackbaud. Blackbaud stated that the ransomware attack and data compromise occurred at some point between February 7, 2020 and May 20, 2020.Stetson University, Inc.
February 7, 2020 | Ransomware
Abstract
On July 16, 2020 Blackbaud notified Stetson University of a ransomware attack on their internal systems. Upon learning of the issue, we commenced an immediate and thorough investigation. As part of our investigation, we engaged external cybersecurity professionals experienced in handling these types of incidents.Squar Milner LLP
February 05, 2020 | Account Compromise
Abstract
? On March 25, 2020, Squar Milner learned of an issue preventing the processing of a Squar Milner client’s tax returns. Upon receipt of this information, Squar Milner immediately began an investigation through which we determined that credentials required to access the system in which this client’s information was stored may have been compromised. Squar Milner then immediately took steps to secure the system and the information stored therein. On March 26, 2020, as a result of our investigation, we learned that tax information belonging to certain other Squar Milner clients may have been accessed without authorization. As your information may have been impacted, we are writing to inform you of this incident and to provide you with information about steps that can be taken to help protect your information.Santa Rosa Junior College Foundation
February 3, 2020 | Ransomware
Abstract
Blackbaud is one of the world's largest software providers to universities, schools, charities, and other nonprofit organizations and offers data management services for the SRJC Foundation. On August 6, 2020 Blackbaud confirmed that in May 2020 they had discovered - and stopped - a ransomware attack on their computer systems and that SRJC Foundation data was compromised.Sekure Merchant Solutions
January 24, 2020 | Unauthorized Access
Abstract
Sekure recently concluded an investigation of a data security incident involving unauthorized access to Sekure’s environment. Upon becoming aware of suspicious activity, we immediately secured our network and a computer forensics firm was hired to assist with the investigation.Stockdale Radiology
January 17, 2020 | Ransomware
Abstract
On January 17, 2020, Stockdale Radiology was the victim of a ransomware attack. We immediately contacted the FBI who arrived at our offices within 30 minutes and are currently investigating the matter. A limited number of files were publicly exposed by the intruder. In addition, on January 29th, based upon our investigation, we determined that some other files were accessible by the unknown intruder but not exposed. You are receiving this letter because your information may have been accessible but was not exposed by the intruder. Again, we are not aware of any misuse of the personal information in your files as a result of this incident.Sonicbids LLC
December 29, 2019 | Server Compromise
Abstract
On May 17, 2020, we learned that certain Sonicbids’ usernames and passwords were publicly accessible as a result of a data privacy event involving our third-party cloud hosting services, which we use to store information related to Sonicbids’ users. We immediately launched an investigation and determined that an unauthorized actor had accessed Sonicbids’ cloud instance and obtained usernames and passwords for certain individuals. The actor then made this information publicly accessible for a limited period of time. Out of an abundance of caution, we immediately reset all Sonicbids user passwords, including yours. We also conducted a thorough review of the information that was publicly available to confirm the identities of individuals whose credentials were publicly accessible and provide them with notice as soon as reasonably possible. As part of our investigation of this incident, we determined that the unauthorized access to our cloud instance occurred on December 29, 2019.Santa Rosa & Rohnert Park Oral Surgery
December 20, 2019 | Email Compromise
Abstract
On March 11, 2020, SROS/RPOS learned of unusual activity in one of its email accounts. We immediately commenced an investigation, working with third-party forensic investigators, to assess the nature and scope of the activity. The investigation determined that the email account was subject to unauthorized access between December 20, 2019 and March 11, 2020. Although we have no evidence to suggest that specific information in the email account was accessed, in an abundance of caution, we undertook a comprehensive review of the entire contents of the email account to confirm the type of information contained in the account and to whom it related.Senior Resource Group LLC
December 17, 2019 | Phishing
Abstract
SRG was the subject of an isolated cyber event called a phishing incident in which unauthorized individual(s) gained access to certain email accounts by masquerading as a reputable and recognized person and gaining user credentials. On December 18, 2019, we discovered the suspicious activity within our email system and immediately blocked the unauthorized individual(s).Saddleback Valley Unified School District
November 04, 2019 | Database Compromise
Abstract
On April 27, 2020, we were informed there may have been unauthorized access to the Aeries® SIS on November 4th, 2019. The initial report was focused on Aeries Hosted Databases, which we do not use. Our Student Information System is housed on-premise on our own servers.On May 6, 2020, SVUSD learned that the Aeries incident may have also impacted on-premise databases. Following directions provided by Aeries, we immediately contacted Aeries and received confirmation that our data was also accessed.
San Leandro Unified School District
November 04, 2019 | Third Party
Abstract
The District uses the Aeries Student Information System to provide students and their parents with online access to information regarding school events and schedules. In late November 2019, Aeries learned that an unauthorized individual exploited a vulnerability in the Aeries software that would allow access to student and parent information. Upon discovery, Aeries began an investigation and law enforcement launched an investigation to identify the person responsible, who Aeries believes is now in police custody. On May 5, 2020, Aeries notified the District that this individual may have accessed the District’s Aeries System.San Bernardino City Unified School District
November 04, 2019 | Third Party
Abstract
On April 27th, 2020, Aeries Software notified over 150 school districts, including SBCUSD, that their system was breached. The District uses the Aeries Student Information System to provide students and their parents with online access to information regarding school events and schedules. In late November 2019, Aeries learned that an unauthorized individual exploited a vulnerability in the Aeries software that would allow access to student and parent information. Upon discovery, Aeries and law enforcement launched an investigation and believe they have the person responsible in custody.Stericycle, Inc.
October 1, 2019 | Phishing
Abstract
We have conducted an investigation, with the assistance of a leading cybersecurity firm, into email phishing attempts targeting Stericycle employees. These phishing attempts sought to compromise Stericycle employee email accounts. On July 27, 2020, we determined that your personal information was contained in at least one of the email accounts that appears to have been accessed by an unauthorized individual. The dates of potential unauthorized access varied by email account, but the overall period of unauthorized access to the email accounts was between October 2019 and April 2020. Although the employee email accounts themselves appear to have been accessed by an unauthorized individual, our investigation revealed no evidence that any email message containing your personal information was actually accessed by an unauthorized individual.SharesPost, Inc.
September 06, 2019 | Email Compromise
Abstract
I am writing to let you know of an incident that may have permitted access to your personal information. Specifically, from September 6 to 18, an unauthorized party gained access to an employee email account (the “Incident”). We discovered this on September 30, after internal security enhancements on September 18 had already halted the access. We immediately began investigating the scope of the Incident and potentially affected individuals. While we currently have no direct evidence that any personal information was accessed due to the Incident, the investigation has been unable to rule out the possibility that personal information was accessed.States Logistics Services, Inc.
August 30, 2019 | Email Compromise
Abstract
States Logistics became aware of unusual activity within an employee’s email account. We immediately began an investigation with the assistance of a third-party forensic investigator and reset relevant employee passwords. The investigation determined that an unauthorized actor accessed one employee email account for a period of approximately one hour on August 30, 2019. The investigation was unable to determine which, if any, emails and attachments within the email account were accessed or viewed. Therefore, we undertook a time-consuming review of the email account to determine whether it contained any sensitive information. On December 2, 2019, our review determined that some of your personal information was present in the email at the time of the incident.STG Logistics
July 27, 2019 | Email Compromise
Abstract
On September 10, 2019, STG became aware of unusual activity involving certain employee email accounts and immediately began an investigation with the assistance of third-party computer forensics specialists. The investigation determined that a limited number of employee email accounts were accessed without authorization between June 27, 2019 and September 17, 2019. Although the investigation was unable to determine whether personal information stored in impacted email accounts had actually been viewed or removed by an unauthorized actor, STG could not rule out the possibility of such activity. Therefore, in an abundance of caution, STG performed a thorough review of the information stored within the impacted email accounts and determined that your personal information was potentially affected.State Farm Mutual Insurance Company
July 06, 2019 | Account Compromise
Abstract
State Farm recently detected an information security incident in which a bad actor used a list of user IDs and passwords obtained from some other source, like the dark web, to attempt access to State Farm online accounts. During our investigation, we determined that the bad actor possessed the user ID and password for your State Farm online account.SaveDay, Inc.
July 05, 2019 | Third Party
Abstract
On July 5, 2019, SaveDay and our technology vendor were notified that Söoryen Technologies experienced a potential data exposure that included the information of SaveDay clients and participants. This notification came from a cyber security researcher, who informed both companies about the integrity of the data. The potential exposure involved a new performance test site set up on Amazon Web Services; not the corporate SaveDay site. You are receiving this notice because we determined that your records may be among those that could have been accessed without authorization.Sprint
June 08, 2019 | Account Compromise
Abstract
On June 22, Sprint was informed of unauthorized access to your Sprint account using your account credentials via the Samsung.com “add a line” website. We take this matter, and all matters involving Sprint customer’s privacy, very seriously.May 07, 2017 | Account Compromise
Abstract
StockX LLC
May 14, 2019 | Account Compromise
Abstract
On July 26, 2019, StockX was alerted to suspicious activity potentially involving customer data. We immediately launched a forensic investigation and engaged experienced third-party experts to assist. During this first week, while our forensic investigation into the suspicious activity was underway, we took proactive and precautionary measures to protect our customers. As described in greater detail in the “what are we doing” section below, we deployed a system-wide update, implemented a full password reset of all customer passwords for all StockX accounts, and on the morning of August 1, 2019 sent customers an email alerting them to the systems update and password reset.SkinSolutions.MD LLC
April 19, 2019 | Website Compromise
Abstract
On June 6, 2019 we learned that an unauthorized individual may have gained access to the website we used to process credit card transactions between April 19, 2019 and June 6, 2019. When we first learned of this incident, we took immediate steps to secure the information. A thorough investigation was conducted to determine what happened, who was impacted and what information may have been affected. We wanted to let you know this occurred and to assure you we take it very seriously.San Francisco Unified School District
April 10, 2019 | User Error
Abstract
On April 10, 2019, an electronic document containing student identification numbers, student names, and student usernames and default passwords for SFUSD systems and tools, including SFUSD email, student portal, and digital learning applications, for all current Buena Vista Horace Mann (BVHM) students and some former students was shared with members of the BVHM community by BVHM staff. Sharing this information with non-District personnel was a mistake and resulted in some BVHM families having access to this information regarding students other than their own for approximately a 2-hour period.Sterling & Sterling, LLC d/b/a SterlingRisk
April 03, 2019 | Phishing
Abstract
On April 17, 2019, we completed our forensic investigation into an email phishing incident and determined that an unauthorized person gained access to an email account belonging to a SterlingRisk employee on April 3, 2019. After learning of the incident, SterlingRisk immediately took steps necessary to secure the employee’s email account and promptly engaged a leading cyber security firm to assist with an investigation.Solara Medical Supplies, LLC
April 02, 2019 | Email Compromise
Abstract
On June 28, 2019, Solara determined that an unknown actor gained access to a limited number of employee Office 365 accounts, from April 2, 2019 to June 20, 2019, as a result of a phishing email campaign. We worked with third party forensic experts to investigate and respond to this incident and confirm the security of relevant Solara systems. Through this investigation we determined that certain information present within the employee Office 365 accounts may have been accessed or acquired by an unknown actor at the time of the incident. We, therefore, undertook a comprehensive review of the accounts to identify potentially affected personal information. Our review determined that some of your personal information was present in an affected account at the time of the incident.St. Vincent Medical Center
March 15, 2019 | Email Compromise
Abstract
On March 26, 2019, St. VIncent Medical Center ("SVMC" or "Hospital") discovered that the web email account of one of its hospital-based pathologists had been compromised. Within hours of discovering the incidnet on March 26, 2019, the VHS information security team promptly terminated teh unauthorized access, disabled the eamil account, and disconnected the device from the network. Upon futher investigation, the Hospital has determined that this email account was initiallly compromised on March 15, 2019. During this time, a third party obtained access to the physician's email account without authorization and from this account, sent emails to various internal and external email accounts containing malicious links and attachments. it appears that this was an attempt to obtain user names and passwords from the recipients of these emails. During the window when the physician's email account was accessed by the unauthorized third party, the intruder had the ability to access any emails or attachments present in any of email folders at that time. We have confirmed that the third party did not gain access to the email accounts of any other Verity employee or to the VHS servers or network more generally.Sprint Corporation (“Boost Mobile”)
March 14, 2019 | Account Compromise
Abstract
On March 14, 2019, Boost.com experiences unauthorized online account activity in which an unauthorized person accessed your account through your Boost phone number and Boost.com PIN code.Sheet Metal Workers’ Local Union No. 104
February 05, 2019 | Laptop Stolen
Abstract
On February 5, 2019, a Sheet Metal Workers’ Local Union No. 104 employee had a backpack, laptop and flash drive stolen out of a vehicle. We immediately contacted law enforcement. Unfortunately, it is believed that the flash drive may have contained personal information of certain individuals, including Social Security numbers and driver’s license numbers. As a result, your personal information may have been exposed to others.San Jose State University
December 10, 2018 | Server Compromise
Abstract
On December 10, 2018, SJSU Information Technology (IT) was alerted to a recent event that may have involved an unauthorized intrusion into a server operated by SJSU Associated Students. Upon learning of the incident, we immediately took action and blocked all access to and from the affected server and began an investigation to determine what happened and what information may have been affected.San Francisco Department of Public Health
November 14, 2018 | Misconfiguration
Abstract
On August 8, 2019, Alluma, a third party company that processes Healthy San Francisco enrollments, informed us that due to a computer error, some letters to Healthy San Francisco participants were sent to the wrong addresses between November 2018 and August 2019. These letters were reminders to renew Healthy San Francisco participation and informed participants when their coverage expired.San Antonio Winery, Inc.
November 13, 2018 | Phishing
Abstract
On December 6, 2018, our ongoing investigation into a phishing email incident determined that an unauthorized person gained access to an employee’s email account between November 13, 2018 and November 15, 2018. Upon learning of the incident, we immediately took steps to secure the account, began an investigation, and engaged a leading cyber security firm to assist with the investigation.San Bernardino Community College District
October 25, 2018 | User Error
Abstract
We recently learned that a District employee inadvertently sent a spreadsheet containing certain individuals’ information to a community college distribution list. Although the spreadsheet was sent to a known group of individuals and related to certain program information, there was additional information contained in the spreadsheet that was not intended for broader distribution.Sark Technologies LLC
September 23, 2018 | Website Compromise
Abstract
The following is a summary of the incident and subsequent investigation: One or more attackers identified a vulnerability in an image upload function of the SuperINN Plus web application available to authenticated users that allowed the attacker to upload PHP web shells. The earliest of these web shells found on the system was dated September 23, 2018.Silicon Valley Community Foundation
August 23, 2018 | Email Compromise
Abstract
On or about August 23, 2018, SVCF’s IT Department was notified of suspicious activity within their email environment. SVCF’s IT Department conducted an investigation and concluded that three email accounts had been compromised which contained personally identifiable information (“PII”). These affected individuals were previously notified. However, on or about December of 2019, SVCF became aware that one of these mailboxes has access to a larger shared mailbox that was used to collect scholarship information also containing PII. SVCF discovered that this shared mailbox may or could have been accessed by an unauthorized user.Sunrise Medical Laboratories, Inc.
August 01, 2018 | Website Compromise
Abstract
On May 15, 2019, we were notified that AMCA experienced a data security incident that involved the payment page on AMCA’s website and unauthorized access to an AMCA database containing information belonging to Sunrise’s patients. AMCA is a vendor that assisted Sunrise with the collection of unpaid accounts. The security of Sunrise’s systems was not affected by this incident. Upon receiving notification about this incident, we immediately began an investigation to identify the affected individuals and the nature of affected information. We are utilizing cyber security experts to assist us in our investigation. Although we are unaware of the misuse of any of your personal information, out of an abundance of caution, we are notifying you about this incident and providing you information about steps you can take to protect your personal information.Springstone Financial
July 27, 2018 | Email Compromise
Abstract
Springtone Financial recently learned that a limited number of web-based email accounts used by some employees were accessed by an unauthorized third-party. while we have no evidence indicating that any particular information was accessed or acquired, these email accounts contained unstructured data that included certain personal information about a limited number of individuals. There was no access to other systems or databases we also have no evidence of any misuse of the data potentially affected by this incident.Shein
June 01, 2018 | Network Compromise
Abstract
On August 22, 2018, SHEIN became aware that certain personally identifiable information of its customers was stolen during a concerted criminal cyberattack on its computer network. Immediately upon becoming aware of this potential theft, SHEIN hired a leading international forensic cybersecurity firm as well as an international law firm to conduct a thorough investigation.Systeme Software, Inc.
May 07, 2018 | Misconfiguration
Abstract
Systeme provide software which allows our customers to appoint agents to sell their insurance products and/or obtain a state insurance license for our customers in the insurance industry. Systeme maintains certain "results files" for its customers that contain personally identifiable information, which are maintained by systeme on secure servers. However, from September 2017 through May 7, 2018, Systeme saved some of this information to a different server for the purpose of testing to make sure our system was saving the files correctly to our database.ShopStyle Inc.
April 16, 2018 | Account Compromise
Abstract
On July 5, 2018, we discovered that, between April 16 - 27, 2018, an unauthorized third party gained access to account credentials and accessed certain user information. Although we are unaware of any actual or attempted misuse of your information, we are providing you this notification out of an abundance of caution because your information was present in the system affected by this incident.STL International, Inc. d/b/a Teeter
April 11, 2018 | Website Compromise
Abstract
On September 13, 2018, we discovered that malicious code had been installed on the Teeter e-commerce web platform. As soon as we discovered the incident, we took immediate steps to remove the malicious code and to secure all payment card information. We also launched an investigation and retained a leading forensics firm to determine what happened and whether customer payment card information had been accessed or acquired without authorization. This letter serves to inform you of the incident and to share with you steps that you can take to help protect your information.Sonoma County Indian Health Project, Inc.
March 08, 2018 | Email Compromise
Abstract
On March 16, 2018, a potential privacy breach was discovered and reported. An investigation was started immediately. Our investigation reveals that an email was sent from the SCIHP computer of an employee, who is no longer employed with us, to that employee’s personal e-mail address. The employee was authorized to access the information at the time, however the email was not encrypted or protected as is required by our policies and the law. The email has been completely deleted and we have no evidence that any unauthorized person viewed your information.Stanwich Mortgage Loan Trust A, C, and D
February 01, 2018 | Third Party
Abstract
Ascension provides data analytics in connection with residential mortgage loans which are or may have been held by Stanwich. As part of its services, Ascension has custody of certain data related to the Stanwich loans and contracts with a third-party vendor, PairPrep, Inc., d/b/a OpticsML (“OpticsML”) to process that data using certain technology.Shutterfly, Inc.
January 11, 2018 | Account Compromise
Abstract
On March 20, 2018, we learned that a Shutterfly employee’s credentials were used without authorization to access our Workday test environment on January 11, 2018. We do not yet know if unauthorized access occurred at other times. This test environment is used by a limited number of employees to develop, test and preview Workday functionality before it goes live. As soon as we were made aware, our security team promptly implemented additional security measures. We do not believe that the security of the Workday service was compromisedAbstract
Recently, we detected a criminal cyberattack on our Tiny Prints, Treat, and Wedding Paper Divas websites, which may have exposed the email addresses and encrypted passwords used by our customers to login to their accounts. We encrypt customer credit and debit card information, and we have no evidence that such information was compromised.Steven Yang, D.D.S., INC.
January 06, 2018 | Laptop Stolen
Abstract
On the morning of January 6, 2018, our dental office was burglarized and two laptops were stolen. Once discovered, the matter was immediately reported to the Los Angeles Police Department and an internal investigation was started to determine what, if any, health information may have been stored on those devices.Synchrony Bank
December 28, 2017 | Third Party
Abstract
We recently learned that information associated with your [card name] may have been obtained by unauthorized users at some point between December 28, 2017 and July 9, 2018. Upon learning about this incident, Synchrony Bank promptly began working with Stein Mart, Inc. to gather data that would allow us to clearly determine what had occurred.Stein Mart, Inc.
December 28, 2017 | Third Party
Abstract
Annex Cloud provides a service used by websites that enables individuals to use their user name and password from other websites, like Facebook and Amazon, to log in to merchants’ websites, including www.steinmart.com. Annex Cloud informed Stein Mart that they had detected and removed unauthorized code that had been added to the code used by Annex Cloud to enable logins. In its report to Stein Mart, Annex Cloud identified four periods of time when the unauthorized code was present and could have captured information entered during the checkout process by customers who placed or attempted to place orders on our website. We removed Annex Cloud’s code from our website and mailed letters to those customers to let them know what occurred.TBDSanta Cruz Biotechnology, Inc.
December 17, 2017 | Computer Stolen
Abstract
On Monday, December 18, 2017, we discovered a burglary had occurred in our Santa Cruz office on or around December 17, 2017. We immediately contacted law enforcement and began an investigation in order to determine what happened and what may have been affected as a result. As a result of our investigation, we have determined that two computers were stolen, both of which were used for HR functions, but neither of which are capable of remotely accessing our systems. While it was our general practice to store documents with sensitive personal information about employees and their beneficiaries and dependents on our servers and not on the local computers, our investigation has revealed that records containing some personal information was stored on at least one of the computers. Although we have no evidence to suggest that your personal information was accessed by an unauthorized third party, we recommend that you take advantage of the identity theft protection services we are offering below.Siskiyou Joint Community College District
December 13, 2017 | User Error
Abstract
On December 13, 2017, Siskiyou Joint Community College District received email notice that First Capitol Consulting, Inc. had inadvertently disclosed District sensitive information to another client, Ramapo Communication Corporation. The information went to only one employee at Ramapo Communication Corporation.San Francisco Department of Public Health (“SFDPH”)
December 09, 2017 | Third Party
Abstract
Nuance is a company which provides services to the San Francisco Department of Public Health. Our providers dictate patient information and Nuance puts that information in writing (transcriptions) for patients' medical records. Those transcriptions were on a computer system which an unauthorized individual accessed.Sheldon M. Golden O.D., Optometric Corporation
November 06, 2017 | Ransomware
Abstract
Early on the morning of November 6, 2017, the network server at Golden Optometric was infected with a variant of the “CrySiS” ransomware virus, which encrypted a limited number of files on its local drives. We discovered this attack within hours of its occurrence and promptly engaged IT specialists to evaluate the situation. The IT specialists determined that the network intrusion was brief and that there was no evidence that any files had been removed.Sutter Health
October 11, 2017 | Third Party
Abstract
On December 5, 2017 Sutter Health learned that Salem and Green, a vendor providing legal services to Sutter Health, was impacted by a phishing attack. This allowed an unauthorized individual to access the Salem and Green email system. The unauthorized individual had access on October 11-12, 2017 and may have viewed, accessed or downloaded information retained in their employee’s email account.Southwest Airlines co.
October 01, 2017 | Third Party
Abstract
While conducting an investigation of the Orbitz platform, Orbitz determined on March 1, 2018 there was evidence suggesting that, between October 1, 2017 and December 22, 2017, an unauthorized third-party may have accessed certain personal information stored on this consumer and business partner platform. Orbitz took immediate steps to investigate the incident and enhance security and monitoring of the affected Orbitz platform, and made every effort to remediate the issue, including taking swift action to eliminate and prevent additional unauthorized access to the platform. Findings from our investigation indicate that the information accessed on the Orbitz platform included certain hotel reservations made through Southwest.com, and powered by Orbitz, during the period from January 1, 2016 to June 23, 2016. This incident did not affect Southwest Airlines' systems nor other travel reservations made through Southwest.com.Sears Holdings Management Corporation
September 27, 2017 | Third Party
Abstract
Sears Holdings ("Sears") was recently notified, by a vendor providing online support services on our websites at Sears.com and Kmart.com, that the vendor had experienced a security incident in which an unauthorized individual incorporated a malicious script into our vendor's code which was used to provide certain services on our websites. The malicious script collected personal information from customers who placed orders on the websites. You are receiving this notice because our records show that information about your Card Type endinng in #### may have been affected by this incident.SyncHR, Inc.
August 23, 2017 | Misconfiguration
Abstract
On August 23, 2017, SyncHR became aware that a report containing your benefits that was intended to be accessed solely by your employer in our production environment was temporarily accessable by HR administrators of other customers. Upon discovery of the error, We promptly deactivated the report and determined that two individuals had accessed the report containing your information. We received written confirmation from the two customers that the report, including all information contained there in , has been deleted from their environments and that the customers did not make any use of the information.South Coast Winery Resort & Spa and Carter Estate Winery Resort
August 10, 2017 | Third Party
Abstract
The Sabre Hospitality Solutions SynXis Central Reservations system (CRS) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following an examination of forensic evidence, Sabre confirmed to us on or about June 6, 2017 that an unauthorized party gained access to account credentials that permitted unauthorized access to unencrypted payment card information, as well as certain reservation information, for a subset of hotel reservations processed through the Sabre’s system.August 10, 2016 | Third Party
Abstract
The Sabre Hospitality Solutions SynXis Central Reservations system (CRS) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following an examination of forensic evidence, Sabre confirmed to us on or about June 6, 2017 that an unauthorized party gained access to account credentials that permitted unauthorized access to unencrypted payment card information, as well as certain reservation information, for a subset of hotel reservations processed through the Sabre’s system.SAY San Diego
August 01, 2017 | Files Lost
Abstract
On October 27, 2017, SAY San Diego was notified by the County of San Diego Health & Human Services Agency (“HHSA”) that a citizen had returned some paper files to their office that were found in a filing cabinet purchased from a salvage store. The files were reviewed and assessed by our team on October 30, 2017 at which time we confirmed the documents in the files related to participants in SAY San Diego’s Dual Diagnosis youth program from January through June 2013. However, the files from March and April of 2013 were not returned, and have not been recovered to date. Upon learning this information, we launched an investigation to determine how the files were found in a filing cabinet at a salvage store. We determined that the files were inadvertently left in a filing cabinet by a SAY San Diego employee when SAY San Diego moved to a different office building.Signator Investors, Inc.
June 08, 2017 | Unauthorized Access
Abstract
On August 23, 2017, Signator determined that an unknown third party had gained unauthorized access to certain client records, some as early as June 2017. You are receiving this notice because we determined that your records are among those that were accessed without authorization.Servis One, Inc. dba BSI Financial Services
June 01, 2017 | Email Compromise
Abstract
An unauthorized third-party illegally gained access to one of our employee's e-mail accounts on or about June 1, 2017. This person did not gain access to any other employee e-mail accounts or to our computer network, servers, or other systems. This third-party then used this employee's credentials to send e-mails to others. We learned of this incident within only a few hours after our employee's e-mail account was accessed by this third-party.SMH Enterprises LLC
May 30, 2017 | Ransomware
Abstract
We are unable to determine whether any user data was stolen by the thirdparty at this time, but our system was subject to thirdparty ransomware which encrypted server data. However, we take these incidents seriously and wanted to contact you with the following information and recommended next steps:Sadd Velazquez Higashi Shammaa, LLP
May 01, 2017 | Network Compromise
Abstract
While filing returns on extension, we encountered suspicious electronic activity in our tax program. We immediately contacted our local IT firm who disabled remote access. An investigation into the matter was commenced and that same day, we notified the IRS and Franchise Tax Board of our findings. We further notified the local law enforcement, and hired a specialized forensic IT firm for additional investigation.Signature Hardware Inc.
April 28, 2017 | Third Party
Abstract
On or around April 24, 2017, an unauthorized person gained access to the third-party plaform we utilize to host our checkout process. Through this access, the unauthorized person loaded code onto our site that enabled them to access information provided by customers during checkout as it was entered. The unauthorized person is believed to have only obtained information number of days, namely April 28-May, and for a few hours on each of the following day: May 10,22, 25, 27 and 30.Spark Pay Online Store
April 10, 2017 | Website Compromise
Abstract
We discovered malicious code on [merchant website]. The code was designed to allow fraudsters to obtain customer payment information. We immediately began investigating the issue, analyzed [merchant website], removed the malicious code and performed security testing.March 10, 2017 | Website Compromise
Abstract
We discovered malicious code on the server that hosts <P41 -- URL>. The code was designed to allow fraudsters to obtain customer payment information. We immediately began investigating the issue, analyzed the server, removed the malicious code and performed security testing.Sixty Hotels
March 09, 2017 | Third Party
Abstract
CRS facilitates the booking of hotel reservations made by consumers through Sixty Hotels and other hotels, online travel agencies, and similar booking services. Following their examination of forensic evidence, Sabre confirmed on or about June 6, 2017 that an unauthorized party gained access to account credentials that permitted unauthorized access to unencrypted payment card information, as well as certain reservation information, for a subset of all hotel reservations processed through the CRS.Sunshine Behavioral Health Group, LLC
March 01, 2017 | Misconfiguration
Abstract
On September 4, 2019, Sunshine became aware that a cloud-based system used to store certain patient records on behalf of the above health care providers was inadvertently set-up in such a manner that permitted the records to be made available on the Internet. Sunshine immediately took steps to change the settings, and, on November 14, 2019, took additional actions to remove the records from general Internet access. Sunshine confirmed that personal information was affected by the incident, and began an investigation to identify the affected individuals and types of personal information involved. Through our investigation, on December 23, 2019, we learned that some personal information related to you was stored in the affected system. Your personal information may have been in our records because you paid for health care services on behalf of a patient.Sharp Memorial Hospital
February 06, 2017 | Computer Stolen
Abstract
On February 6, 2017, we discovered that a computer and an external memory device were missing from a secure storage area. The devices were used to capture and process information about your blood pressure and cardiac health history and may have contained information related to the blood pressure study, including your name, date of birth, age, current medications, and family history.Sunrun Inc.
January 20, 2017 | Phishing
Abstract
On Friday, January 20, a targeted email from a scammer impersonating me was sent to our payroll department requesting employee W-2s. Unfortunately, the phishing email wasn’t recognized for what it was – a scam – and employee W-2s for 2016 were disclosed externally.Schurman Fine Papers dba Schurman Retail Group
January 18, 2017 | Phishing
Abstract
On March 8, 2017, we discovered that our company was the victim of an email spoofing attack on January 18, 2017, by an individual pretending to be our Chief Financial Officer. A request was made from what apppeared to be a legitimate Schurman Retail Group ("SRG") email address for all 2016 SRG employee Form W-2 information. Unfortunately, copies of all 2016 employee W-2 forms were provided before we discovered that the rquest was fraudulent. We have been working tirelessly to investigate and to mitigate the impact of the attack since we discovered the fraudulent nature of the request.Stallcup & Associates CPAs
January 10, 2017 | Phishing
Abstract
On January 10, 2017, we became aware that some clients had received an email from our office that we did not send. Upon discovery of this fraudulent activity, we sent an email alerting you not to open the email. We also immediately contacted our local IT consultant, re-secured the email account [email protected], and promptly hired forensic IT specialists to determine exactly what happened and what information and systems were affected. The forensic investigation is now completed and the unauthorized access has been determined to be limited to the one email account.Spiral Toys
January 07, 2017 | Server Compromise
Abstract
We recently discovered that unauthorized third parties illegally gained access to our CloudPets server. Our investigation concludes that no voice recording or profile pictures were stolen. The stolen user account information may have included names, email addresses, and encrypted passwords.State Farm Mutual Automobile Insurance Company, it affiliates and subsidiaries
December 30, 2016 | Insider Threat
Abstract
On December 30, 2016, State Farm became aware of an incident involving a former State Farm employee who appeared to have transferred files to a portable electronic storage device and through subsequent efforts, learned that the files contained consumer information. Since its discovery of the incident, State Farm has worked diligently to understand the nature of the incident as well as the scope of the information potentially implicated. At this time, we have no reason to suspect that your personal information has been misused. The State Farm employee who transferred the information is no longer working with the company, but has informed State Farm that the transfer was made at the time for work reasons and that all such information has been returned to State Farm. Nevertheless, because State Farm has not been able to independently verify this information, we are providing notice out of an abundance of caution.ShowTix4U
December 11, 2016 | Website Compromise
Abstract
We were recently alerted by our payment card processor to a potential security incident involving our website. Based upon an ongoing forensic investigation, it appears that an unauthorized actor was able to gain access to our third-party vendor’s server and install malicious software on our website. The malicious software appears designed to capture payment card information as the information was inputted.Synergy Specialists Medical Group, Inc.
December 05, 2016 | Phishing
Abstract
On December 9, 2016, we became aware that some patients had received an email from our office earlier that morning that we did not send. Specifically, it appeared to be an email alerting you that our office had a “Docusign” document waiting for you to review. Upon discovery of this fraudulent activity, we immediately sent an email alerting you not to open the email.Select Restaurants, Inc.
October 26, 2016 | Computer Compromise
Abstract
On March 30, 2017, Select Restaurants began investigating some unusual activity reported to the Company by its third-party vendor. Select Restaurants began to work with independent forensic experts to investigate these reports and to identify any signs of compromise on its systems. On April 26, 2017, Select Restaurants confirmed suspicious activity on its computer systems that indicated a potential compromise of guests’ debit and credit card data for some debit and credit cards used at certain Select Restaurants locations.SportsMem, Inc.
October 12, 2016 | Website Compromise
Abstract
On May 29, 2017 we received a report regarding payment card activity that caused us to investigate and subsequently identify unauthorized computer code that was added to the code that operates the checkout page of www.sportsmemorabilia.com. We immediately removed the code and hired a leading cybersecurity firm. Findings from the investigation indicate that the code may have been present and capable of capturing information entered during the checkout process from October 12, 2016 to May 31, 2017.Six Continents Hotels, Inc. (d/b/a InterContinental Hotels Group)
September 29, 2016 | System Compromise
Abstract
Many IHG-branded locations are independently owned and operated franchises, and certain of these franchisee operated locations in the Americas were made aware by payment card networks of patterns of unauthorized charges occurring on payment cards after they were legitimately used at their locations. To ensure an efficient and effective response, IHG hired a leading cyber security firm on behalf of franchisees to coordinate an examination of the payment card processing systems of franchise hotel locations in the Americas region.August 01, 2016 | Malware
Abstract
Findings show that malware was installed on servers that processed payment cards used at restaurants and bars of 12 IHG managed properties. Cards used at the front desk of these properties were not affected. The malware searched for track data (cardholder name, card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the affected server.Shutterstock Music Canada ULC d/b/a PremiumBeat
September 29, 2016 | Vulnerability
Abstract
Unfortunately, on the afternoon of September 29th, we discovered a security bug in third party software which that resulted in unauthorized access to PremiumBeat user information. We immediately investigated and learned that this unauthorized party may have obtained the names, addresses, phone numbers, email addresses, and encrypted passwords for PremiumBeat users. We sincerely regret any concerns this incident may cause you.Stanford University
September 01, 2016 | Misconfiguration
Abstract
On October 27, 2017, the University Privacy Office (“UPO”) received a report that several folders with confidential information on a shared file server maintained by the Graduate School of Business (“GSB”) were accessible to GSB faculty, staff and students. The permissions on these folders were incorrectly changed around September 2016, and thus the included files were viewable by the GSB community. The GSB IT team became aware of the incorrect folder permissions on February 23, 2017. They adequately locked down the impacted folders by March 3rd. However, because GSB did not appreciate the scope of the exposure there was a delay in informing the UPO. Following notification, the UPO undertook a comprehensive review of all the files accessible to the GSB community, and last week discovered a file with employee personal information. We do not have any direct evidence that the file containing your personal information was actually accessed, downloaded or used by any unauthorized person. However, out of an abundance of caution, we believe that it is important that we notify you so that you can take steps to protect yourself.Abstract
During the latter half of March 2016, a small number of employees reported to Stanford University's Department of Public Safety (DPS) and Information Security Office that they had been unable to file their tax returns because fraudulent returns had already been filed using their information. University officials began to investigate the matter immediately.SBE ENT Holdings, LLC
August 10, 2016 | Third Party
Abstract
Sabre’s SynXis central reservations system (“CRS”) facilitates the booking of hotel reservations made by guests worldwide through hotels, online travel agencies, and similar booking services. Sabre notified us on or about June 6, 2017, that an unauthorized party gained access to Sabre-specific account credentials, which permitted unauthorized access to unencrypted payment card information and select reservation information for certain reservations processed and stored on the CRS, including the reservation(s) that you may have made for one or more stays at one or more of our properties.Standard International Management LLC
August 10, 2016 | Third Party
Abstract
The Sabre SynXis Central Reservations system (CRS) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following a forensic investigation, Sabre notified us on June 23rd that an unauthorized party gained access to their systems and was able to view some reservation information for a subset of hotel reservations that Sabre processed on behalf of Standard. The investigation determined that the unauthorized party was able to access Sabre’s system between August 10, 2016 and March 9, 2017. Please note that no Standard computer or network systems were affected in any way by this incident.Sydell Partners
August 10, 2016 | Third Party
Abstract
The Sabre Hospitality Solutions SynXis Central Reservations system (CRS) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following an examination of forensic evidence, Sabre notified us on or about June 6, 2017 that an unauthorized party gained access to account credentials that permitted unauthorized access to payment card information, as well as certain reservation information, for a subset of hotel reservations processed through the CRS. The investigation determined that the unauthorized party first obtained access to payment card and other reservation information on August 10, 2016. The last access to payment card information was on March 9, 2017.Stallcup & Associates, CPAs
July 11, 2016 | Ransomware
Abstract
On July 11th, our firm was subject to a ransomware virus wherein some of our network computer files were encrypted without our permission. Fortunately, the virus was detected within an hour and immediately stopped. Although there is no evidence that any files were viewed nor exfiltrated out of our network, nor that such activities were intended, we are notifying you of this incident because your tax information was located in the same drive as some of the files infected by the virus.Symphonix Health
May 21, 2016 | Server Compromise
Abstract
On July 6, 2016, Newkirk discovered a server containing member information was accessed without authorization. We shut down the server and started an investigation into the incident. The server did not include Social Security numbers, banking or credit card information, medical information or any insurance claims information. We hired a third-party forensic investigator to determine the extent of the unauthorized access and whether the personal information of our clients’ members may have been accessed. We also notified federal law enforcement. While the forensic investigation is ongoing, it appears the unauthorized access first occurred on May 21, 2016. Although the information contained on the server may have been accessed, Newkirk has no evidence to date that data has been used inappropriately.Spiraledge, Inc.
May 02, 2016 | Website Compromise
Abstract
On October 31, 2016, we began investigating some unusual activity reported by our credit card processor. We immediately began to work with third-party forensic experts to investigate these reports and to identify any signs of compromise on our systems. On November 28, 2016, we received confirmation of a sophisticated cyberattack in which a hack into our system may have compromised some customers’ debit and credit card data used at www.swimoutlet.com between May 2, 2016-November 22, 2016. The information at risk as a result of this event includes the cardholder’s name, address, phone number, email address, card number, expiration date, and CVV.Saint Agnes Medical Center
May 02, 2016 | Phishing
Abstract
Saint Agnes Medical Center was targeted by an isolated email phishing attack in which a scammer impersonated our Chief Executive Officer and requested that W-2 information be sent via email. There was no breach to any of our Saint Agnes systems and all patient information remains secure. Rather, we were the target of what is known as a BEC (Business Email Compromise/Correspondence) attack, which typically focuses on tax information that can be used to obtain fraudulent returns.Silver Creek Fitness & Physical Therapy, Silver Creek Physical Therapy Gilroy, Silver Creek Physical Therapy Sunnyvale, Silver Creek Physical Therapy Los Gatos
May 01, 2016 | Misconfiguration
Abstract
On September 11, 2016, we were notified by our billing and software companies that their Amazon “S3” storage account was vulnerable because it was accessible to persons outside their organization, and that a security researcher who works for a software company accessed and downloaded information from the account. This storage account contained, among other things, protected health information of certain Silver Creek Fitness & Physical Therapy, Silver Creek Physical Therapy Gilroy, Silver Creek Physical Therapy Sunnyvale, and Silver Creek Physical Therapy Los Gatos patients. The billing and software companies immediately took steps to secure the storage account and launched an investigation to determine whether any sensitive information was accessed or acquired. They determined that the storage account was vulnerable from May, 2016 to September 11, 2016. However, we have no indication that any fraud has resulted from this incident.Solano Community College
April 28, 2016 | Phishing
Abstract
On April 28, 2016, we learned that a “phishing” email was sent to an employee who responded to the email, thinking that it was a legitimate request.1 When we learned of this, we immediately secured the email account, reset passwords and began an investigation. We also notified the Solano County Sheriff’s Office which is working with the college Information Technology Department and the Solano County Sheriff’s Office Computer Crime Task Force in the investigation of this matter.San Antonio Shoemakers
April 21, 2016 | Malware
Abstract
Based on the investigation, we discovered that the checkout systems at certain retail stores were infected with a type of malicious software, or “malware,” enabling unauthorized parties to access payment card data of some of our customers.Sprouts Farmers Market
March 14, 2016 | Ransomware
Abstract
As we previously communicated to you, the payroll department at Sprouts was the victim of a "phishing" scam the week of March 14, 2016. Specifically, sprouts inadvertently disclosed your 2015 form W-2 Wage and Tax Statement when fulfilling what was believed to be a legitimate request for information. We became aware of the incident on March 17, 2016.Staminus Communications
March 10, 2016 | Network Compromise
Abstract
On March 10, 2016, Staminus Communications was the victim of an unauthorized intrusion into its network. As a result of this intrusion, systems were temporarily taken offline and customer information was exposed. The protection of the personal information of its customers is very important to Staminus. Upon discovering this attack, Staminus took immediate action, including launching an investigation into the attack, notifying law enforcement, restoring its systems, and putting additional security measures into place to help prevent a future incident.SCAN Health Plan
March 04, 2016 | Unauthorized Access
Abstract
On June 27, 2016, we learned your contact sheet, a document which was kept in a system used for sales purposes, had been accessed and possibly viewed for unauthorized purposes. We immediately began an investigation and brought in outside experts. We determined the unauthorized access occurred between March and June of 2016. While there is no indication that the information in this system has been used fraudulently, we needed to let you know that your information was in this system.Seagate US, LLC
March 01, 2016 | Phishing
Abstract
On March 1, 2016, we learned that a targeted “phishing” email message had been sent from outside the company to Seagate employees. Phishing emails are an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. In this case, the phishing email targeted Seagate employees in HR and Payroll, requesting copies of all 2015 Forms W-2, and unfortunately the email was not recognized as a scam. The information disclosed was the actual W-2 information, including the names, addresses, Social Security numbers, and earnings for anyone who was a Seagate or Seagate affiliate employee and was issued a W-2 for the 2015 tax year.Snapchat, Inc.
February 26, 2016 | Phishing
Abstract
As you know from the email we sent you last Friday (February 26, 2016), earlier that day Snapchat’s payroll department was targeted by an isolated email phishing scam in which a scammer impersonated our Chief Executive Officer and requested that employee information be sent via email. It did not affect our users or our service whatsoever.Sequoia Union High School District
February 03, 2016 | Phishing
Abstract
On February 3, 2016, as a result of a phishing incident, an unauthorized third party accessed a SUHSD office computer and may have accessed files containing certain information on all of our employees and retirees, including myself.Stonebridge Realty Advisors, Inc.
November 08, 2015 | Malware
Abstract
Based upon an extensive forensic investigation, it appears that unauthorized individuals installed malicious software on our payment processing systems that was designed to capture payment card information as it is inputted into those systems.Superior Labels
November 03, 2015 | Website Compromise
Abstract
Several reports of unusual and/or unauthorized activity after shopping with us were received from our customers in a short period of time. As a result, we have been working in conjunction with law enforcement and a leading cybersecurity firm to investigate these reports. Based on our investigation, it appears that hackers used a security vulnerability in the WordPress blogging software to gain access to our order management system from November 3, 2015 to December 11, 2015. During that period, the hackers may have been able to access orders placed though our order management system.Schwan’s Home Service, Inc.
October 09, 2015 | Third Party
Abstract
As a precaution, we want to make you aware that CARDSource, the third-party company that manufactured the cards for the Schwan’sPay™ program, has notified us of a possible compromise of its data. Thankfully, this activity represents a low risk, and there has been no evidence that your Schwan’sPay card information has been misused in anyway.Springfield Armory
October 03, 2015 | Website Compromise
Abstract
In late September, Springfield Armory received a report from a payment card network that it had noticed a pattern of unauthorized charges occurring on payment cards after they were used to make a purchase on our website. Springfield Armory immediately initiated an investigation and engaged a leading cyber security firm to examine our website network. In early October, the investigation determined that an unauthorized person gained access to the web server and installed code that was designed to copy information entered during the checkout process.STILETTO Solutions
September 16, 2015 | Website Compromise
Abstract
After identifying suspicious activity within our e-Commerce server, our incident response team began to investigate the incident as soon as we learned of it. Working with our forensic investigators and IT security advisors, we have learned that certain customer credit card information might have been acquired by an unauthorized party from our STILETTO Solutions server. The compromise of our e-Commerce server occurred on September 16, 2015 and may impact the security of credit and debit cards customers used for purchases through our site, stilettosolutions.com, from November 1, 2013 through and including September 16, 2015.Schwab Retirement Plan Services, Inc.
August 25, 2015 | User Error
Abstract
On August 25th, a spreadsheet containing your Social Security number, name, address, date of birth, date of termination (if applicable), employment status, division code, marital status and account balance was accidentally emailed to a participant in another retirement plan serviced by SRPS. That person immediately informed their plan sponsor, who in turn contacted SRPS. The plan sponsor in question has confirmed that the email and attachment have been deleted.Scripps Networks, LLC
August 08, 2015 | Website Compromise
Abstract
We recently learned of a potential unauthorized intrusion into the Food.com system that may have affected your email/username and password for logging into your Food.com account used for managing your recipe box and posting recipes on the site. These credentials can also be used to log into your user account on the Foodnetwork.com website as well as the Food Network In the Kitchen and Food.com mobile applications.Samela, Inc. d/b/a NorthShore Care Supply
June 07, 2015 | Website Compromise
Abstract
On August 24, 2015, NorthShore Care Supply learned of a possible security incident involving its online ordering website. We immediately engaged independent IT forensic experts to assist with our investigation. While the investigation is still ongoing, it appears that your credit and debit card data may have been compromised if you made an online purchase between June 7, 2015 and August 24, 2015. The information potentially exposed includes your name, address, card number, verification code, and/or the card’s expiration date.San Luis Obispo County Community College District
May 31, 2015 | Insider Threat
Abstract
On May 31, 2015 a District employee gained unauthorized access to the District’s employee database containing the personally identifiable information, and without authorization transmitted that information to the employee’s private email account. The information included employee names, home address and telephone numbers, email addresses, and social security numbers.SterlingBackcheck
May 29, 2015 | Laptop Stolen
Abstract
On May 29, 2015, a password-protected laptop was stolen from a SterlingBackcheck employee’s vehicle. The employee reported the theft to our office, and we launched an investigation to determine what information may have been stored on the laptop at the time of the theft. While our investigation is ongoing, we’ve determined a file containing your name, Social Security number, and date of birth may have been stored on the laptop at the time of the theft.Stanislaus Surgical Hospital
April 05, 2015 | Breach
Abstract
We are contacting you regarding a data security incident that occurred on April 5, 2015 at Stanislaus Surgical Hospital's 1501 Oakdale Road building. This incident may potentially expose some of your personal information to others.Service Systems Associates, Inc.
March 24, 2015 | Malware
Abstract
Service Systems Associates, Inc. (SSA) was the victim of a payment security breach between March 24 and May 20, 2015. The breach occurred in the company’s point-of-sale systems used by gift shops in several zoos. The malware that caused the breach was identified and removed, and all visitors should feel confident using credit or debit cards anywhere in these facilities.Slack Technologies, Inc.
March 20, 2015 | Account Compromise
Abstract
We were recently notified that your sign-in credentials (email address and password) for your [username] account on [team-domain].slack.com were in the possession of an unauthorized individual. This may be the result of malware installed on a computer you’ve used to sign in to Slack or your credentials being reused from a previous breach of a third party, such as those listed on sites like haveibeenpwned.com.Sharon J. Jones, M.D.
March 20, 2015 | Computer Stolen
Abstract
On the evening of March 20, 2015, our office was broken into and approximately 17 patient charts were stolen along with one desktop computer, two laptops and our server. Upon discovery the following morning, the San Pablo Police Department was immediately notified and a formal police report was filed. I then hired a security guard who thwarted another attempted break in 3 days later.Sally Beauty Holdings, Inc.
March 06, 2015 | Malware
Abstract
We have confirmed that criminals used malware believed to have been effectively deployed on some of our point-of-sale systems at varying times between March 6th and April 17th of 2015. Accordingly, the payment card information of our customers that used cards at affected U.S. Sally Beauty stores during this time may have been put at risk.Stater Bros. Markets
March 05, 2015 | Skimming
Abstract
On April 8, 2015. we discovered that three suspects connected a small data capture device to the pin pad of a point-of-sale terminal in the deli area of our West Covina, California store.SVC-West, LLC
January 06, 2015 | Files Lost
Abstract
In January 2015, an unknown individual(s) forcibly and illegally entered an office and stole items from a locked cabinet that included a binder containing records of transactions with SVC during 2005 to 2008.Summit Financial Group
January 01, 2015 | User Error
Abstract
After a Summit client files a tax return, we mail the client a CD that contains his or her tax return. Between January 1, 2015 and February 15, 2015, in connection with performing tax return services for our clients, we mailed CDs to sixty-seven clients. We intended that these CDs would contain only the individual recipient's tax return information. On April 15, 2015, a client contacted Summit to infor us that a single CD had other clients' data on it. We immediately retrieved that CD and confirmed that the individual had not retained any of the information on the CD. At that time, we had no reason to believe that any other CDs had information relating to other clients stored on them. On may 15, 2015, one more client contacted us and informed us that the CD he/she received also contained other clients' tax return information. At that point, we learned that there had been an error by one of our employees when the CDs were compiled. As a result, we immediately began our investigation and started to personally visit each of the sixty-seven clients t oretrieve all of the CDs issued between January 1, 2015 and February 15, 2015. All of the CDs have either been destroued by our clients or personally collected by Summit where we are maintaining them in a locked container.SRI, INC.
December 01, 2014 | Website Compromise
Abstract
On March 13, 2015, SRI, Inc. learned of unauthorized access of our website software. We believe that unauthorized access may heave been occurring since December 2014. An outside user may have been able to access files containing your personal information.Sony Pictures Entertainment Inc. (“SPE)
November 24, 2014 | Breach
Abstract
SPE learned on December 1, 2014, that the security of personally identifiable information that SPE received about you and/or your dependents during the course of your employment may have been compromised as a result of such brazen cyber attack.Sterling M Enterprises (dba Lee’s Deli)
November 03, 2014 | Malware
Abstract
We recently learned that unauthorized individuals installed malicious software on computer systems used to process credit card transactions at our Lee’s Deli locations at 75 Battery Street in San Francisco, CA and 4200 Bohannon Drive in Menlo Park, CA.SAUSALITO YACHT CLUB
September 30, 2014 | Unauthorized Access
Abstract
We are writing to you because of an incident at the Sausalito Yacht Club on or about October 1, 2014,wherein several members gained unauthorized access to our member roster, which includes information linking your name to your private Sausalito Yacht Club member number, the combination of which allows you to charge beverages, goods, services and meals at the club, such amounts being charged at the time and accumulated for inclusion on your next bill.Staples, Inc.
August 10, 2014 | Malware
Abstract
Staples’ data security experts detected that criminals deployed malicious software, or “malware,” to some point-of-sale systems at 115 of its more than 1,400 U.S. retail stores. Staples believes that malware may have allowed unauthorized access to some transaction data at affected stores, including cardholder names, payment card numbers, expiration dates, and card verification codes.State Farm Mutual Automobile Insurance Companies, its affilitates and subsidiaries
August 07, 2014 | Service Compromise
Abstract
On January 21, 2016, State Farm opened an investigation related to employees of a State Farm independent contractor agent in Chino Hills, CA. The investigation determined there was misappropriation of customer funds as well as misuse of customer financial cards to make payments and/or replace customer payments that were either diverted or not correctly applied to customers’ accounts.Santa Rosa Memorial Hospital
June 02, 2014 | Device Lost
Abstract
On June 3, 2014, we became aware that a thumb drive (also known as a USB or flash drive) containing data pertaining to X-rays provided between February 2, 2009 and May 13, 2014, was missing. This thumb drive is believed to have been taken from a staff member’s locker during a burglary that occurred on June 2, 2014, at the Santa Rosa Memorial Imaging Center located at 121 Sotoyome Drive in Santa Rosa, California. The thumb drive contained information pertaining to X-rays provided at this location by both Redwood Regional Medical Group and, more recently, by Santa Rosa Memorial Hospital, which began operating the center on April 1, 2014. The thumb drive was being used by staff as a temporary back-up in preparation for migration of data from Redwood Regional Medical Group’s electronic medical records system to Santa Rosa Memorial Hospital’s system.Sterne, Agee & Leach, Inc.
May 29, 2014 | Laptop Stolen
Abstract
An employee of Sterne, Agee & Leach (“Firm”) was unable to locate their firm-issued laptop. While the laptop was password protected, the data stored locally was not encrypted. The data stored locally included data compiled for mailing to certain Private Client Group customers whose accounts were open as of May 29, 2014 and may have included account information maintained by Sterne Agee & Leach for past and present customers whose accounts were opened between July 1, 1992 and June 30, 2013.Stanford Federal Credit Union
April 30, 2014 | User Error
Abstract
We want you to be aware of a situation in which a staff member mistakenly sent some of your personal information to one individual not employed by the credit union. This error was discovered within minutes, and we immediately worked with this individual, a long-time credit union member, to ensure the data was destroyed before being viewed. This incident occurred on April 30, 2014, and the information included your name, address, member number, tax identification number, loan offers and credit information.Sourcebooks, Inc.
April 16, 2014 | Website Compromise
Abstract
Sourcebooks recently learned that there was a breach of the shopping cart software that supports our website, putmeinthestory.com, on April 16, 2014 – June 19, 2014 and unauthorized parties were able to gain access to customer credit card information. The credit card information included card number, expiration date, cardholder name and card verification value (CVV2)SHARPER FUTURE
March 29, 2014 | Device Lost
Abstract
On or about March 29tn, 2014, our office at 5860 Avalon Boulevard Los Angeles was burglarized and we lost electronic equipment that stored our records and included personal information about you. The information stored on the stolen equipment was password-protected and it would be extremely difficult for someone to access it. The police collected evidence and a criminal investigation is ongoing.Sorenson Communications
February 20, 2014 | Account Compromise
Abstract
On March7,2O14, we determined that between February 20 and March 3,2O14, Sorenson's account with the vendor that handles payroll for Sorenson Communications and CaptionCall@ employees was subject to several malicious attacks. Those attacks successfully accessed personal information that employees provided as part of their HR data.Silversage Advisors
February 20, 2014 | Device Lost
Abstract
On February 20, 2014, back-up computer drives were stolen from a secure offsite location used as part of our disaster recovery plan. Those back-up drives contained Silversage information including, but not limited to name, address, social security number, driver's license number and account information.St. Joseph Health
February 18, 2014 | User Error
Abstract
St. Joseph Health provides central support services to its members including St. Joseph Home Care Network. On the evening of February 18, 2014 at 7:47 PM, we discovered that at 5:04 PM on that same day one of our employees inadvertently sent a Microsoft Excel file containing patient information to an employee at Cain Brothers, an investment firm that had requested certain de-identified information to complete a business proposal for us. By accident, our employee did not delete the file tab that included identifiable patient information. This file was not secured by technology, like encryption, that would have rendered the file unusable or unreadable by the recipient.Sutherland Healthcare Solutions
February 05, 2014 | Computer Stolen
Abstract
On February 5, 2014, SHS’ Southern California office was broken into and eight computers were stolen. The Torrance Police Department was immediately informed of this incident. The Los Angeles County District Attorney is the lead investigator where this criminal case is ongoing. After analyzing the information contained on the stolen computers, we identified a group of impacted individuals and on February 25, 2014, we provided that information to Los Angeles County. Since then, we have continued our analysis to determine if other individuals were affected. On March 27, 2014, we provided Los Angeles County with updated information. We have now confirmed that your personal information was also included on the computer equipment that was stolen on February 5, 2014.Schwaab. Inc.
January 22, 2014 | System Compromise
Abstract
We learned that our computer system was accessed without our authorization during the time period of January 22, 2014 and February 8, 2016Snelling Staffing, LLC
January 20, 2014 | Misconfiguration
Abstract
We discovered on January 24, 2014 that on about January 20 or January 21, 2014, the personal information of some employees and former employees of Snelling was inadvertently made available on the Internet due the errors made during the installation of a cloud-based server at the home of a former Snelling employee.StakerLaw Tax and Estate Planning Law Corporation
December 20, 2013 | Device Lost
Abstract
On Friday, December 20, 2013, we were victims of a burglary at my home, that included our firm's back-up hard drive. This hard drive, which I ironically kept off site in case of fire, contained copies of client files, including clients' social security numbers and other asset information.St. Joseph Health System
December 16, 2013 | Server Compromise
Abstract
Between Monday, December 16 and Wednesday, December 18, 2013, SJHS experienced a security attack in which hackers gained unauthorized access to one server on its computer system. SJHS acted quickly, shutting down access to the involved computer on December 18, and hiring national security and computer forensics experts to thoroughly investigate this matter. Our investigation, which is ongoing, determined that this security attack may have resulted in unauthorized access to records for some SJHS patients, employees, and some employees’ beneficiaries. These records include your name, and possibly your address.Straight Dope LLC
December 15, 2013 | Website Compromise
Abstract
Our security team recently discovered that the Straight Dope message board forum was targeted and hacked. This resulted in the illegal acquisition of message board users' information, namely usernames, email addresses, and Straight Dope message board passwords.San Mateo Medical Center
December 05, 2013 | Insider Threat
Abstract
An employee recently hired by SMMC's Payroll Unit failed to disclose a prior conviction for identity theft. Upon discovering the employee's conviction, SMMC immediately terminated the employee's employment and access to data and launched an investigation.Sebastopol Sea Serpents
October 13, 2013 | Laptop Stolen
Abstract
On Saturday, June 15 th, one of our employees informed us that she had been the victim of a burglary during the early morning hours on June 15 that approximately 2:45 a.m. and that her company laptop had been stolen. The laptop contained certain aspects of patient information which she needed as part of her role with our company.SafetyFirst
September 27, 2013 | Misconfiguration
Abstract
On April 2, 2014, SafetyFirst became aware that an FTP server used to back up your drivers’ data was publicly accessible, resulting in unauthorized access to your drivers’ personal information. SafetyFirst immediately disconnected the FTP server to prevent further unauthorized access to the data on the server.Stephen T. Imrie, M.D.
September 23, 2013 | Laptop Stolen
Abstract
My residence was broken into on September 23, 2013 and various items were stolen. Pertinently, my password protected laptop was taken. Though the San Jose Police Department was immediately notified upon the burglary's discovery, to date nothing has been recovered.Santa Clara Valley Medical Center
September 14, 2013 | Laptop Stolen
Abstract
On September 16, 2013, staff discovered that a laptop had been stolen from the Audiology Department over the weekend. The laptop was used for hearing screenings and was not encrypted. Your information was believed to have been on the laptop that was taken.Silverberg Surgical and Medical Group
September 10, 2013 | Misconfiguration
Abstract
We are sending this notification to you because we recently discovered a security breach involving some of your personal health information. Based on our investigation, on September 10, 2013 a document scanning device inadvertently exposed some patient health records to the Internet. The records that were accessible included patient names, addresses, dates of birth and admission, telephone and fax numbers, e-mail addresses, medical information, medical record numbers, health plan data and beneficiary numbers, and, in some cases Social Security numbers, State License numbers and full face photographic images. No passwords, security codes or financial data like account or credit/debit card numbers were made accessible in connection with this incident.South Central Los Angeles Regional Center
July 06, 2013 | Device Lost
Abstract
On July 6, 2013, a SCLARC staff's vehicle was stolen and among the items in the vehicle was a SCLARC Ipad. The Ipad is password protected and should the thieves be able to break through the password protection, they may be able to retrieve your name and UCI#Shore Mortgage (a division of United Shore Financial Services, LLC)
June 02, 2013 | Server Compromise
Abstract
I am writing to make you aware that Shore Mortgage recently discovered that servers at one of our vendors were subject to a computer intrusion. The servers that we accessed contained Shore information.Shumsky Promotional Agency
May 14, 2013 | Third Party
Abstract
On May 16, 2013, Shumsky was notified by its e-commerce platform provider that on May 14, 2013, an unauthorized third party accessed the e-commerce platform and accessed nearly 1,400 of Shumsky cardholder records. We understand our service provider patched the vulnerability the very next day, on May 15.Sutter Medical Foundation
April 26, 2013 | Insider Threat
Abstract
On August 27, 2015, we determined that the former employee emailed certain electronic documents to a personal email address without authorization on April 26, 2013.SynerMed Inc
April 15, 2013 | Laptop Stolen
Abstract
The security incident occurred on the night of April 14 or early morning on April 15, 2013, when a thief broke into an automobile belonging to an employee that was parked in front of the employee’s home. The thief stole the employee’s SynerMed laptop computer, which had member PHI on its hard drive.San Francisco State University
March 25, 2013 | Server Compromise
Abstract
On Monday, June 11, 2013 we were notified by federal law enforcement of a compromise of the College of Extended Learning server that occurred on March 25th, 2013 at 3 am. The incident involved the unauthorized use of the server by a group not associated with SF State.Sonoma Valley Hospital
February 14, 2013 | Misconfiguration
Abstract
On April 17, 2013, Sonoma Valley Hospital became aware of health information disclosure related to your services at Sonoma Valley Hospital. Once we were notified of this issue, we immediately took down our website to delete the file from our website.Stanley Black & Decker, Inc.
January 28, 2013 | Laptop Stolen
Abstract
On January 28, 2013, the company-issued laptop of an employee in the Finance department who handled T&E charges was stolen. Through our investigation of the incident, we believe that information stored on the laptop may have included your name and the account number and routing number of the account that you have designated as the account to which direct deposits are to be made to reimburse you for expenses incurred on the Company’s behalf. Information stored on the laptop may also have included your social security number.Schneider-Electric
January 17, 2013 | User Error
Abstract
On or about January 16, 2013, one of the bulk mail vendors that performs mailing activities on behalf of our Employee Share Plan mistakenly included your Social Security Number in the address field of a Call for Candidacy letter mailed to you on our behalf.Stanford School of Medicine & Lucile Packard Children’s Hospital
January 09, 2013 | Laptop Stolen
Abstract
On behalf of the Stanford School of Medicine and Lucile Packard Children’s Hospital, we regret to inform you of the theft of a physician’s laptop computer. The theft occurred Wednesday evening, January 9, 2013 when the physician’s car was broken into and the incident was immediately reported to the local police department. Stanford School of Medicine and Lucile Packard Children’s Hospital were notified of the incident the next morning. The laptop was protected with a strong 8-character password.Sunview Vineyards of California, Inc.
December 15, 2012 | Laptop Stolen
Abstract
On or about the 15th of December 2012, we believe that a company laptop computer was stolen from one of our facilities as part of a burglary. We have reason to believe that personal information concerning you was or may have been on the laptop computer and that information may be in the possession of the thief.Stethoscope.com LLC
December 03, 2012 | Website Compromise
Abstract
On or about December 3, 2012, a hacker gained unauthorized access to the webserver used to host our website, resulting the potential acquisition of your name, address, e-mail address, and information related to your credit card identified above.South Carolina Department of Revenue, c/o Jon Neiditz, Nelson Mullins Riley & Scarborough
September 01, 2012 | Breach
Abstract
Tax returns and other data at the South Carolina Department of Revenue were exposed due to a security breach that took place in September 2012 and was discovered in October 2012. The information exposed in this breach included any South Carolina state taxes filed electronically by businesses or individuals since 1998, and could include social security numbers, tax identification numbers, and payment information including bank accounts and credit cards.State Farm Insurance Companies
July 28, 2012 | Insider Threat
Abstract
The incident involved an employee who formerly worked in my office. While employed, and contrary to the business practices of my office, the employee used customer information inappropriately. This information would have included names, addresses, birthdates, credit card numbers and social security numbers. It has further been alleged that this employee specifically used your credit card to purchase items online.Abstract
This incident involved an employee who formerly worked in my office. While employed, and contrary to the business practices of my office, the employee allegedly used customer information inappropriately. This information may have included names, addresses, credit card numbers and social security numbers. We have been unable to confirm which customers’ information was allegedly misused by this person.St. Therese Medical Group
July 22, 2012 | Computer Stolen
Abstract
Stanford Hospital & Clinics and School of Medicine
July 15, 2012 | Computer Stolen
Abstract
We regret to inform you of a suspected theft of a computer from a locked faculty-physician's office. The computer was password-protected. It also contained software that would detect wether the computer had been connected to the internet and, if so, the location of the computer.St Mary Medical Center
May 07, 2012 | Device Lost
Abstract
On May 8, 2012, we discovered that an unencrypted thumb drive with patient names, account numbers, diagnosis, dates of admission and discharge, physicians’ names, account numbers and medical record numbers was lost. To date, we have not been able to locate this thumb drive.State of California, Department of Child Support Services
March 12, 2012 | Third Party
Abstract
We are contacting you because on March 12, 2012, the California Department of Child Support Services learned that contracted service providers, International Business Machines (IBM) and Iron Mountain Inc., could not locate several specialized computer storage devices containing personal information of parents, caregivers and children maintained by our department. The devices were in transit from IBM’s facility in Colorado to California. Upon arrival, several devices were missing.St. Joseph’s Medical Center
February 02, 2012 | Files Lost
Abstract
On February 2, 2012, we discovered that a storeroom window had been broken at the HealthCare Clinical Laboratory (HCCL) Patient Service Center located at 89 W. March Lane, Stockton, and that two storage boxes containing HCCL lab requisition forms were missing from the center.San Jose Medical Supply Company
August 01, 2011 | Insider Threat
Abstract
In August 2011, the former owner of San Jose Medical passed away and thereafter the company continued operating through its employees and agents under the supervision of trustees. One year later, in August of 2012, the undersigned purchased San Jose Medical from the former owner’s probate estate and continued operating the company. The new owner uncovered certain suspicious activity taken by the former employees, officers and/or agents of the prior owner, which may have compromised the security of your health information. In June of 2013, San Jose Medical confirmed that there was in fact a breach in the security of your health information. This breach occurred between August 2011 and December 2011, and resulted in the unauthorized disclosure of your personal information.San Francisco Head Start, San Francisco State University
August 01, 2011 | Database Compromise
Abstract
Between August and November 2011, there was a compromise of security in the San Francisco Head Start/Early Head Start database and unauthorized person(s) accessed personal information contained in this database.Santa Barbara Unified School District
Abstract
In late November 2019, Aeries Software became aware of unauthorized attempts to access the Aeries Student Information System, and began investigating. Aeries is used by districts across California, and is the largest student information system vendor in the state. At that time, Aeries did not identify that any data was compromised. In December 2019, Aeries released a series of security patches as a precautionary measure, since there was no evidence that any data was compromised, to address the potential vulnerabilities.ShareThis, Inc.
Abstract
On February 11, 2019, ShareThis became aware that it suffered a data security incident when it was informed that The Register published a story indicating that 16 companies, including ShareThis, were the victims of a data theft. We can tell from our initial investigations that email addresses, hashed passwords and some birth dates were impacted. The incident, unfortunately, only came to light when The Register reported that the hacker posted the data for sale on the dark web.Sierra View Medical Center
Abstract
In mid-November 2018, a Hospital employee obtained an electronic copy of personal information of current and former Hospital employees without authorization and the employee transmiteed such information through a personal email account for personal pursuits unrelated to the Hospital.Surgerical Specialties of Arroyo Grande, LLC, dba Oak Park Surgery Center
Abstract
On July 9, 2018, a patient notified Oak Park Surgery Center ("Oak Park") that an operative report from her surgery at Oak Park could be found online through a Google.com search of her name. OaK Park immediately investigated and discovered that operative reports for 649 patients could be found through Google.com and could be viewed through a third party FTP website, utilized by Oak Park's outside transcription service. The reports were from surgical operations taking place at Oak Park from March 2016 through July 2018.SOS TAX
Abstract
We are writing to let you know about a security data breach incident that may involve your personal information between October 2017 and March 2018.Solera Holdings, Inc.
Abstract
TBDBSTANFORD UNIVERSITY
Abstract
On October 27, 2017, the University Privacy Office (“UPO”) received a report that several folders with confidential information on a shared file server maintained by the Graduate School of Business (“GSB”) were accessible to GSB faculty, staff and students. The GSB IT team became aware of the incorrect folder permissions on February 23, 2017, however, because GSB did not appreciate the scope of the exposure there was a delay in informing the UPO. Following notification, the UPO engaged a third-party forensics team and undertook a comprehensive review of all the files accessible to the GSB community, and last week discovered a folder with traveler personal information. The information was collected from students, faculty and staff who were traveling internationally so that the GSB could provide support for travelers, in particular in the event of medical or other emergency. Around 2014, there was an organizational change within the GSB traveler program and we believe that it was during that transition that the folder with personal information of previous travelers was moved to the shared drive. We do not have any direct evidence that the file containing your personal information was actually accessed, downloaded or used by any unauthorized person. However, out of an abundance of caution, we believe that it is important that we notify you so that you can take steps to protect yourself.SONIC Corp.
Abstract
Sonic Drive-In has discovered that credit and debit card numbers may have been acquired without authorization as part of a malware attack experienced at certain Sonic Drive-In locations. Your trust in Sonic is important to us and we sincerely regret any inconvenience this may cause. We have provided here more information about this situation, including an offer of free identity theft protection for affected customers:SRI International
Abstract
In late July 2017, SRI discovered that internal SRI networks and systems were targeted and improperly accessed by unauthorized parties. On or around August 21, 2017 it was discovered that personal information may have been accessed as well. The incident involved SRI systems, including an internal SRI fileserver and SRI’s Identity and Access Management (IAM) Systems.Steel Technology LLC dba Hydro Flask
Abstract
On or about May 2, 2017, Hydro Flask learned that the security of personal information Hydro Flask received about you during your visit to our e-commerce website (http://www.hydroflask.com/) may have been compromised.San Jose Evergreen Community College District
Abstract
On November 7, 2016, we learned that an SJECCD employee had inadvertently uploaded a file containing the personal information of certain SJECCD students to a publicly accessible folder on the SJECCD website. The file was temporarily stored on the webserver and could be retrieved in search results. Upon learning this, we promptly removed the file from the website and began an investigation into the incident. Our investigation indicates that the incident was an accident, and not the result of any kind of malicious attack.San Mateo Foster City School District
Abstract
On April 6, 2016, we were informed that a thumb drive, containing certain information on all of our active employees, including me, was inadvertently misplaced. We have devoted considerable time and effort to try and locate the thumb drive, as well as to determine what exact information may have been included on it, and as such, is at risk of disclosure.Sorrento Pacific Financial, LLC
Abstract
On November 9, 2015, we learned that your child’s personal information may have been stolen from a former Sorrento Pacific Financial, LLC investment representative. Your child is named a beneficiary of an account opened with the investment representative. This incident is currently under investigation with the appropriate authorities. After learning about the potential theft, we launched an investigation to determine what information may have been stolen. While our investigation is ongoing, we have determined that your child’s name, mailing address, date of birth, driver’s license number, email address, and Social Security number may have been stolen by this individual.Starwood Hotels & Resorts Worldwide, Inc.
Abstract
Based on the investigation, we discovered that the point of sale systems at certain Starwood hotels were infected with malware, enabling unauthorized parties to access payment card data of some of our customers.Scottrade
Abstract
Federal law enforcement officials recently informed us that they’ve been investigating cybersecurity crimes involving the theft of information from Scottrade and other financial services companies. We immediately initiated a comprehensive response.Summers Estate Wines
Abstract
Our consumer direct sales systems provider, Missing Link Networks, Inc., (“Missing Link”) notified us on May 27, 2015 of a security incident involving credit and debit card data. Missing Link has advised us that during the window of April 1, 2015 to April 30, 2015, a third party might have gained access to certain personal information, including customer names, card numbers, related payment addresses, passwords, and dates of birth. We are working proactively and aggressively with Missing Link to address the issue.Spring Mountain Vineyard
Abstract
Our consumer direct sales system provider, Missing Link Networks Inc. (Missing Link) notified us on May 27, 2015 that their platform had a security incident during the window of April 1, 2015 to April 30, 2015. Because Missing Link is widely used in the wine industry, you may receive similar notices from other affected wineries. Missing Link has advised us that the unauthorized third party gained access to customer names, credit card and debit card numbers, the related billing addresses, passwords, and dates of birth in their system up to April 30. You are receiving this letter because your information may have been compromised.Silverado Vineyards
Abstract
Our third-party ecommerce provider, Missing Link Networks, Inc. (MLN), was the subject of a recent data security incident. MLN notified us of this incident on June 1, 2015. You are receiving this letter because your credit card number on file may have been among the data compromised.Signorello Estate
Abstract
Our consumer direct sales systems provider, Missing Link Networks, Inc., (“Missing Link”) notified us on May 29, 2015 of a security incident involving credit and debit card data. Missing Link has advised us that during the window of April 1, 2015 to April 30, 2015, a third party might have gained access to certain personal information, including customer names, card numbers, related payment addresses, passwords, and dates of birth.State Compensation Insurance Fund
Abstract
On October 24, 2014, we received a report from a provider State Fund uses for interpreting services. Lucy Gomez Blankey Interpreting, Inc. that they were a victim of a computer network attack. The attack resulted in the theft of email retained in their data back.San Diego State University
Abstract
San Diego State University recently discovered a database containing your personal information. The database was managed by the Pre-College Institute and contains your name, Social Security number, date of birth, address, and other personal information needed to provide pre-college students various services. You were or are enrolled in one of the Pre-College Institute programs. The database was intended to be used only by Pre-College Institute employees, but it was misconfigured to enable any computer connected to the SDSU wired network, with the program “FileMaker”, to open it. The SDSU wired network consists of offices, some labs and the library.StumbleUpon, Inc.
Abstract
Recently, we detected suspicious activity on your StumbleUpon account. To keep you safe we have locked your account and reset your password.Standard Insurance Company
Abstract
On October 18th, 2013, we learned that a file containing names, address, date of birth and Social Security numbers of employees was inadvertently disclosed (unauthorized access) on the vendor’s system October 7 and October 18, 2013. Another insurance policyholder realized the information was accessible to them and contacted The Standard. We have confirmed that they are the only individuals who accessed the file.Smartphone Experts
Abstract
On July 12, 2013, we learned that a hacker gained access into the computer system we use to process payments for purchases made on our website.Sutter Health East Bay Region (Alta Bates Summit Medical Center; Sutter Delta Medical Center; Eden Medical Center)
Abstract
On May 23, 2013, the Alameda County Sheriff's office notified us that personal information on pertaining to a number of people, including you, was recovered during an investigation. The information my have originated from Sutter Health's Alta Bates Summit Medical Center.Sprechman & Associates, P.A.
Abstract
One of our employees may have performed unauthorized searches on you. This information may have included your name, address, date of birth, driver’s license number, and social security number. We are advising you of this matter in an abundance of caution, but we stress that we cannot be sure that your Information was in fact used in an inappropriate manner. In fact, we cannot even be sure that your Information was actually viewed, but we are providing this notice out of an abundance of caution.Scripps College
Abstract
During a review of certain processes in the Scripps College Financial Aid Office, we discovered that an unauthorized individual not employed by the College may have had access to information relating to your financial aid application.Sacramento Area Fire Fighters, Local 522
Abstract
Between March 5-6, 2012, a spreadsheet containing names and contact information for active and retired Local 522 members was sent by a Local 522 employee to the Sacramento Central Labor Council ("CLC"). The spreadsheet containing this information also contained Local 522 members’ social security numbers.T
Tree Top, Inc. and Northwest Naturals LLC
November 10, 2020 | Network Compromise
Abstract
On November 11, 2020, we learned that Tree Top’s computer network was accessed by unauthorized third parties. The hackers initially gained access to our network through a compromised user account and then gained access to several of our corporate computer systems. Using ransomware, the hackers encrypted a number of our servers that contained personal information. Upon learning of the incident, we immediately launched a thorough forensic investigation with the assistance of leading outside cybersecurity experts and promptly took steps to secure and restore our systems. We are confident at this time that there is no ongoing persistent or unauthorized access to the Tree Top network or systems from this incident.Total Quality Logistics, LLC
October 01, 2020 | Website Compromise
Abstract
On Sunday, February 23, 2020, we discovered that there had been unauthorized access to two of our external facing web applications, which compromised the security of our online portals for customers and carriers. Unauthorized users gained access to certain customer/carrier information, including email addresses, first and last names, bank account information, mobile phone numbers, tax ID numbers/social security numbers, and internal customer ID numbers. We do not have any evidence of information that this information has been used fraudulently.Terminix Global Holdings
September 10, 2020 | Email Compromise
Abstract
Our review of compromised emails revealed that one email included a file which contained the name, social security number, date of birth, employment dates, 401K balance and the name of our 401K provider for 14,708 current and former teammates across the United States. Due to the sensitive nature of this information, it is possible that thieves can use it for identity theft. We do not know if the information has been used at this time. We are sending this notice to both Terminix and ServiceMaster teammates because these events took place before the completion of the sale of ServiceMaster brands, when everyone receiving this notice was employed under the ServiceMaster Global Holdings brand.The Long & Foster Companies, Inc.
August 22, 2020 | Ransomware
Abstract
On August 22, 2020, we determined that Long & Foster was the victim of a ransomware attack. Ransomware is used by cybercriminal(s) to block access to an entity’s environment, including its systems and data. Immediately upon detection of the incident, we launched an investigation, with the assistance of leading cybersecurity experts and the FBI, to determine what happened and what information, if any, may have been impacted. As part of the investigation, we determined the cybercriminal(s) gained access to Long & Foster’s systems on August 22, 2020, and that your personal information may have been accessible to the cybercriminal(s) as a result.Trinity Health
August 18, 2020 | Ransomware
Abstract
On July 16, 2020, Blackbaud notified Trinity Health and other customers of a cyber-attack involving Blackbaud’s network, including ransomware, that impacted certain donor database backup files maintained by Blackbaud, including Trinity Health’s donor database. Blackbaud reported the cyberattack occurred between April 18, 2020 - May 16, 2020. Blackbaud reported that based on its investigation, the cybercriminals responsible for the attack could have obtained access to various types of information in the client backup files.The Jane Goodall Institute
July 31, 2020 | Ransomware
Abstract
Blackbaud works with many large and small nonprofits, including the Jane Goodall Institute, to support fundraising and engagement efforts. Last week, Blackbaud notified us that it was the target of a ransomware attack that involved the information of a number of its clients. As a result, the hackers obtained some personally identifying information about Blackbaud's nonprofit clients' donors and prospective donors, including those of the Jane Goodall Institute.Abstract
Blackbaud works with many large and small nonprofits, including the Jane Goodall Institute, to support fundraising and engagement efforts. Last week, Blackbaud notified us that it was the target of a ransomware attack that involved the information of a number of its clients. As a result, the hackers obtained some personally identifying information about Blackbaud's nonprofit clients' donors and prospective donors, including those of the Jane Goodall Institute.The GEO Group Inc.
July 17, 2020 | Ransomware
Abstract
On August 19, 2020 GEO discovered it was targeted by a ransomware attack in which an unauthorized actor gained access to GEO’s network. Upon discovery, GEO immediately severed all connections between the affected corporate servers, our facilities, data centers and corporate office in an effort to contain the attack. GEO is also working with forensic experts to conduct a detailed technical investigation into the incident. The investigation has revealed that the incident may have affected your personal information.The Chronicle of Higher Education, Inc.
June 15, 2020 | Website Compromise
Abstract
On June 19, 2020, The Chronicle completed our investigation of reports we received that some of our data may have become accessible online. Through the investigation, we confirmed that unauthorized parties made data for some online accounts to chronicle.com, philanthropy.com, and chroniclevitae.com accessible online. Upon learning of this, The Chronicle launched an investigation with the assistance of a leading cybersecurity firm, and law enforcement was notified. Through the investigation, The Chronicle determined that unauthorized parties had exploited a vulnerability in one of The Chronicle’s servers, through which they were able to obtain limited account information.February 17, 2020 | Server Compromise
Abstract
On May 10, 2020, The Chronicle concluded our investigation and analysis of a data security incident that involved unauthorized access to one of our servers. The Chronicle learned about the incident after receiving an internal alert about suspicious activity on the server. Upon learning of this, The Chronicle took the server offline, a leading cyber security firm was engaged to assist with the investigation, and law enforcement was notified. Through our investigation, The Chronicle determined that unauthorized parties exploited a vulnerability in the server, through which they were able to obtain administrative account credentials for the server. The unauthorized parties then logged in to the server on February 17, 2020 and accessed a database on the server that contained credentials for online accounts to chronicle.com, philanthropy.com, and chroniclevitae.com.TrueFire LLC
February 21, 2020 | Unauthorized Access
Abstract
On July 28, 2020, TrueFire discovered certain information in its network may have been subject to unauthorized access. We immediately began an investigation, with the assistance of third-party forensic specialists, to assess the nature and scope of the incident. Our investigation determined that an unauthorized actor accessed our network and further accessed certain information stored on the network on or about February 21, 2020. We conducted a comprehensive review of information potentially impacted by this incident to determine the type of information at issue and to whom the information related. Although we are unaware of any actual or attempted misuse of information as a result of this incident, we are notifying you because your information was potentially impacted.August 03, 2019 | Website Compromise
Abstract
On January 10, 2020, TrueFire discovered that an unauthorized person gained access to our computer system and, more specifically, to information that consumers had entered through the Website. While we do not store credit card information on our website, it appears that the unauthorized person gained access to the Website and could have accessed the data of consumers who made payment card purchases, while that data was being entered, between August 3, 2019 and January 14, 2020.The Center for Early Education
February 7, 2020 | Ransomware
Abstract
Blackbaud is a cloud-based software company that provides services to thousands of schools, hospitals, and other non-profits. On July 16, 2020, Blackbaud notified us that it had discovered a ransomware attack on Blackbaud’s network in May 2020. Blackbaud reported that it conducted an investigation, determined that backup files containing information from its clients had been taken from its network, and an attempt was made to encrypt files to convince Blackbaud to pay a ransom. Blackbaud paid a ransom and obtained confirmation that the files that had been removed had been destroyed. Blackbaud reported that it has been working with law enforcement. Upon learning of the incident from Blackbaud, we conducted our own investigation of the Blackbaud services we use and the information provided by Blackbaud to determine what information was involved in the incident. On September 2, 2020, we determined that the backup files contained certain information pertaining to you.Thomas Cuisine
January 24, 2020 | Email Compromise
Abstract
Earlier this year, Thomas Cuisine became aware of suspicious activity in certain employees’ email accounts. Thomas Cuisine immediately began an investigation into the incident with the assistance of third-party forensic specialists. The investigation determined the employees’ email accounts were accessed without authorization between January 24, 2020 and February 18, 2020.Although the investigation was unable to determine whether personal information stored in the impacted email account had actually been viewed or removed by an unauthorized actor, Thomas Cuisine could not rule out the possibility of such activity. Therefore, in an abundance of caution, Thomas Cuisine performed a thorough and exhaustive review of the information stored within the impacted email accounts. On May 20, 2020, we determined that your personal information was present in one of the accounts.
Tandem Diabetes Care, Inc.
January 17, 2020 | Phishing
Abstract
On January 17, 2020, we learned than an unauthorized person gained access to a Tandem employee’s email account through a security incident commonly known as “phishing.” Once we learned about the incident, we immediately secured the account and a cyber security firm was engaged to assist in our investigation. Our investigation determined that a limited number of Tandem employee email accounts may have been accessed by an unauthorized user between January 17, 2020 and January 20, 2020.The Master’s Touch, LLC
October 23, 2019 | Website Compromise
Abstract
The Master's Touch, LLC provides eNoticesOnline.com, an online web portal for your property tax statements and assessments. On October 23, 2019, we fell victim to a malware attack when an unknown individual gained access to the server that manages our eNoticesOnline system, causing the system to crash. We quickly restored the server and blocked the intruder from future attacks on the system. We also engaged a computer forensics company to determine what, if anything, the intruder may have accessed. On November 19, 2019, we discovered that the computer forensic investigation confirmed there was no unauthorized removal of data files, but was unable to determine if the files had been viewed. Out of an abundance of caution, we are notifying you of this incident.The UPS Store, Inc.
October 11, 2019 | Phishing
Abstract
We recently determined that between October 11 and 22, 2019, a small percentage of local store locations were the victim of a phishing incident in which an unauthorized person potentially had access to a limited number of local store email accounts. Immediately upon learning of this, The UPS Store, Inc. initiated an investigation to assess the incident’s scope, including engaging a third-party cybersecurity firm, and have taken steps to further strengthen and enhance the security of systems in The UPS Store network, including updating administrative and technical safeguards. As part of the investigation, The UPS Store, Inc. reviewed the potentially affected accounts, and in early November, found personal information in those accounts. The personal information was contained in documents that were emailed to The UPS Store location for printing or similar services provided by those locations. You, or someone you know, may have emailed the document(s) containing personal information to the local store for this service. We are unaware of any misuse of your personal information in connection with this incident at this time.September 29, 2019 | Phishing
Abstract
Between approximately September 29, 2019 and January 13, 2020, a small percentage of The UPS Store, Inc. local store locations were the victim of a phishing incident in which an unauthorized person potentially had access to a limited number of local store email accounts. Immediately upon discovering this incident, The UPS Store, Inc. initiated an investigation to assess the incident’s scope, including engaging a third-party cybersecurity firm, and has taken steps to further strengthen and enhance the security of systems in The UPS Store, Inc. network, including updating administrative and technical safeguards. As part of the investigation, The UPS Store, Inc. reviewed the potentially affected accounts and found personal information in those accounts. The personal information was contained in documents that were emailed to the local store location for printing or similar services provided by those locations. You, or someone you know, may have emailed the document(s) containing personal information to the local store for this service. We are unaware of any misuse of your personal information in connection with this incident at this time.Tailored Brands, Inc.
October 10, 2019 | Phishing
Abstract
We recently concluded our investigation into an email phishing incident that targeted some of our employees. Upon discovering this activity, we promptly secured our environment and commenced an investigation with the assistance of a computer forensics firm. Our investigation determined that an unauthorized individual accessed some Tailored Brands employee email accounts between October 10, 2019 and January 28, 2020. However, the investigation was unable to determine which emails or attachments the unauthorized actor may have viewed or accessed.The City of Los Banos, California
September 23, 2019 | Laptop Stolen
Abstract
The City of Los Banos is committed to the privacy of individuals and takes the protection of personal information that is entrusted to us seriously. This commitment extends to notifying individuals if we believe the security or privacy of their information may have been compromised. In light of this, we are writing to make you aware of a recent data security incident that may have involved some of your personal information. We recently learned that a city-owned laptop containing personal information was stolen from an employee’s vehicle. While the laptop was password protected, its contents were unencrypted, and therefore it is possible that someone would be able to remove the data from the hard drive. We think this is unlikely, but wanted to notify you of the incident nonetheless.The Rodgers & Hammerstein Organization
September 09, 2019 | Website Compromise
Abstract
On September 9, 2019, RNH.com experienced a security incident wherein a malicious hacker exploited a security vulnerability on the RNH.com website in order to gain access to and download certain user online account information. Upon detecting the malicious activity, we immediately updated the website to remediate this vulnerability and prevent further exploits. At this time, there is no evidence to suggest that there has been any attempt to misuse any of the information. As a result of this incident, we have partnered with ID Experts to provide you this notification.Telecare Corporation
July 25, 2019 | Phishing
Abstract
In early August, Telecare became aware of a fraudulent email sent by imposters to our vendors/business contacts. The imposters pretended to be a Telecare employee and tried to trick recipients into changing Telecare’s bank account information. Our IT team became aware of this attempt within two hours of the fraud email being sent, and we immediately alerted our vendors/business contacts and authorities. As part of our investigation, we discovered one Telecare email account had been accessed by the unauthorized parties; this email box may have contained limited amount of Personal Information referenced in Telecare invoices.Torrance Memorial Medical Center
June 20, 2019 | Misconfiguration
Abstract
On January 6, 2020, Torrance Memorial was notified that a server used by its outside radiology vendor to receive radiological images from Torrance Memorial was unsecured and potentially accessible to unauthorized people. Upon receiving this notice, Torrance Memorial took immediate steps to investigate and address the issue.April 18, 2017 | Email Compromise
Abstract
On April 20, 2017, Torrance memorial Medical Center ("Torrance Memorial") discovered that it had experienced an email security incident that allowed access to two staff members email accounts which contained work-related reports. Torrance Memorial immediately launched an invetigation, which included working with third-party forensic investigators, to determine the full natur and scope of this incident. The investigation determined that perosnal information for certain individuals was present in some impacted emails. Based upon available forensic evidence, it appears these cyber attacks took place on April 18 and 19, 2017.Title Boxing, LLC
May 16, 2019 | Website Compromise
Abstract
After suspicious activity within our e-commerce server was identified, we immediately engaged external forensic investigators and commenced a prompt and thorough investigation into the incident. As a result of this review, we learned that certain customer credit and debit card information may have been obtained by an unauthorized party from our payment portal when purchases were made through our online store from May 16, 2019 through July 9, 2019 and on July 12, 2019. We do not store card data on our website; however, this data may have been scraped during the transaction. Purchases through our call center and store locations were not impacted by this incident.Treloar & Heisel, Inc.
May 13, 2019 | Laptop Stolen
Abstract
In May, 2019, a Treloar employee’s laptop was stolen from their car. Treloar immediately began an investigation to confirm the security of the laptop and to determine the nature and scope of the event. Further, Treloar immediately took steps to secure the information accessible on the laptop, including changing the employee’s password to email and other cloud-based storage systems.The Crucible
April 28, 2019 | Website Compromise
Abstract
Between April 28, 2019-February 27, 2020, malicious code on TheCrucible.org was skimming data inputted during checkout and saving it on an image file hosted on our site. This code was rendered inactive by updates to TheCrucible.org on February 27, 2020. Upon discovering the malicious code, it was immediately removed and we started a thorough investigation into how the skimmer worked to ensure that no other aspects of TheCrucible.org were compromised. We have reported this security incident to the California Department of Justice.The Union Labor Life Insurance Company
April 04, 2019 | Email Compromise
Abstract
On April 1, 2019, an unauthorized external user was able to access the Outlook email account of an employee of The Union Labor Life Insurance Company (the “Company”). The employee opened a link from a trusted, external business partner that included a login to what appeared to be a legitimate file sharing site. The link was in fact fraudulent and allowed access to the employee’s email account.June 22, 2017 | Email Compromise
Abstract
An unauthorized external user was able to briefly access the Outlook email account of an employee of The Union Labor Life Insurance Company (the “Company”) on June 22, 2017. The unauthorized user sent a spam email from the employee's email account to the employee's various personal and business contacts via email which appeared to be a legitimate email from the employee. The body of each email included either a Dropbox or two PDF documents that have links to malicious websites.February 17, 2014 | Laptop Stolen
Abstract
The incident arose from what may be the theft of a laptop from Union Labor Life's Silver Spring, Maryland offices. There is no evidence at this time that the data on the laptop has been accessed or acquired by a third party.Trusted Tours & Attractions, LLC
March 24, 2019 | Website Compromise
Abstract
On June 25, 2019, we were alerted to fraudulent activity occurring on certain payment cards that were used on our website. We commenced an investigation and discovered the presence of unauthorized code on the website. We immediately removed the code. The investigation determined that an unauthorized person added the code so that payment card information entered by purchasers on our e-commerce website was copied and sent to an external location. The code was present and active on the site between March 24, 2019 and June 27, 2019.The Guidance Center
March 15, 2019 | Email Compromise
Abstract
On March 25, 2019, TGC detected unusual activity within its digital environment. TGC immediately commenced an investigation upon discovering this activity, engaged independent cybersecurity experts for assistance, and took numerous steps to secure its systems. These cybersecurity experts ultimately discovered evidence of unauthorized access to a couple of email accounts belonging to certain employees of TGC. Upon learning of this, TGC engaged a data review firm to determine if the email accounts for which evidence of unauthorized access had been identified contained protected health information (“PHI”). On September 17, 2019, TGC learned that PHI belonging to some current and former clients was contained within the impacted accounts.The Hartford Life and Accident Insurance Company
February 07, 2019 | Insider Threat
Abstract
Hartford Life and Accident Insurance Company (The Hartford)[provides the group life insurance coverage you receive or have received as a current or former employee of [the company]][is a group benefits company that [company] consulted with regarding the purchase of group Long-term Disability insurance in [Year]]. [Through that life insurance coverage, we have record of your personal information.][The Hartford did not ultimately issue a group disability policy to [Company], but we did receive record of your personal information through that consultation process.] Recently, we learned that a former Hartford employee, who was authorized to access personal information as part of his job, retained access to your personal information for five days in February 2019 following termination of his employment.The Georgia Institute of Technology
December 14, 2018 | Website Compromise
Abstract
In late March 2019, Georgia Tech identified signs that an unauthorized person had found a way to send queries through a Georgia Tech web server to an internal database. Georgia Tech immediately implemented its incident response protocol, took steps to secure the web server, and began an investigation to determine what records in the database were accessed. The U.S. Department of Education was notified, and Georgia Tech set up a dedicated website on April 2, 2019 that shared its preliminary findings.The Topps Conpany, Inc.
November 19, 2018 | Website Compromise
Abstract
On December 26, 2018, Topps became aware of possible unauthorized access to the www.topps.com website. We launched an investigation with the assistance of an external security firm. On January 10, 2019, following the investigation, we confirmed that there was unauthorized access to the website, which may have resulted in access to or acquisition of payment card and other information that customers provided when placing orders through the website between November 19, 2018 and January 9, 2019. While we cannot confirm whether your personal information was accessed or acquired, the investigation confirmed that this was possible during the relevant time period.Tribune Publishing Company
November 01, 2018 | Unknown
Abstract
TBDBTyler Technologies, Inc.
October 08, 2018 | Misconfiguration
Abstract
We recently learned that a file containing a very limited set of usernames and passwords for tylertech.com accounts was inadvertently accessible via the “search” function on the tylertech.com website. Your username and password were in that file.Transamerica, including Transamerica Life Insurance Company and Transamerica Retirement Solutions, LLC
August 22, 2018 | User Error
Abstract
On August 22, 2018, one of our employees inadvertently sent an email with an attachment containing some of your personal information to Transamerica clients not associated with your retirement plan. We have received written confirmation from all recipients that the information was deleted, and we have no evidence or other reason to believe that the information was misused in any way. The affected information included your name, Social Security number, retirement plan name and plan number referenced above, hire date, and contribution percentages.March 01, 2017 | Account Compromise
Abstract
We recently discovered unauthorized access to your retirement plan online account information available through the Transamerica Retirement Solutions website that may have occurred between March, 2017 and January, 2018. Please note that most individual accounts were accessed only once or at limited points in time during this time frame. We found no evidence of a compromise of Transamerica’s network and systems, but unauthorized parties used compromised third-party user credentials to log into Transamerica systems and access your account information.January 03, 2017 | Account Compromise
Abstract
We recently discovered unauthorized access to your retirement plan online account information available through the Transamerica Retirement Solutions website that may have occurred between January and August of 2017. We found no evidence of a compromise of Transamerica Retirement Solutions’ networks or systems, but unauthorized parties used compromised third-party user credentials to log into Transamerica systems and access your account information.The Crack Shack Enterprises, LLC
August 19, 2018 | Malware
Abstract
? THE CRACK SHACK was alerted to unusual activity relating to payment cards that may have been used at THE CRACK SHACK Encinitas, California location. THE CRACK SHACK immediately began working with law enforcement and third-party forensic investigators to investigate this activity. Through this investigation, it was discovered that payment card information may have been accessed as a result of the installation of malware on a server used to process payment card data at the Encinitas location.Timepieces International Inc.
August 15, 2018 | Website Compromise
Abstract
On Friday 26th April we discovered an in-progress attack on our web store that potentially gained access to customer transaction data between the dates 15th August 2018 and 26th April 2019. As soon as we were aware we immediately took steps to halt and defend against this and have reported the situation to authorities. The information which may have been exposed includes:TravisMathew, LLC
August 13, 2018 | Website Compromise
Abstract
On September 24, 2018, we received information about possible unauthorized access to our website (www.travismathew.com). We immediately began an investigation with the assistance of a leading computer security firm. We also contacted law enforcement to report the incident. The investigation revealed that an unauthorized user changed our website’s checkout page to collect certain customer information without authorization.Travis Credit Union
July 16, 2018 | Skimming
Abstract
Travis Credit Union values and respects your privacy, which is why we are writing to advise you about a recent incident that may affect your personal information, explain the steps that we have undertaken since discovering the incident and provide you with guidance on what you can do to protect yourself, should you feel it is appropriate to do so.T3 Micro Inc.
July 13, 2018 | Website Compromise
Abstract
On or about March 14, 2019, T3 Micro began investigating suspicious activity occurring on their online e-commerce website, www.t3micro.com. T3 Micro immediately began working with third-party forensic investigators to determine what happened and what information was affected as well as to implement additional procedures to further protect the security of customer debit and credit cards. You can safely and securely use your payment card at our website.TaskRabbit, Inc.
April 11, 2018 | Server Compromise
Abstract
On April 12, 2018, we learned that an unauthorized party gained access to our systems. We immediately hired an outside forensics firm to investigate the incident. We also promptly informed, and continue to work with, law enforcement. On April 13, 2018, we learned that some of your information may have been compromised as a result of the incident. We emailed users shortly thereafter, alerting them of this incident and providing steps the community could take to protect themselves, while we continued to investigate.The Information and Referral Federation of Los Angeles County, Inc., d/b/a 211 LA County
March 14, 2018 | Misconfiguration
Abstract
An outside security firm recently advised us that a database we use to record call information was accessible over the internet. Upon learning of this, we immediately initiated an internal review and reconfigured and restricted external access to the information. We also hired a leading computer security firm to help determine how this happened and the extent of the incident.The Tax Specialists, Inc.
March 01, 2018 | Unknown
Abstract
TBDBTravCorp USA, Inc. d/b/a The Travel Corporation
February 26, 2018 | Unknown
Abstract
TBDBThe International Mission Board
February 14, 2018 | Network Compromise
Abstract
On April 11, 2018, we discovered unusual activity in our IT network and detected an unknown criminal actor that had accessed a data file within our system. This data file included information provided by you as part of the initial application process to serve with IMB as field personnel, volunteer, or home office staff. We immediately terminated the unauthorized access and implemented measures to secure our network. In addition, we launched a thorough investigation, with the help of leading independent data forensics experts, to determine what information may have been accessed by the criminal actor.Title Nine Sports, Inc.
December 28, 2017 | Third Party
Abstract
Annex Cloud provides a service that enables individuals to use their user name and password from social media and other websites, like Facebook and Google, to login to merchants’ websites, including www.titlenine.com. Annex Cloud recently informed Title Nine that they had detected and removed unauthorized code that had been inserted into Annex Cloud’s systems that operate its login application. In its report, Annex Cloud identified four periods of time when the unauthorized code was present and could have captured information entered during the checkout process on our website. We removed Annex Cloud’s code from our website and mailed letters to those customers to let them know what occurred.Thesy, LLC
December 06, 2017 | Website Compromise
Abstract
On September 20, 2018, we discovered that a third-party intruder inserted malicious codes into our website’s e-commerce software platform creating a window of intrusion between December 6, 2017 and June 27, 2018 wherein personal information of our customers may have been accessed. We immediately conducted an investigation into this matter wherein the breach was contained on June 27, 2018 and the malicious code was removed from our e-commerce platform and vulnerabilities were mitigated.Titan Manufacturing and Distributing Inc.
November 23, 2017 | Malware
Abstract
Titan has confirmed through an IT security expert that its computer system has been compromised by malware that could have been present from approximately November 23, 2017 until October 25, 2018.The Affiliated Group
November 20, 2017 | Phishing
Abstract
On or about March 28, 2018, we at The Affiliated Group (“TAG”), confirmed that an earlier phishing email incident in November 2017 involving TAG resulted in unauthorized access to one TAG employee email account. Upon learning of the phishing email incident, we immediately disabled the account and reset all account passwords. Thereafter, we worked with third-party forensic investigators to determine what happened and whether sensitive information may have been accessible. With the assistance of the investigators, we learned that an unauthorized person gained access to the one TAG employee email account. Unfortunately, the investigation was unable to determine which emails, if any, were specifically accessed as a result of this incident. The only confirmed unauthorized activity identified was the use of the account to send phishing emails in an attempt to obtain user credentials. Since the investigation was unable to rule out access to any specific email or attachment, we undertook a programmatic and manual review of the contents of the account.Tommie Copper Inc
November 10, 2017 | Website Compromise
Abstract
Tommie Copper was recently contacted by representatives of the credit card industry regarding potential fraud related to credit cards used on our website. We immediately launched an internal investigation and hired a third party forensic investigator. On or about June 1, 2018, the forensic investigator confirmed that a piece of malware had been inserted into our website that collected certain payment information used at checkout.The Prudential Insurance Company of America
November 09, 2017 | Third Party
Abstract
Prudential is the administrator of your <<ClientDef1(Company Name)>> variable annuity contract. An electronic file containing your personal information was inadvertently sent by a vendor of Prudential, to a corporate client of that vendor. Although this client ordinarily receives personal information through the normal course of business for its own customers, it was not authorized to receive <<ClientDef1(Company Name)>> variable annuity contract holder personal information. The client who received your information immediately reported the error and has confirmed that the file containing your information was not viewed and was deleted without additional distribution.December 13, 2012 | User Error
Abstract
A Prudential associate made a clerical error and inadvertently emailed a document containing information relating to your insurance relationship with us, including your name, address, date of birth, Social Security number, and salary information, to another individual at Unisys. This occurred on December 13, 2012.talentReef, Inc.
October 16, 2017 | Email Compromise
Abstract
On November 29, 2017, it was discovered that an unauthorized individual may have gained access to an employee’s email account which had messages containing some of your personal information. At the time of discovery, we immediately reset account passwords and began an investigation utilizing the services of a third party forensic investigation firm to determine the scope of the incident.TradeMotion
October 13, 2017 | Website Compromise
Abstract
TradeMotion was notified by a small number of consumers that they had experienced fraudulent credit card charges after using such card on Parts.com. We promptly began efforts to investigate these reports. After undertaking an investigation, we concluded that an unauthorized individual or group extracted personal information by using compromised account credentials. Specifically, our investigation concluded that the unauthorized person or group was able to extract payment card information on five separate occasions between October 2017 and May 2018.Tuskegee University
September 24, 2017 | Email Compromise
Abstract
On March 12, 2018, Tuskegee became aware of suspicious activity regarding faculty and staff email accounts. We immediately began an investigation to confirm the security of our network and to determine the nature and scope of this event. With the assistance of third-party forensic investigators, we learned Tuskegee was the victim of an email phishing attack which resulted in unauthorized access to certain faculty and staff email accounts between September 24, 2017 and March 22, 2018. Based upon available forensic evidence, it appears an email containing your personal information was subject to unauthorized access. To date, we have no evidence of actual or attempted misuse of information. We are notifying you in abundance of caution since this information was present in the impacted email accounts.Temp-Tations Home LLC d/b/a “Tara at Home”
August 01, 2017 | Account Compromise
Abstract
On December 12, 2017, we were notified by the vendor that hosts our e-commerce system, including the www.tarahome.com website, that an unknown third party had compromised individual online user accounts. We immediately began an investigation and took prompt action to address and stop the unauthorized activity.TRUEbenefits LLC
May 18, 2017 | Phishing
Abstract
A phishing email was sent from the email account of an employee of TRUEbenefits on May 19, 2017, without the employee’s knowledge. When we determined that the email was sent illegitimately to perpetuate the phishing scheme, we immediately secured the employee’s email account, began an investigation, and engaged a leading forensic firm. We conducted a thorough review of the employee’s email account and determined on June 26, 2017, that an unauthorized person had access to the employee’s email account.Taylor-Dunn Manufacturing
April 26, 2017 | Malware
Abstract
On January 24, 2018, we identified unauthorized access in the form of cryptomining malware on the server that contains our online customer care and dealer centers at https://www.taylor-dunn.com. We immediately terminated the access and hired a leading cyber security firm to help us investigate the incident. On February 15, 2018, we determined that a file containing information you provided when you registered for the Taylor-Dunn customer care or dealer center may have been accessed.Tommie Copper Inc.
April 25, 2017 | Website Compromise
Abstract
Tommie Copper was recently contacted by representatives of the credit card industry regarding potential fraud related to credit cards used on our website. We immediately launched an internal investigation and hired a third party forensic investigator. On August 24, 2017, the forensic investigator confirmed that a piece of malware had been inserted into our website at checkout that collected certain payment information used at checkout. We then immediately began efforts to remove this malware from our checkout site.The International Council of Shopping Centers
March 24, 2017 | Website Compromise
Abstract
On August 18, 2017, we received a report regarding payment card activity that caused us to investigate and subsequently identify unauthorized computer code that was added to the code that operates the checkout page of www.icsc.org. We immediately removed the code and hired a leading cybersecurity firm. Findings from the investigation indicate that the code may have been present and capable of capturing information entered during the checkout process from March 24, 2017 to August 18, 2017.TCM Bank, N.A. (“TCM Bank”)
March 15, 2017 | Third Party
Abstract
TCM Bank, N.A. (“TCM Bank”) values and respects your privacy, which is why we are writing to make you aware of a recent incident that may affect your personal information. Although we have no reason to believe that your personal information has been misused for the purpose of committing fraud or identity theft, we are writing to advise you about the steps that we have taken to address the incident and provide you with guidance on what you can do to protect yourself.Tech Rabbit LLC
February 22, 2017 | Website Compromise
Abstract
On August 8, 2018, after an external forensics investigation conducted in accordance with our obligations under the Payment Card Industry Data Security Standards, and in collaboration with our credit card processor and the major credit card brands, Tech Rabbit confirmed an unauthorized individual gained access to the company’s online product order system. The intruder viewed or stole a subset of customer payment records for purchases made on the Tech Rabbit website. According to the forensics investigation, the unauthorized access was made possible through the use of malicious software in a variety of attacks that took place between February 22, 2017, and May 22, 2018.The University of New Mexico Foundation
February 16, 2017 | Network Compromise
Abstract
In mid-April, 2017, we discovered that an unauthorized individual had gained access to our network through an account with our security services provider. This unauthorized individual may have had access to certain systems that contained personal information of our donors. While our investigation is ongoing, we are providing this notice out of an abundance of caution to alert you to the incident because information about you was available through the affected system.Toys “R” Us-Delaware, Inc.
January 17, 2017 | Account Compromise
Abstract
The vendor who manages our Rewards“R”Us loyalty program recently advised us of unauthorized attempts to access Rewards“R”Us loyalty member accounts. It appears this was an effort to fraudulently redeem Rewards coupons beginning in November. We expect this activity is related to previously reported online breaches, not affiliated with Toys“R”Us, where thieves stole login names and passwords. This may be because the thieves know that users tend to have the same password across multiple accounts.January 28, 2015 | Account Compromise
Abstract
Toys"R"Us has many layers of account security in place to keep your Rewards"R'Us account balance and other profile information safe. Recently, because of mechanisms in place to alert us to potential efforts to overcome that security, we identified an attempt to gain unauthorized access to a small percentage of Rewards"R"Us accounts from 1/28/15-1/30/15. We suspect this activity was due to large breaches at other companies (not Toys"R"Us), where user login names and passwords were stolen and then used for unauthorized access to other accounts, such as Rewards"R"Us accounts where a user may use the same login name and/or password. It appears that your Rewards"R"Us account may have been accessed during this time frame by individuals who may have obtained your account password from another source or successfully guessed it. Out of an abundance of caution, we are therefore treating your account password as compromised and taking appropriate steps to address that situation.Tatcha, LLC
January 08, 2017 | Website Compromise
Abstract
During the early part of 2017, an unauthorized person may have gained access to information keyed into the Tatcha checkout process. While Tatcha does not store credit card information on its systems, the intruder was potentially able to capture information as it was entered. Tatcha learned of the incident in mid-April 2017.The Honest Kitchen, Inc.
November 30, 2016 | Network Compromise
Abstract
We recently discovered that The Honest Kitchen experienced an unauthorized network intrusion. As a result of this intrusion, some customers’ information was exposed. Based on our investigation to date, we believe unauthorized access was gained to our network on November 30, 2016. The protection of our customers’ personal information is incredibly important to us. Upon discovering this attack, we took immediate action to protect customer information.The Boeing Company
November 21, 2016 | Insider Threat
Abstract
Boeing recently discovered that a company employee sent an email containig personal information of other employees to his non-Boeing spouse on Nov. 21, 2016. During Boeing's investigation, the employee stated that he sent a spreadsheet with the personal information to his spouse for help with a formatting issue. He did not realize the spreadsheet included sensitive personal information because that information was contained in hidden columns. We have taken steps to ensure that any copies of the spreadsheet have been destroyed, including a forensic examination of both the Boeing employee's computer and the spouse's computer to confirm that any copies of the spreadsheet have been deleted. Both the employee and his spouse have confirmed to us that they have not distributed or used any of the information.TSYS Merchant Solutions
November 14, 2016 | User Error
Abstract
On November 14, 2016, the TIN Mismatch file that included your information was sent to the ISO that processes your transactions. A representative of a TSYS partner bank was inadvertently copied on the email. The result of this error was that your merchant information was accessible to this bank representative.The California Department of Corrections and Rehabilitation
October 28, 2016 | User Error
Abstract
On Friday, October 28, 2016, at approximately 11:00 a.m., the Confidential Alpha Roster (MIRS report) that contains all staff names, social security numbers, dates of birth, and other non-confidential data such as classification, tenure, and time base had been saved in a none-secure location, accessible to all FSP Staff.The LANG Companies, Inc.
September 01, 2016 | Website Compromise
Abstract
On October 12, 2016, we learned that unauthorized individuals installed malicious software on the computer server used to process credit card transactions at www.LANG.com. Based on our investigation, we believe that customers who placed an order on our website from September 1, 2016 to October 19, 2016, may have had information associated with the order transmitted outside of our system.The Roosevelt Hotel New York
August 10, 2016 | Third Party
Abstract
Sabre Hospitality Solutions is a company that helps book reservations at the hotel through call centers, travel agencies, online reservation portals, and similar booking services. Sabre informed us that an unauthorized party gained access to Sabre’s central reservations system. Specifically, Sabre’s investigation determined that, between August 10, 2016 and March 9, 2017, the unauthorized party was able to view credit card summary pages for certain hotel reservations, including yours, processed through Sabre’s system. We first learned of the incident on July 12, 2017.The Bicycle Casino Hotel
August 10, 2016 | Third Party
Abstract
Sabre Hospitality Solutions is a company that helps book reservations at the hotel through call centers, travel agencies, online reservation portals, and similar booking services. Sabre informed us that an unauthorized party gained access to Sabre’s central reservations system. Specifically, Sabre’s investigation determined that, between August 10, 2016 and March 9, 2017, the unauthorized party was able to view credit card summary pages for certain hotel reservations, including yours, processed through Sabre’s system. We first learned of the incident on July 12, 2017.The Domain Hotel
August 10, 2016 | Third Party
Abstract
Sabre Hospitality Solutions is a company that helps book reservations at the hotel through call centers, travel agencies, online reservation portals, and similar booking services. Sabre informed us that an unauthorized party gained access to Sabre’s central reservations system. Specifically, Sabre’s investigation determined that, between August 10, 2016 and March 9, 2017, the unauthorized party was able to view credit card summary pages for certain hotel reservations, including yours, processed through Sabre’s system. We first learned of the incident on July 12, 2017.The Sandman Santa Rosa
August 10, 2016 | Third Party
Abstract
The Sabre SynXis Central Reservations system (CRS) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following a forensic investigation, Sabre notified us on June 6, 2017, that an unauthorized party gained access to their systems and was able to view some reservation information for a subset of hotel reservations that Sabre processed on behalf of Sandman. The investigation determined that the unauthorized party was able to access payment card information on Sabre’s system between August 10th 2016 and March 9, 2017. Please note that no Sandman computer or network systems were affected in any way by this incident.Two Roads Hospitality, LLC
August 10, 2016 | Third Party
Abstract
The data incident occurred at Sabre Hospitality Solutions, a technology company that offers reservation systems and other services to thousands of hotels, online travel agencies, and similar booking services, including properties across the Two Roads Hospitality portfolio. Sabre’s SynXis Central Reservations system (CRS) is the reservations system that guests interact with when making reservations at properties managed by Two Roads Hospitality companies, including Joie de Vivre Hotels, Thompson Hotels, and Destination Hotels. Please note that none of these hotel properties’ computer or network systems were affected by this incident.Trump Hotels
August 10, 2016 | Third Party
Abstract
The Sabre SynXis Central Reservations system (CRS) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following an investigation, Sabre notified us on June 5, 2017 that an unauthorized party gained access to account credentials that permitted access to payment card data and certain reservation information for some of our hotel reservations processed through Sabre’s CRS.The Topps Company, Inc.
July 30, 2016 | Website Compromise
Abstract
On Octover 12, 2016, Topps became aware that one or more intruders gained unauthorized access to its website. Topps immediately launched an investigation and determined that the intruders may have gained access to payment card and other data that customers entered when placing orders through the website.The Credit Pros international
July 9, 2016 | Third Party
Abstract
We use an online storage service for documents we receive from our clients. We recently learned that when the service was built by our vendor, the service allowed unauthenticated access requests. Upon discovering this, we immediately took steps to change the access settings for the service, a security firm was engaged, and a thorough investigation was conducted. Findings from the investigation showed unauthenticated access to files stored in the service, in relatively small amounts, from July 9, 2016 through December 2019, and then a period of concentrated unauthenticated request activity from December 12, 2019 and December 15, 2019. Because we could not identify who made these requests, we reviewed the files associated with the requests to identify the information they contained. On June 30, 2020, we identified that one or more of these files contained some of your information.Toyota Motor Credit Corporation
June 28, 2016 | Email Compromise
Abstract
On June 28, 2016, a TFS associate mistakenly emailed a spreadsheet containing customer information to her personal email account. The email was sent using an encrypted transmission method. This incident was discovered on June 28, 2016.August 05, 2015 | Email Compromise
Abstract
On August 5, 2015, an unencrypted email containing customer information was sent to a TFS vendor partner authorized to perform computer system enhancements. The email contained the following information associated with your account: name, TFS account number, bank account number and bank routing number.Tribune Media
April 04, 2016 | Database Compromise
Abstract
We are writing to notify you that a breach of security of your personal information occurred on April 4, 2016. We learned that there was a hack into our database for the ProSportsDaily Forum website, which means that your account password to the ProSportsDaily Forum, despite encryption, may have been compromised.The Paper Works
March 30, 2016 | Laptop Stolen
Abstract
We were the victim of an office break in on March 30, 2016. Among the items stolen were a laptop and a computer tower containing sensitive customer information. This information includes name, address and social security number information for you, as well as any spouse and dependents that may be listed on your tax filing.The Whiting-Turner Contracting Company (“Whiting-Turner”)
March 08, 2016 | Third Party
Abstract
Whiting-Turner uses an outside vendor to provide tax filing and information services, including preparation of our employees’ W-2 and 1095 tax forms. On March 8, 2016, this vendor notified us they had detected suspicious activity on their systems. We also received reports around that time from some of our employees regarding fraudulent tax filings in their names. In response, we immediately shut down the ability for users to access the information on the outside vendor’s systems and began an investigation to determine whether any Whiting-Turner employee information was accessed by an unauthorized individual. Our investigation is ongoing, and we have not yet confirmed whether any Whiting-Turner information was subject to unauthorized access on the outside vendor’s systems.Turner Construction Company
March 02, 2016 | Email Compromise
Abstract
On March 2, 2016, certain personal information was disclosed in an email to an unauthorized recipient. We immediately began investigating and engaged third party experts to assist us with this response. Subsequently, we determined that your personally identifiable information was disclosed in this email to an unauthorized recipient.The Brickman Group, Ltd. LLC
February 03, 2016 | Phishing
Abstract
On February 3, 2016, an unknown, unauthorized person sent a phishing email requesting that they be provided with specific personal information of our team members (e.g., Social Security number and date of birth). A document that included the personal information of all active team members on our legacy Brickman payroll system was sent to the unknown party in response. This incident was not the result of an intrusion into our computer systems or network. BrightView continues to actively investigate the matter.TALX Corporation, a wholly owned subsidiary of Equifax, Inc.
January 04, 2016 | Account Compromise
Abstract
TALX provides payroll-related services for Allegis, your current or former employer, that you are able to access through TALX’s online portal available at www.mytaxform.com or https://PaperlessPay.TALX.com/allegis (“online portal”). We recently discovered that an unauthorized third-party(ies) accessed the accounts of certain employees during various time periods from January 4, 2016 through March 29, 2017. Upon learning of the unauthorized access, TALX and Allegis worked together promptly to understand what happened, and determined that, in some instances, the unauthorized third-party(ies) successfully answered personal questions about the affected employees in order to reset the employees’ PINs (i.e., the password to access the online portal).The Neiman Marcus Group
January 01, 2016 | Account Compromise
Abstract
Neiman Marcus has detected that, in January 2016, unauthorized individuals began attempting to try various login and password combinations using automated attacks on our mobile app environment. We suspect this activity was due to large breaches at other companies (not associated with Neiman Marcus), in which user login names and passwords were stolen. Once the unauthorized individuals were able to access the mobile app environment, the intruders were able to access customer names, address information, phone numbers, the last four digits of the customer’s credit card number, credit card expiration date, and gift card information, including account number. They were not able to view full credit card numbers. Unfortunately, your mobile app account was one of the accounts accessed by these unauthorized individuals.December 26, 2015 | Account Compromise
Abstract
On or about January 17, 2017, unauthorized individuals began attempting to access our InCircle, Neima Marcus, Bergdorf Goodman, last Call, CUSP, and Horchow websites (collectively the "NMG websites") by trying various login and password combinations using automated attacks. We suspect this activity was due to large breaches at other companies (not associated with NMG websites), in which user login names and passwords were stolen. The intruders were able to access customers' names, basic contact information, email addresses, purchase history, but only the last four digits of payment card numbers. For InCircle online accounts, the accessible information also included customers' gift card numbers and "Circle Level." At present, all indicateions are that the InCircle and Neiman Marcus Group database of customer email addresses and passwords remains safe, and that our cyber defenses repelled the majority of the attacks.TN Marketing
November 24, 2015 | Website Compromise
Abstract
On or around January 13, 2016, TN Marketing discovered evidence of a potential vulnerability in the code used for the checkout pages of the e-commerce pages managed by TN Marketing. We moved quickly to investigate this vulnerability after it was discovered and to determine what, if any, impact this vulnerability had on our customers. Third party forensic investigators were retained to assist with the investigation.The Madison Square Garden Company
November 09, 2015 | Network Compromise
Abstract
When MSG was notified that payment card issuing banks identified a transaction pattern indicating a potential data security concern, MSG immediately commenced an investigation and engaged leading computer security firms to examine its network. In the last week of October 2016, as soon as the investigation found signs of external unauthorized access, MSG worked with the security firms to stop it and to implement enhanced security measures.TaxSlayer
October 10, 2015 | Account Compromise
Abstract
As a result of ongoing security reviews, TaxSlayer identified on January 13, 2016 that an unauthorized third party, whom we believe obtained your username and password from another online service, may have accessed your TaxSlayer account between 10/10/2015 and 12/21/2015. In order to protect your account, we have temporarily disabled access. You will need to reset your password via the “forgot password” utility on the login page and authenticate yourself via multi-factor authentication. We have no evidence indicating that the technical security of TaxSlayer systems has been compromised.T-Mobile USA, Inc.
September 14, 2015 | Server Compromise
Abstract
On September 15, 2015, we discovered that an unauthorized party accessed certain Experian servers. We immediately began to investigate the incident and to implement additional security measures.T-Bird Restaurant Group, Inc.
August 06, 2015 | Computer Stolen
Abstract
The incident involved a break-in at the Outback Steakhouse in Northridge, California on the evening of August 6, 2015. Please note that the Outback Steakhouse in Northridge is an independently owned franchise managed by T-Bird Restaurant Group, Inc. Computer equipment, including the restaurant’s point of sale computer terminal and back office computer, was stolen and the thief or thieves attempted to steal the restaurant’s safe.Trustmark Mutual Holding Company
May 13, 2015 | Misconfiguration
Abstract
On May 13, 2014, our automated billing e-mail system generated and sent encrypted e-mails to certain insurance carrier clients. While each encrypted email should have contained a single file with information related to each carrier's insureds, on May 14, 2015, we discovered that a software error resulted in each carrier receiving file attachments for all of the carriers instead of just the one file related to their to their own insureds.Turley Wine Cellars
April 01, 2015 | Third Party
Abstract
Missing Link informed us that they experienced a breach by an unknown intruder that may have involved access to customer names, credit/debit card numbers, related payment addresses and dates of birth.Tulare County Health & Human Services Agency
March 19, 2015 | Insider Threat
Abstract
On March 19, 2015, it was discovered that an employee from HHSA emailed approximately 845 patients from the Visalia and Farmersville clinics; recipients were not blind copied, and the email was not encrypted. We have not received any indication that the information has been accessed or used by an unauthorized individual, but all affected Patient Portal accounts have been disabled to prevent any unauthorized access.The Wonderful Company LLC (formerly Roll Global LLC)
February 27, 2015 | Laptop Stolen
Abstract
Roll engaged HUB to provide risk management services related to its workers’ compensation insurance program. On February 27, 2015, a HUB employee supporting these services had his password-protected laptop stolen from his locked car. HUB immediately began to investigate and recreate any unencrypted information that might have been accessible from the laptop’s hard drive. Through this process, we were able to ascertain by March 12, that the laptop contained data that included your name and certain information that is commonly needed to assess workers’ compensation premiums and claims (e.g., the date on which you made a workers’ compensation claim, the claim number, brief accident and injury descriptions and compensation amounts related to the claim). We are in the process of taking steps to reduce the likelihood of such an event occurring again. Unfortunately, your social security number does appear to have been included in the data associated with your claim information.Tim McCoy & Associates (DBA NEAT Management Group)
August 27, 2014 | Laptop Stolen
Abstract
We are writing to inform you that a laptop belonging to one of our software programmers was stolen on August 27, 2014. Unfortunately, we believe the stolen computer contained your personal information, including your name, social security number, date of birth, telephone number, ...Trump Hotel Collection
May 19, 2014 | Breach
Abstract
On behalf of our client, The Trump Hotel Collection (”THC”), and as a precaution, we are providing notice of a security incident possibly affecting certain individuals who made payment card purchases at Trump International Hotel & Tower Las Vegas, located at 2000 Fashion Show Drive, Las Vegas, NV, 89109 (the “Hotel”). Although an independent forensic investigation has not conclusively determined that any particular customer’s payment card information was taken from the Hotel’s payment card system or misused as a result of the incident, we are providing this notice out of an abundance of caution to inform potentially affected customers of the incident and to call their attention to some steps they may choose to take to help protect themselves.Touchstone Medical Imaging, LLC
May 09, 2014 | Misconfiguration
Abstract
On May 9, 2014, we became aware that a seldom-used folder containing patient billing information relating to dates prior to August 2012 had inadvertently been left accessible via the internet. Upon learning this, we immediately secured the folder and removed it from public view. We also began an internal investigation which initially led us to believe that the patient information in the folder was not readable. However, on September 5, 2014, we obtained new information that suggested that the patient information may have been readable and included your name, date of birth, address, telephone number, Social Security number, health insurer name, radiology procedure and diagnosis. Your medical records were not included.The Metropolitan Companies, Inc.
April 21, 2014 | Computer Compromise
Abstract
On April 21, 2014, our IT department discovered that an unauthorized third party may have accessed our computer systems and potentially removed documents. As soon as we discovered this situation, we removed all access to the systems, and engaged outside data forensics experts to conduct an extensive investigation. Through a complex review process, we determined that information, including your name, address, phone number, email address, Social Security number, date of birth, past education and work history, and certain financial information may have been accessed without authorization. This letter contains information about steps you can take to protect your information, and resources we are making available to help you.The UPS Store, Inc. on behalf of 51 franchised center locations
January 20, 2014 | Malware
Abstract
The UPS Store, Inc. (“The UPS Store”), among many other U.S. retailers, recently received a government bulletin regarding a broad-based malware intrusion targeting retailers in the United States. Upon receiving the bulletin, we retained an IT security firm and conducted a review of our systems and the systems of our franchised center locations. We discovered the malware present at 51 locations in 24 states (about 1%) of 4,470 franchised center locations throughout the United States. As part of our response to this incident, we have implemented various system enhancements and antivirus updates.The Freeman Company
January 20, 2014 | Misconfiguration
Abstract
Unfortunately, due to an unprecedented error that occurred on or around January 20, 2014 with the mail vendors technology, we have learned that some employees may have received a W2 belonging to another Freeman employee. A glitch in the mail vendors' technology caused the barcode to input the incorrect barcode on the envelopes. These barcodes are read by the United States Postal Service and delivered based on the barcode - not on the actual name and address showing through the window on the envelope.Test Effects, LLC
December 24, 2013 | Website Compromise
Abstract
On July 1, 2014, we learned that unauthorized individuals or entities installed malicious software on our Website computer server and took payment card data. We believe the malware could have compromised the payment card data of visitors that made purchases through the Website between December 24, 2013 and January 19, 2014, including name, ...The Lifetime Healthcare Companies, including its affiliates Excellus BlueCross BlueShield, Lifetime Health Medical Group, Lifetime Benefit Solutions, Lifetime Care, The MedAmerica Companies, and Univera Healthcare
December 23, 2013 | System Compromise
Abstract
On August 5, 2015, we learned that cyber attackers had executed a sophisticated attack to gain unauthorized access to our information Technology systems. Our investigation further revealed that the initial attack occurred on December 23, 2013.Target Corporation
November 27, 2013 | Unauthorized Access
Abstract
We wanted to make you aware of unauthorized access to Target payment card data. The unauthorized access may impact guests who made credit or debit card purchases in our U.S. stores from Nov. 27 to Dec. 15, 2013. Your trust is a top priority for Target, and we deeply regret the inconvenience this may cause. The privacy and protection of our guests’ information is a matter we take very seriously and we have worked swiftly to resolve the incident.TechMedia Network
October 04, 2013 | System Compromise
Abstract
On November 20, 2013, Techmedia Network detected an unauthorized intrusion into its systems that may have allowed access to your name, mailing address, email address, phone number, credit card number, expiration date, and CVV security codes. In addition to our ongoing internal investigation, we are working with law enforcement to further investigate the unauthorized intrusion into TechMedia systems.TJG, Inc. d/b/a Target Marketing
May 14, 2013 | Website Compromise
Abstract
On approximately May 14, 2013, an unauthorized third party obtained access to TJG, Inc. d/b/a Target Marketing (“Target Marketing”)’s online e-commerce platform, and obtained certain personal information associated with recent purchases on the site. This information included your name, email, address, credit / debit card number, expiration date, and CVV code.The Fisherman’s Restaurant
May 03, 2013 | User Error
Abstract
On September 23, 2013, Radiant learned that certain personal information concerning employees of The Fisherman’s Restaurant had been erroneously transmitted over a period of time to another Radiant Systems restaurant customer. These data transmissions took place from approximately May 3, 2013 through September 24, 2013. You are among the employees whose information was mistakenly transmitted to the other customer.Tomren Wealth Management
March 06, 2013 | Server Compromise
Abstract
We recently discovered that, between February 21 and March, 6, 2013 , a server containing information about you was accessed by an unauthorized third party.The Finish Line, Inc.
January 11, 2013 | Laptop Stolen
Abstract
On January 11, 2013, the laptop of a Finish Line employee was stolen from the employee’s secured personal vehicle. Upon discovering the theft, it was reported to local law enforcement. Finish Line commenced an internal investigation into the incident to determine what data was stored on the laptop at the time of the theft. Finish Line retained independent, third-party forensic experts Navigant Consulting, Inc. (“Navigant”) to assist with this investigation. Navigant concluded its investigation on February 17, 2013. At that time, Navigant determined that a file containing your Social Security number, and name, as well as other information relating to your employment, was stored on the laptop at the time of the theft.The J.M. Smucker Company
December 23, 2012 | Website Compromise
Abstract
We deeply regret that we are contacting you today to inform you of an incident that resulted in the illegal and unauthorized access to data files within our Online Store. Unfortunately, we believe the unauthorized user may have obtained access to certain personal information, including ...Thorlo
November 14, 2012 | Unauthorized Access
Abstract
You may obtain a copy of your credit report or request information on how to place a fraud alert or security freeze by contacting any of the national credit bureaus below. It is recommended that you remain vigilant for incidents of fraud and identity theft by reviewing credit card account statements and monitoring your credit report for unauthorized activity.Talk Fusion
October 18, 2012 | Database Compromise
Abstract
On December 13, 2012, we learned that our customer databases were criminally intruded upon and that personal information was compromised. Although we are still investigating the incident, we believe that the information involved included your name and Social Security Number; [payment account number, expiration date and security code imprinted on the card;]1 and possibly also your address, telephone number, mother’s maiden name and date of birth. This attack has been reported to the proper financial and law enforcement authorities.The Pennsylvania State University, College of Engineering
September 04, 2012 | System Compromise
Abstract
In late November 2014, the Federal Bureau of Investigation provided a victim notification report to Penn State relating to suspicious cyber activity directed at certain systems and computers in the College of Engineering, Penn State immediately launched a comprehensive internal investigation into the FBI's report and retained leading third-party computer forensic experts to assist in the investigation.TLO, LLC
August 20, 2012 | System Compromise
Abstract
TLO is a data solutions provider, providing investigative and risk management tools to law enforcement, government agencies and private-sector organizations for due diligence, threat assessment, identity authentication, fraud prevention and detection, legislative compliance, and debt recovery purposes. On January 15, 2013, we discovered potential fraudulent access to our system. The individual accessed a limited set of information which may have included information about you, including your name, Social Security number and/or driver’s license number, through what we now believe was a fraudulent account. There was limited access to information beginning in August of 2012, with the majority of access through this account occurring in January, 2013. Upon discovering the fraudulent access, we immediately terminated access and we worked with law enforcement to identify and locate the individual. Law enforcement asked that we delay our notification to you so as not to interfere with their investigation. The individual has been arrested and his operation has been shut down. To date, no misuse of information has been reported to us or, to our knowledge, law enforcement. Law enforcement has lifted its hold request, which is why we are notifying you at this time.Transcend Capital LLC
August 20, 2012 | Server Compromise
Abstract
I am writing to inform you of a data breach that affected 236 clients in your state that took place the week August 20, 2012. An unknown computer hacker breached a data server located in our Austin, Texas branch office. Transcend Capital takes the security of our client data extremely seriously, and as such has taken steps to mitigate any risk to clients concerning this breach of data.The John Stewart Company
August 13, 2012 | User Error
Abstract
I am writing to inform you that the John Stewart Company (“JSCo”) recently inadvertently included your name, social security number and, in some cases, birth date, in e-mails that were sent to various JSCo employees on August 7, 2012 and August 13, 2012. We regret this inadvertent disclosure and have taken immediate steps to (a) delete the e-mail from every computer to which it was sent, (b) prevent any similar event from occurring in the future, and (c) provide you with assistance to both protect your credit and deal with any issues that may arise from this inadvertent disclosure.TD Bank, N.A.
March 30, 2012 | Files Lost
Abstract
Some of your personal information was included on two data backup tapes that we shipped to another one of our locations in late March 2012. The tapes have been missing since then, and we have been unable to locate them despite diligent efforts. This isolated incident has been the subject of an internal investigation by our corporate security and information security teams. We have also notified law enforcement. Your personal information included on the tapes may have included your name or address, Social Security Number, and account, debit or credit card number.Abstract
We want to inform you that some of your personal information was included on two backup tapes that we intended to courier between two of our locations in March, 2012. The tapes have been missing since then, and we have been unable to locate them despite our continued efforts. We have reconstructed the data on the tapes and determined that they may have included your name, address, or Social Security number, as well as your account, debit or credit card number.TM Acquisition LLC (d/b/a Trymedia)
December 08, 2011 | Website Compromise
Abstract
We recently became aware of a criminal intrusion into our ActiveStore Web-based storefront application that processes purchases of digital games made by customers on our partners’ Web sites. We believe the intruders may have been able to intercept and obtain cardholder names, credit card account numbers, expiration dates, security codes, postal addresses, email addresses, and passwords to optional user accounts on ActiveStore storefronts from a portion of transactions flowing through the ActiveStore application between November 4, 2011, and December 2, 2011.Trident University International
November 26, 2011 | Attempt
Abstract
On November 29, 2011, we detected an unsuccessful attempt by an unidentified person to access one of our database containing username and passwords for approximately 81,000 current and former student accounts. No other information was contained in the database.ThePartsBin.com (U.S. Auto Parts Network, Inc.)
April 09, 2011 | Website Compromise
Abstract
I am writing to let you know of a security incident occurring between April 9, 2012, and June 12, 2012, involving our website, www.ThePartsBin.com. Due to this incident, we have reason to believe that your name and credit card information may have been accessed without authorization.The Variable Annuity Life Insurance Company
October 25, 2007 | Unauthorized Access
Abstract
We wanted to let you know about a situation involving unauthorized access to your personal information. It recently came to our attention that a financial advisor formerly associate with VALIC was in pocession of information relating to some of our customers including you.TBI Mortgage Company
Abstract
In June 2019, we began to receive customer reports relating to identity theft. As soon as we became aware of this issue, we immediately engaged cybersecurity and dorensics experts to determine whether we have been compromised. We have found no indication of a compromise of TBIM systems.TengoInternet, Inc.
Abstract
On September 23, 2018, TengoInternet received evidence indicating an anonymous individual had accessed our database of consumer usernames and passwords for TengoInternet accounts, without authorization, in or prior to April 2018. We had previously received similar communications from the same anonymous individual in April 2018; however, an investigation at that time, conducted with the assistance of an outside forensic investigator, determined the claims were not credible. While our investigation is ongoing, we have no confirmation of any actual or attempted fraudulent misuse of consumer information resulting from this incident.Thermo Fisher Scientific Inc.
Abstract
Thermo Fisher learned from federal law enforcement authorities that unauthorized third parties compromised a small percentage of the company’s email accounts. They advised us that we were one of a large number of corporations that this group has targeted and that federal law enforcement authorities were actively investigating the group.TIO Networks USA, Inc. and its affiliates on behalf of billers in the attached schedules
Abstract
TIO Networks was acquired by PayPal Holdings, Inc. (“PayPal”) on July 18, 2017. On November 10, TIO’s operations were suspended after the discovery of security vulnerabilities in its systems. The investigation to date has uncovered evidence of unauthorized access to the TIO network, including locations that stored personal information of some of TIO’s customers and customers of the companies that TIO services. We have no proof, however, that your data was accessed, acquired, or misused. The PayPal platform, which is separate from the TIO network, is not impacted by this situation in any way and PayPal’s customers’ data remains secure.Tween Brands, Inc.
Abstract
On September 7, 2017, we discovered signs indicating attempts had been made to gain access to one of our web servers. We immediately removed the server from our network and began an investigation with the assistance of a leading computer forensics firm. The investigation determined that an unauthorized individual may have gained access to the server and may have used that access to connect to a database server. TBDThe Online Traffic School
Abstract
On July 26, 2017, we discovered that an unauthorized individual gained access to part of our computer network that supports the applications and websites that we operate. Upon learning of this, we immediately took steps to block any further unauthorized access, engaged a leading forensic investigation firm to determine what happened and assist us in implementing enhanced security measures, and notified the payment card networks.TripAdvisor LLC
Abstract
We recently detected a suspicious login to your TripAdvisor account that leads us to believe that your account was accessed by an unauthorized user.Tarleton Medical
Abstract
On January 6, 2017, TM learned of a data security incident that may have affected personal information contained in your medical records. Access to the server which stored these records was immediately disabled. We launched an investigation and engaged a digital forensics firm to determine what happened and whether any medical records were accessed without authorization. On February 2, 2017, the digital forensics firm confirmed that TM’s computer systems were accessed without authorization and indicated that patient records may have been accessed as well. This letter serves to inform you of the incident and to share with you the services we are providing to protect your personal informationTurner Broadcasting System, Inc.
Abstract
On November 12, 2016, we became aware that an unauthorized party gained access to certain files containing limited Bleacher Report user information. We immediately began investigating the incident, and our investigation revealed that the unauthorized party accessed this user information sometime in or before early November 2016. We also reported the incident to law enforcement authorities.TuneCore
Abstract
TuneCore recently discovered suspicious activity on its servers, including the illegal collection of certain personal and account information. This information may have included your Social Security or taxpayer ID number and date of birth, as well as your royalty statements for the third quarter of 2015, showing the number of sales or downloads on different platforms, along with the contractual rate for them, and the sum of transactions.The Painted Turtle
Abstract
The incident involved an error in the database supporting The Painted Turtle’s online application system for campers and volunteers. Because of this error, there is a chance that information that you provided in your online camper/family member application to The Painted Turtle may have been viewable by individuals you listed as a Medical Provider or Emergency Contact.The Home Depot, Inc.
Abstract
We have been informed that three HR associates have been arrested on allegations that include the unlawful use of personal information belonging to current and former associates and a small number of hiring candidates.The Coca-Cola Company
Abstract
On behalf of The Coca-Cola Company, I am writing to inform you about a recent incident discovered on December 10, 2013 that involved some of your personal information. We recently discovered the theft of several laptops assigned to current CCR and former CCE users that included personnel information. We began investigating the incident as soon as we learned of it, and are engaged with the appropriate law enforcement in this matter.T-Mobile US
Abstract
We are writing to inform you of a recent incident of unauthorized access to a file stored on servers owned and managed by a T-Mobile supplier. This file contained personal information, including name, address, Social Security number and/or Driver’s License number. In your case, the party or parties making the unauthorized access may have viewed your [insert data type]. This access was discovered in late November 2013.U
UAMG, LLC
September 17, 2020 | Email Compromise
Abstract
This cyber-attack involved the unauthorized access of an email account of an individual associated with <<company 1>>. We became aware of this incident on September 23, 2020 when we were notified that an unauthorized entity successfully sent several spam emails from the affected email account to various email addresses unfamiliar to the account holder. Since this unauthorized entity had access to the account holder’s mailbox, it is possible that data contained within the mailbox may have been acquired and disclosed to others. Upon becoming aware of this incident, we took immediate action to secure the account and investigate the incident. As a result of the investigation, we determined that there was unauthorized access to the email account from September 17, 2020 to September 23, 2020, when the account was locked. The affected email account contained information about some of the individuals with whom we have a business relationship, including you.Ultra Clean Holdings, Inc.
August 03, 2020 | Phishing
Abstract
We are writing to inform you that on August 5, 2020, we discovered that on August 3 and 4, 2020 UCT had been the victim of an email phishing scheme, which resulted in the attacker obtaining some of your personal information.U.S. Bank
July 30, 2020 | Server Stolen
Abstract
On July 30, 2020, a computer server containing your information was physically stolen from one of our corporate offices. Since the event, we have been focused on identifying who may have been impacted and working with authorities to recover the stolen server.U.S. Bank, N.A.
July 30, 2020 | Computer Stolen
Abstract
On July 30, 2020, a computer server containing your information was physically stolen from one of our corporate offices. Since the event, we have been focused on identifying who may have been impacted and working with authorities to recover the stolen server.University Muslim Medical Association
June 29, 2020 | Unauthorized Access
Abstract
On July 1st 2020, it was discovered that a former employee sent a secured file to their personal email address. However, we have not received any indication that the information has been accessed or used by any unauthorized individual and have a signed statement from the former employee that they destroyed the electronic file. We have also taken measures and made additions to our policies and procedures to protect against similar events in the future.University of California San Francisco
June 1, 2020 | Ransomware
Abstract
On June 1, 2020, the University of California San Francisco (“UCSF”) detected a cybersecurity attack that occurred in a limited part of the UCSF School of Medicine’s IT environment. Upon detection of the intrusion, we immediately isolated the impacted environment and successfully contained the incident from the core UCSF network. While we stopped the attack as it was occurring, the attacker obtained certain files and encrypted others with ransomware. UCSF made the difficult decision to pay the attacker, and received the information we needed to decrypt the affected servers and data the attackers stole. Although we have no evidence that the personal information taken has been misused, we are notifying you because we determined that some of your personal information was impacted.September 25, 2013 | Laptop Stolen
Abstract
We are writing to inform you of an incident involving some of your health information. On September 25, 2013, UCSF learned that an unencrypted personal laptop was stolen from the locked vehicle of a physician in the Division of Gastroenterology at the UCSF School of Medicine. Given the physician’s various UCSF responsibilities, it was determined that the physician had the information appropriately.US HealthCenter, Inc.
April 13, 2020 | Phishing
Abstract
On April 13, 2020, we were made aware of unauthorized access to USHC’s dedicated Cost Plus email account. This account was used to distribute phishing emails to Cost Plus wellness plan participants in an attempt to gain access to participant personal information. USHC’s internal information security (IT) team conducted an investigation of the compromised account. USHC discovered that there was unauthorized access to the Cost Plus email account, and the individual(s) responsible were able to view and forward emails associated with this inbox. The compromised account contained forms submitted by Cost Plus plan participants, including an Annual Preventive Screening affidavit which may have contained a participant’s name, employee number, date of birth, physician signature, and date of exam. Apart from additional limited health information, the inbox in question did not contain participants’ social security numbers, drivers’ license numbers, credit card data, financial account information, insurance information, or other sensitive personal information.University of Detroit Mercy
February 7, 2020 | Ransomware
Abstract
On July 16, 2020, Blackbaud notified Detroit Mercy of a ransomware attack on their internal systems. Upon learning of the issue, we commenced an immediate and thorough investigation. As part of our investigation, we engaged external cybersecurity professionals experienced in handling these types of incidents.Blackbaud reported to us that they identified an attempted ransomware attack in progress on May 20, 2020. Blackbaud engaged forensic experts and law enforcement to assist in their internal investigation. The investigation concluded that the cybercriminal removed data from Blackbaud’s systems intermittently between February 7, 2020 and May 20, 2020. A backup file containing certain information was removed by the cybercriminal. According to Blackbaud, they paid the cybercriminal to ensure that the backup file was permanently destroyed.
University of Minnesota Physicians
January 31, 2020 | Phising
Abstract
UMPhysicians identified that cyber attackers used phishing emails to fraudulently access two employee email accounts. The two phishing email attacks were identified on January 31, 2020 and February 4, 2020, shortly after they occurred. UMPhysicians took immediate steps to secure the email accounts and began working with third-party computer forensic investigators to determine the nature and scope of the incidents. The investigation indicated that an unknown actor had access to one employee email account on January 30 and January 31, 2020, and another employee email account on February 4, 2020, for a brief period of timeJanuary 30, 2020 | Phishing
Abstract
UMPhysicians identified that cyber attackers used phishing emails to fraudulently access two employee email accounts. The two phishing email attacks were identified on January 31, 2020 and February 4, 2020, shortly after they occurred. UMPhysicians took immediate steps to secure the email accounts and began working with third-party computer forensic investigators to determine the nature and scope of the incidents. The investigation indicated that an unknown actor had access to one employee email account on January 30 and January 31, 2020, and another employee email account on February 4, 2020, for a brief period of time.Urban Compass, Inc.
May 24, 2019 | Email Compromise
Abstract
We learned that certain of our agents’ Gmail accounts were subject to unauthorized access due to a phishing attack. A phishing attack is a commonly employed cyber-attack that seeks to trick an email recipient into believing the message is from a trustworthy entity and to click a malicious link or download a malicious attachment. We began an internal investigation, and a leading computer forensic firm was hired to assist. The investigation determined that an unauthorized person gained access to the Gmail accounts between May 24, 2019 and November 6, 2019, and again between November 11, 2019 and January 8, 2020. The investigation was unable to determine whether the unauthorized person actually viewed any emails or attachments in the accounts.Urban One, Inc.
February 28, 2019 | Network Compromise
Abstract
On February 28, 2019, we discovered there had been unauthorized access to our network. We immediately took action to remove the unauthorized third party and initiated an independent investigation into the issue with third party forensics experts to determine what information and systems may have been affected. As a result of our investigation, we determined that our HR database may have been improperly accessed, as well as any user names and passwords you may have entered into a company computer. We immediately contacted law enforcement.University of Washington Medical Center (“UWM”)
December 04, 2018 | Misconfiguration
Abstract
On December 26, 2018, UW Medicine became aware of an error in a database configuration that made protected internal files available on the internet earlier that month. Certain information about you was exposed and we think it is important that you know of this incident. We apologize for any distress this may cause you.UConn Health
August 20, 2018 | Email Compromise
Abstract
On December 24, 2018, our investigation determined that the email accounts contained some personal information. The impacted information for each individual differs but included your name and Social Security number, and may have included your address, date of birth, driver’s license number and/or medical information – for example, information such as medical record numbers, dates of service, physician seen, a brief summary of medical condition and services provided, and billing information.UnityPoint Health
March 14, 2018 | Phishing
Abstract
Our investigation shows that our organization received a series of fraudulent emails known as “phishing” that were disguised to appear to have come from a trusted executive within our organization. The phishing emails tricked some of our employees into providing their confidential sign-in information which gave attackers access to their internal email accounts between March 14, 2018 and April 3, 2018. Some of the compromised accounts included emails or attachments to emails, such as standard reports related to healthcare operations, containing protected health information and/or personal information for certain patients. While unauthorized access to patient information may have occurred, no known or attempted misuse of patient information has been reported at this time.USACS Management Group, Ltd.
March 09, 2018 | Email Compromise
Abstract
On March 9, 2018, we learned that an unauthorized third party may have accessed a USACS employee's email account that same day. We immediately began an investigation, including hiring a leading outside computer firm to assist us.UC San Diego Health
December 08, 2017 | Server Compromise
Abstract
On December 22, 2017, UC San Diego Health learned from one of our business associates, Nuance Communications that an unauthorized third party accessed one of its medical transcription platforms, which contained your medical information. The data breach occurred between November 20, 2017 and December 9, 2017.Unified Trust Company, N.A.
December 06, 2017 | Email Compromise
Abstract
On or about February 13, 2018, Unified Trust became aware of suspicious activity within a Unified Trust employee’s email account. Upon learning of this suspicious email activity, Unified Trust promptly launched an internal investigation, with the assistance of third-party forensic investigators. Through this investigation, on or about August 1, 2018, Unified Trust confirmed that there was unauthorized access to two Unified Trust email accounts between February 12, 2018 and February 13, 2018.USA Hoist Company, Inc., Mid-American Elevator Company, Inc., and Mid-American Elevator Equipment Company, Inc.
October 17, 2017 | Ransomware
Abstract
A server used by USA Hoist Company, Inc., Mid-American Elevator Company, Inc., and Mid-American Elevator Equipment Company, Inc. to store employee and vendor information was subject to a ransomware attack by the hacker group called "the Dark Overlord." We discovered the attack on the morning of Tuesday, October 17, 2017, when we could not access certain of our data systems as a result of the breach. On Thursday, October 19, 2017, the FBI visited our offices to inform us that we may become the subject of a such an attack, but by that time the attack had already occurred.University of California Davis Health
May 17, 2017 | Phishing
Abstract
It was determined that a "phishing event" caused the compromise of this employee's email account. Phishing is when a third party tries to gain access to another individual’s email account by representing themselves as an official, legitimate source and requesting information of the email account holder, such as a login or password. Once this phishing event was discovered, swift action was taken by our Information Technology (IT) security team to secure the account and minimize the threat.Urology Austin
January 22, 2017 | Ransomware
Abstract
On January 22, 2017, Urology Austin was the victim of a ransomware attack that encrypted the data stored on our servers. Within minutes, we were alerted to the attack, our computer network was shut down, and we began an investigation. We also began to take steps to restore the impacted data and our operations.University of California Santa Cruz
January 13, 2017 | Laptop Stolen
Abstract
On January 13, 2017, two unencrypted laptops were stolen from the home of a University of California, Santa Cruz (UC Santa Cruz) researcher/instructor. The theft was discovered the same day and a police report was filed, but at this time no items have been recovered. Our investigation confirmed that the stolen laptop contained copies of your UC Santa Cruz narrative evaluations. There is no indication that the student information was the intended target.U-Haul Co. of California
January 10, 2017 | Malware
Abstract
U-Haul Company was notified of a possible incident involving certain U-Haul customers who reserved and/or rented equipment from Solo Tire, an independent U-Haul dealer in Orange, California. U-Haul immediately launched an internal investigation and hired a forensic security firm to assist in the investigation. Findings from our investigation suggest that one computer workstation at this dealership had been infected with malware designed to target payment card information, but which may have also accessed other rental information.Universal Care DBA Brand New Day
December 22, 2016 | Breach
Abstract
We are writing to you with important information about a recent unauthorized disclosure of your personal health information involving Brand New Day. We became aware of this event on December 28, 2016 that occurred on December 22, 2016.Uber Technologies, Inc.
October 13, 2016 | Database Compromise
Abstract
In November 2016, Uber learned that unauthorized actors obtained access to a private cloud storage environment used by Uber. They accessed stored copies of Uber databases and files. To the best of our knowledge, the unauthorized access began on October 13, 2016 and ended no later than November 15, 2016.May 13, 2014 | Database Compromise
Abstract
Uber discovered in September 2014 that information allowing access to the database had been available without intended access restrictions. We immediately ensured that the database was no longer accessible using that information, and have taken additional safety measures to protect your information. We also determined that the database was accessed only once by a third party, on May 13, 2014.University of Connecticut
September 24, 2016 | Malware
Abstract
We are writing to inform you of a data security-related incident that may have involved your personal information. On March 9, 2015, Information Technology (IT) staff in the School of Engineering detected that malicious software, or “malware,” had been placed on a number of servers that are part of the School’s technical infrastructure over a period of months, with penetration of the servers beginning as early as September 2013.UC San Diego School of Medicine
August 03, 2016 | Breach
Abstract
This letter is to inform you that on September 7, 2016, UC San Diego School of Medicine (UCSD SOM) became aware of an electronic file that was accessible on the internet containing the personal information of individuals.USC Keck and Norris Hospitals
August 01, 2016 | Ransomware
Abstract
On August 1st 2016, USC Keck and Norris Hospitals detected ransomware on two servers after being notified earlier that day that certain hospital employees could not access their files. This type of malware attack encrypted files on both servers, which made the files inaccessible to our employees. However, the attack was quickly contained and isolated to prevent the spreading of malware to other servers.UFCW Local 655 Food Employers Joint Pension
July 14, 2016 | Ransomware
Abstract
On or around July 21, 2016, UFCW Local 655 Food Employers Joint Pension Plan was the victim of a ransomware attack.U Gym, LLC
April 04, 2016 | Computer Stolen
Abstract
We value your employment with UFC Gym and respect the privacy of your information, which is why, as a precautionary measure, we are writing to let you know about a data security incident that involves your personal information. On April 4, 2016 we had several computers stolen from our corporate office in Santa Ana, California.Ursus Holdings, LLC
March 21, 2016 | Email Compromise
Abstract
We first detected suspicious email account activity on April 25, 2016, when an employee’s email account began sending “blast” or “spam” emails. That employee previously had received a phishing email requesting account credentials to access what appeared to be a secure PDF attachment. Upon the employee providing the credentials, others within the employee’s contact list began receiving similar emails. Three other employees are believed to have received the same email attachment and provided their credentials.University of Central Florida
December 30, 2015 | Network Compromise
Abstract
The University of Central Florida wants to make you aware of an intrusion into the university’s computer network that resulted in the unauthorized access to your personal information. While we have no evidence to suggest that any of your information has been used inappropriately, we want to provide you with guidance on how you can protect yourself.University of California, Berkeley (The Regents of the University of California)
December 28, 2015 | Vulnerability
Abstract
On December 28, 2015 an unauthorized person or persons accessed portions of computer systems that are part of the UC Berkeley financial system. The criminals gained entry through a security flaw that the University was in the process of patching. Law enforcement, including the FBI, has been notified.University of California at Los Angeles
July 03, 2015 | Laptop Stolen
Abstract
On July 3, 2015, a laptop computer belonging to a UCLA Health faculty member was stolen from his locked car while he was traveling. The computer was password-protected and stored limited information about some UCLA Health patients.U.S. HealthWorks
April 22, 2015 | Laptop Stolen
Abstract
On April 22. 2015, we learned that a laptop issued to one of our employees had been stolen from the employee's vehicle the night before.University of California, Riverside
March 13, 2015 | Computer Stolen
Abstract
On Friday, March 13, 2015 University of California, Riverside (UCR) officials were notified of a computer theft from UCR’s Graduate Division offices. This computer system supports graduate student applicant processing, and various documents on the computer contained Social Security numbers paired with first and last names.University of California, Berkeley
December 21, 2014 | Website Compromise
Abstract
The data breach involved unauthorized access to a University web server maintained by a unit within the UC Berkeley Division of Equity & Inclusion. The server was used to store information, including family financial information, submitted by students.September 16, 2014 | Server Compromise
Abstract
The data breach involved unauthorized access to servers used to support a number of Real Estate programs and work stations, specifically those in the units formerly known as Capital Projects and Physical Plant-Campus Services. None of the identified servers or workstations were primary storehouses for personally identifiable information but some of them stored individual files that included some personal information.University of California Davis Medical Center
September 25, 2014 | Email Compromise
Abstract
On September 26, 2014, a member of our Information Technology (IT) team detected abnormal activity in the email account of one of our providers. Upon further investigation, it was determined that the provider’s email was compromised by an unknown source. This resulted in the unauthorized use and potential impermissible access of the email account.December 13, 2013 | Email Compromise
Abstract
We recently learned that one of our medical provider’s email accounts was impacted by an email “phishing” scam. This means that malicious software was potentially used to access the medical provider’s email account.UCLA Health
September 21, 2014 | Network Compromise
Abstract
On May 5, 2015, we determined that the attacker had accessed parts of the UCLA Health network that contain personal information, like name, address, date of birth, social security number, medical record number, Medicare or health plan ID number, and some medical information (e.g., medical condition, medications, procedures, and test results).University of California, Washington Center (UCDC)
June 07, 2014 | Third Party
Abstract
On June 8th, 2014, UCDC received notification of unsolicited emails being sent to UCDC Alumni. An investigation by UCDC’s tech unit revealed that an unauthorized individual had gained access to UCDC’s pre-enrollment system hosted at ucdc.gosignmeup.com and the data stored on this system. GoSignMeUp is a cloud-based provider of an online course registration system engaged by UCDC to host its course registration system. The data accessed included your password and user name.University of California Irvine
February 14, 2014 | Malware
Abstract
On March 26, 2014, the California Information Security Office (http://www.cio.ca.gov/ois/) notified us that one of the computers in the UC Irvine Student Health Center had been infected with a virus. We have since confirmed that information and verified that two other computers also were infected. The three computers were infected with a keystroke logger that captured data as it was entered onto them and transmitted that data to unauthorized servers. This occurred between February 14 and March 27, 2014.UCSF Family Medicine Center at Lakeshore
January 11, 2014 | Computer Stolen
Abstract
We are writing to inform you of an incident involving some of your health information. On January 13, 2014, UCSF learned that unencrypted desktop computers were burglarized from the UCSF Family Medicine Center at Lakeshore on or about January 11, 2014. UCSF immediately began a technical analysis to identify what information was on the computers. On March 6, 2014, UCSF determined that the computers contained files that included your name and/or medical record number, along with some health information. The files may have also included other identifiable information, such as your date of birth or addressUniversity of California Santa Barbara
November 01, 2013 | Unauthorized Access
Abstract
Our investigation recently identified unauthorized access to some archival payroll data that included first and last names, social security numbers and direct deposit banking information. We are notifying all employees whose information was potentially subject to unauthorized access so you can be alert to the possible misuse of your personal information.USI Insurance Services LLC
October 02, 2013 | Malware
Abstract
I am writing to you on behalf of Company about a potential security incident. We recently discovered that certain unauthorized software was uploaded to our computer system. Upon discovery, we immediately analyzed the software, determined that it was malicious and removed it. In the course of our investigation, we determined that a hacker, through the malicious software, had viewed files containing a username and password.Unique Vintage
September 18, 2013 | Website Compromise
Abstract
We are writing to you because of an incident at Unique Vintage. On September 14, 2013 we discovered a data security incident that involved some of your personal information. Unique Vintage is Payment Card Industry Security Standards Council (“PCI”) compliant and implements the latest measures reasonably possible to protect its customers’ sensitive information.UCSF Medical Center
September 09, 2013 | Laptop Stolen
Abstract
I am writing to inform you of an incident involving some of your health information. On September 10, 2013, UCSF learned that an unencrypted laptop was stolen from the locked vehicle of a UCSF Liver Transplant employee on September 9, 2013. UCSF immediately began an extensive technical analysis to determine what information was on the laptop.United Shore Financial Services, LLC
December 02, 2012 | Computer Compromise
Abstract
I am writing to make you aware that United shore Financial Services, LLC("USFS") recently discovered that it was the victim of a computer intrusion by an unauthorized third party.Upper Skagit Indian Tribe
October 26, 2012 | Third Party
Abstract
I am writing to inform you that on November 29, 2012, the Skagit Valley Casino Resort learned that an incident involving one of its vendors, Bally Technologies, Inc. ("Bally"), may have involved your personal data.Union Bank N.A.
January 31, 2012 | Insider Threat
Abstract
On February 15, 2012, Union Bank® discovered that a former contractor kept proprietary bank data in his possession upon his departure from the Bank on January 31, 2012. This data contained some of your customer information such as your name, account number, home address, phone number, and email address.UnitedHealth Group health plan single affiliated covered entity
June 28, 2011 | Database Compromise
Abstract
I am writing to let you know about a privacy issue involving some of your personal information. On January 30, 2012, UnitedHealthcare discovered employee access to information in a database that we since have learned appears to be unauthorized. We believe the unauthorized access occurred from June 28 – December 12, 2011.University of California Irvine Medical Center
June 22, 2011 | Insider Threat
Abstract
We are writing this letter to you because you have been a patient of UC Irvine Health. On March 13, 2015, the UC Irvine Medical Center discovered that an employee, whose job required access to some patient records, had looked at additional patients’ records without a job-related purpose.Under Armour, Inc.
Abstract
On March 25, 2018, we became aware that during February of this year an unauthorized party acquired data associated with MyFitnessPal user accounts.UCLA Summer Sessions & International Education Office
Abstract
At UCLA Summer Sessions & International Education, the confidentiality and security of student records and personal information is important to us. Unfortunately, our program was the victim of a cyberattack that may have put some of your «child’s» personal information at risk.Unixiz Inc
Abstract
On September 27, 2016, we learned that cyber criminals gained unauthorized access to our computer system and to your personal information, including your age, email address and password that you provided to create, and used to access, your www.i-dressup.com account, as well as any additional personal information that you may have voluntarily provided such as your first name, last name, gender and country (collectively, “Personal Information”). Because it was not required to create or use any www.i-Dressup.com account, no Social Security or other identification numbers, physical addresses, mailing addresses, credit card numbers, banking or other financial information was compromised. Be that as it may, we want to make you aware of the incident, update you on the steps we have taken, and propose further steps you should take to guard yourself against identity theft or fraud.University of Southern California, on behalf of KUSC
Abstract
KUSC recently learned that one of its contractors, Comnet Marketing Group ("Comnet") was affected by ransomware malware, which ultimately resulted in deletion of its storage system that housed customer credit card information. KUSC engaed Comnet to assist with perofrming certain telemarking activities, and in the course of those activities, Comnet obtained credit card information from a relatively small number of KUSC donors.Ullrich Delevati CPAs
Abstract
We recently learned that a number of our clients had 2015 tax returns filed in their names without their authorization. We immediately engaged a digital forensics firm to help us investigate whether our information system had been accessed without authorization. On March 15, 2016 we received confirmation from the digital forensics firm that some client information may have been accessed without our authorization. It is possible that your tax return file may have been one of the files accessed.United Airlines
Abstract
Since approximately December 9, 2014, the unauthorized party attempted to access MileagePlus accounts with these usernames and passwords, since many people use the same username and password for multiple accounts and websites.US Investigations Services, LLC
Abstract
We are writing to let you know that portions of your personal information may have been compromised as part of a criminal intrusion on US Investigations Services, LLC’s (USIS) computer systems that USIS detected in June 2014. USIS retained this information on its systems in connection with your engagement by USIS.Update Legal
Abstract
On or about September 9, 2013, Update Legal was informed by the San Francisco Police that a suspect in custody was found to be in possession of a smartphone with digital photographs of I-9 forms. Several of these images seemed to have been copies of I-9 forms kept in a filing cabinet maintained by Update Legal in its San Francisco office. I-9 forms are given to, and retained by, Update Legal as part of Update Legal’s government mandated employment eligibility verification.US Airways
Abstract
We recently discovered that a small number of Dividend Miles accounts were accessed by unauthorized users who had obtained usernames and passwords for the compromised accounts through means as yet unknown to us. Based upon our review, it is possible that your account may have been affected. The information that the intruders potentially gained access to (to the extent you had provided it to US Airways) includes your: name, address, ...University of Southern California
Abstract
The university recently identified a security breach affecting credit card purchases made at food outlets on the USC University Park and Health Sciences campuses.University of North Carolina at Charlotte
Abstract
On February 15, 2012, the University of North Carolina at Charlotte (the “University”) announced that, because of incorrect access settings, a large amount of electronic data hosted by the University were accessible from the Internet.V
VF Outdoor, LLC doing business as The North Face
October 8, 2020 | Credential Stuffing
Abstract
We care about the security of your personal information, and we are writing to tell you that we have discovered evidence of unauthorized access to some of your personal information. On October 9, 2020, we were alerted to unusual activity involving our website, thenorthface.com, that prompted us to investigate immediately. Following a careful investigation, we concluded that a credential stuffing attack had been launched against our website on October 8 and 9, 2020. A “credential stuffing attack” is a specific type of cybersecurity attack in which the attacker uses account authentication credentials (e.g., email addresses/usernames and passwords) stolen from another source, such as a breach of another company or website, to gain unauthorized access to user accounts. Credential stuffing attacks can occur when individuals use the same authentication credentials on multiple websites, which is why we encourage you to use a unique password on thenorthface.com.Based on our investigation, we believe that the attacker previously gained access to your email address and password from another source (not from The North Face) and subsequently used those same credentials to access your account on thenorthface.com.
We do not believe that the attacker obtained information from us that would require us to notify you of a data security breach under applicable law, but we are notifying you of the incident voluntarily, out of an abundance of caution.
VF Outdoor, LLC doing business as The North Face®
October 08, 2020 | Website Compromise
Abstract
We care about the security of your personal information, and we are writing to tell you that we have discovered evidence of unauthorized access to some of your personal information. On October 9, 2020, we were alerted to unusual activity involving our website, thenorthface.com, that prompted us to investigate immediately. Following a careful investigation, we concluded that a credential stuffing attack had been launched against our website on October 8 and 9, 2020. A “credential stuffing attack” is a specific type of cybersecurity attack in which the attacker uses account authentication credentials (e.g., email addresses/usernames and passwords) stolen from another source, such as a breach of another company or website, to gain unauthorized access to user accounts. Credential stuffing attacks can occur when individuals use the same authentication credentials on multiple websites, which is why we encourage you to use a unique password on thenorthface.com.Ventura College Foundation
February 7, 2020 | Ransomware
Abstract
On July 16, 2020, the Ventura College Foundation was informed by Blackbaud (one of the world’s largest providers of financial and fundraising technology to nonprofits), that it was hacked and data from its clients throughout the world, including the VC Foundation, was held for ransom by cybercriminals. This was a very sophisticated ransomware attack that included database and donor management system back-up files for our Blackbaud Raisers Edge/NXT, beginning on February 7, 2020, and could have been in there intermittently until May 20, 2020.Vermont Student Assistance Corporation
February 7, 2020 | Ransomware
Abstract
In May 2020, Blackbaud experienced a ransomware incident that impacted certain systems within the Blackbaud environment. As a result of this incident, certain Blackbaud systems were encrypted and a Blackbaud database backup file including VSAC data was removed from the Blackbaud environment by an unauthorized actor. While Blackbaud’s investigation was able to determine that the backup file was removed between February 7, 2020 and May 20, 2020, their investigation was unable to confirm exactly when this occurred. As a result, the unauthorized actor may have had access to certain information contained within the backup database. Upon learning of this incident, VSAC immediately began an investigation to determine the full nature and scope of the event and what, if any, VSAC data may have been impacted. On or about August 7, 2020, VSAC’s investigation determined that the backup database may have contained personal information.Verigent, LLC
October 21, 2019 | Email Compromise
Abstract
On January 3, 2020, Verigent learned of a suspicious email sent from a Verigent employee’s email account. Upon learning of this suspicious message, Verigent immediately took steps to secure its email environment which included resetting the passwords required to access all Verigent employee email accounts and implementing multi-factor authentication. Verigent also began a preliminary investigation and engaged an independent forensics firm to assist. On January 28, 2020, the forensics firm informed Verigent that an unauthorized individual had gained access to certain Verigent employee email accounts. On June 4, 2020, Verigent learned that the email accounts accessed without authorization contained some of your personal information which may have been viewed by an unauthorized individual. Verigent then worked diligently to identify up-to-date address information in order to provide notification to potentially impacted individuals.Volusion LLC
September 07, 2019 | Website Compromise
Abstract
Volusion is an e-commerce platform that hosts websites for may online merchants. On or about October 8, 2019, we learned that personal information of some customers of our merchant clients may have been improperly exposed as a result of malware placed on Volusion's e-commerce platform.VibrantCare Rehabilitation, Inc.
August 20, 2019 | Email Compromise
Abstract
VibrantCare became aware of unusual activity involving an employee’s email account. VibrantCare immediately commenced an investigation with the assistance of third-party computer specialists. The investigation determined that an employee email account was accessed without authorization between August 20, 2019, and August 27, 2019. While the investigation did not determine that personal information had been accessed or acquired as a result of this incident, VibrantCare could not rule out the possibility of such activity. Therefore, VibrantCare immediately began a thorough review of the contents of the email account to determine whether sensitive information was present in the account at the time of the incident.Verity Medical Foundation
January 16, 2019 | Email Compromise
Abstract
On January 16, 2019, the Microsoft 365 web email account of a VMF employee was compromised for several hours. During this time, a third party obtained access to the employee’s email account without authorization and from this account, sent emails to various internal and external email accounts containing a malicious link. It appears that this was an attempt to obtain user names and passwords from the recipients of these emails. We have confirmed that the third party did not gain access to the email accounts of any other VMF employee or to the VMF servers or network more generally.November 28, 2018 | Email Compromise
Abstract
On November 28, 2018, the Microsoft 365 web email account of a VMF employee was compromised for approximately 1.5 hours. During this time, a third party obtained access to the employee’s email account without authorization and from this account, sent emails to various internal and external email accounts containing a malicious Docusign link. It appears that this was an attempt to obtain user names and passwords from the recipients of these emails. We have confirmed that the third party did not gain access to the email accounts of any other VMF employee or to the VMF servers or network more generally.January 06, 2017 | Unauthorized Access
Abstract
On January 6, 2017, Verity Health System learned that some of his/her personal information may have been accessed by an unauthorized third party. Although we are not aware of any misuse of the information, we are notifying you to advise you of the incident out of an abundance of caution.Verity Health System
November 27, 2018 | Email Compromise
Abstract
On November 27, 2018, the Microsoft 365 web email account of a VHS employee was compromised for approximately 1.5 hours. During this time, a third party obtained access to the employee’s email account without authorization and from this account, sent emails to various internal and external email accounts containing a malicious link. It appears that this was an attempt to obtain user names and passwords from the recipients of these emails. We have confirmed that the third party did not gain access to the email accounts of any other Verity employee or to the VHS servers or network more generally.April 27, 2016 | Phishing
Abstract
While this matter is still under investigation, we want to report this preliminary information. On May 22, 2016, we learned that a Verity employee was targeted on April 27, 2016, by an isolated email phishing scam in which an individual outside of Verity impersonated a Verity executive requesting certain information for Verity employees. The result of this scam was that certain information related to current and former employees who would have received a W-2 for 2015 was disclosed.Volt Information Sciences, Inc.
August 06, 2018 | Email Compromise
Abstract
On or around October 16, 2018, Volt Information Sciences (“Volt”) confirmed that an unknown actor gained access to certain Volt employee email accounts and that some of the accounts were used to send out phishing emails. The employees’ email credentials were changed, and the email accounts have been secured. A leading forensic investigation firm was retained to assist with Volt’s investigation into what happened and what information may be affected. The investigation determined that the accounts at issue experienced unauthorized access between August 6, 2018 and October 4, 2018.Vitalize, LLC
July 05, 2018 | Website Compromise
Abstract
Bodybuilding.com became aware of a data security incident involving unauthorized access to its systems in February 2019. Bodybuilding.com engaged one of the leading data security firms to conduct a thorough investigation, which traced the unauthorized activity to a phishing email received in July 2018. The investigation also determined that some data was removed from Bodybuilding.com systems, but the nature of the files taken is unknown. On April 12, we concluded our investigation and could not rule out that personal information may have been accessedVeyna & Forschino
November 06, 2017 | Email Compromise
Abstract
On November 27, 2017, we encountered suspicious activity on one company email account, [email protected]. We immediately began investigating the matter and contacted our local IT firm who disabled access. Further, we hired a specialized forensic IT firm to assist in the investigation.Ventiv Technology, Inc.
October 14, 2017 | Email Compromise
Abstract
On December 5, 2017, our IT department received reports of suspicious activity regarding an employee email account hosted on Office365. We immediately changed the password for the account and began an investigation Our investigation involved the assistance of a professional forensic firm to determine if any employee email accounts had been accessed without authorization. On January 4, 2018, the investigation determined that an unknown individual had accessed certain Ventiv employees' email accounts hosted on Office365 without authorization between October 14, 2017 to december 8, 2017.Vera Bradley, Inc.
July 25, 2016 | CAUSE
Abstract
Payment cards used at Vera Bradley retail store locations between July 25, 2016 and September 23, 2016 may have been affected. Not all cards used during this time frame were affected. Cards used on our website have not been affected.Voya Financial Advisors, Inc.
April 13, 2016 | CAUSE
Abstract
Perpetrators used your financial advisor’s personal information to gain unauthorized access to VFA’s systems, including [INSERT NAME]’s client records. VFA was able to detect and remediate the unauthorized access within a matter of hours, but it is possible that the perpetrator viewed your personal information while in the system.Valley Anesthesiology Consultants, Inc. d/b/a Valley Anesthesiology and Pain Consultants
March 30, 2016 | CAUSE
Abstract
On June 13, 2016, we learned that a third party may have gained unauthorized access to the VAPC computer systems on March 30, 2016. Upon learning of the situation, we immediately began an investigation, including hiring a leading forensics firm to assist us, and notifying law enforcement.VTech Electronics North America, LLC
November 14, 2015 | CAUSE
Abstract
On November 24 HKT we discovered that an unauthorized party accessed VTech customer data on our Learning Lodge app store customer database on November 14 HKT. Our records show that you are a customer of the Learning Lodge.Vacaville Housing Authority
August 24, 2015 | CAUSE
Abstract
On Monday, August 24, 2015, a VHA employee accidentally sent an email with a file that had your name and social security number to one person. The person who received the email was not authorized to view the information it contained, but she contacted us right away on August 25, 2015, to let us know what had happened. That person told the VHA that she deleted the email from her eamil inbox. The VHA immediately reported this incident to local police. The police spoke with the person and they made sure the email from the VHA was permanently deleted from her email inbox. The VHA is not aware of anyone using your personal information without your permission because of this incident.Valley Community Healthcare
February 24, 2015 | CAUSE
Abstract
On February 24, 2015 we discovered that a laptop computer attached to the Electrocardiogram (EKG) machine in the General Medicine department was missing. After searching the premises, the incident was reported to the North Hollywood Police Department (Report # 150224003504) that same day.Vibram USA, Inc.
June 06, 2014 | CAUSE
Abstract
Vibram USA Inc. contracts with a third-party web hosting provider to manage its website: www.vibramfivefingers.com. Our records show that you made a purchase from this website during the period of June 6 - July 7, 2014. We have been informed that this website was the victim of a targeted hacking potentially causing your credit card number to be compromised.Veterans of Foreign Wars of the United States
February 12, 2014 | CAUSE
Abstract
On March 4, 2014, VFW received notice that an unauthorized party had gained access to the VFW's webserver through the use of a remote access trojan and malicious code.Vitreo-Retinal Medical Group, Inc., dba Retinal Consultants Medical Group, Inc.
June 05, 2013 | CAUSE
Abstract
On June 7, 2013, it was discovered that a laptop computer, which was a component of a diagnostic imaging machine, was stolen sometime after our office closed on June 5, 2013. The laptop computer contained the following types of unsecured PHI: names, dates of birth, gender, race, and OCT (optical coherence tomography) images.Vendini, Inc.
March 29, 2013 | CAUSE
Abstract
Although our internal investigation is ongoing, we believe that in late March, a third-party criminal actor used hacking technologies to access our databases and may have accessed your personal information, such as name, mailing address, email address, phone number, and credit card numbers and expiration datesVitagene, Inc.
Abstract
On July 1, 2019, we learned initial information regarding a data security incident that may have affected your personal information. On that date we learned that an archive database containing a subset of the customer wellness recommendation reports generated between 2015 to 2017 and certain related data was potentially accessible to unauthorized individuals. We immediately conducted an investigation into the matter, and although we have no information that your information has been misused, we want you to be aware of the incident and to follow the steps detailed below to minimize the chance of any fraudulent activity in the future.Viyet, LLC DBA Sotheby’s Home
Abstract
On october 10, we became aware that an unknown third party had gained unauthorized access to the sotheby's Home website and inserted malicious code which, depending on the security settings of your computer, may have transmitted personal information you entered into the website's checkout form to this third party. Upon discovery, we promptly removed the code, which we believe was present on the website since at least March 2017. Based on our investigation into this incident, however, we cannot be certain as to when the website was first victimized by this attack. Accordingly, in an abundance of caution, we are notifying all Sotheby's home website customers (including those who made purchases on the Viyet website) that it is possible that their information has been accessed by an unauthorized party.Virgin America
Abstract
On March 13, 2017, during security monitoring activities, our data security team identified potential unauthorized access to certain Virgin America computer systems. We immediately took steps to respond to the incident, including initiating our incident response protocol and taking measures to mitigate the impact to affected individuals. We retained cybersecurity forensic experts to investigate the incident and reported the matter to law enforcement. Nevertheless, it appears that a third party may have accessed information about certain Virgin America employees and contractors without authorization.Value Eyecare Network, Inc. d/b/a 39dollarglasses.com
Abstract
On June 8, 2017, we learned that an unknown individual may have accessed your credit or debit card information used to make purchases at our online store. We immediately took action and commenced an investigation to determine what information may have been accessed. We determined that the unknown individual may have accessed customer payment card information, including name, address, telephone number, and credit/debit card information. The potentially compromised information did not include your Social Security number, date of birth or prescription information.VerticalScope Inc.
Abstract
On June 13, 2016, we became aware that February 2016 data stolen from VerticalScope was being made available online.Viator
Abstract
On September 2, we were informed by our credit card service provider that unauthorized charges had been made on a number of our customers’ credit cards. We have hired forensic experts, notified law enforcement and we have been working diligently and comprehensively to investigate the incident, identify how our systems may have been impacted, and secure our systems. Although our investigation is continuing, we currently believe that some forms of your data may be affected by the compromise. This information includes encrypted credit or debit card number, along with card expiration date, name, billing address, email address and, if you have created a Viator account, the associated email address, encrypted password and Viator “nickname.” At this time, we have no reason to believe that the three or four digit value printed at the back or front of your card was compromised. Additionally, debit PIN numbers are not collected by Viator and could therefore not be compromised.Valve Corporation
Abstract
We’ve recently learned that it is probable that in 2009 the intruders obtained a copy of a database with information about Steam transactions between 2004 and 2008. This database contained user names, email addresses, encrypted billing addresses and encrypted credit card information.W
Wyndham Capital Mortgage, Inc.
September 18, 2020 | User Error
Abstract
On September 18, 2020, an email was sent in error to an email account not belonging to Wyndham Capital Mortgage that contained some of your personal information. We have no evidence that this email was opened or that the information has been used.Windstream
July 11, 2020 | Unauthorized Access
Abstract
Our investigation determined that an unauthorized party gained access to certain Windstream internal systems at various times between July 11, 2020 and August 23, 2020. Findings from the investigation indicate that the party may have obtained some internal information from these systems during this period.Windstream Holdings II, LLC
July 11, 2020 | CAUSE
Abstract
Our investigation determined that an unauthorized party gained access to certain Windstream internal systems at various times between July 11, 2020 and August 23, 2020. Findings from the investigation indicate that the party may have obtained some internal information from these systems during this period.Walgreen Co.
May 26, 2020 | Device Lost
Abstract
Sometime between May 26 and June 5, 2020, various groups of individuals broke into multiple Walgreens stores and forced entry into the secured pharmacy at select locations, including your preferred Walgreens. Among the many items stolen were certain items containing health-related information —such as filled prescriptions waiting for customer pick up and paper records. This included a very limited number of hard drives that were attached to stolen cash registers. These hard drives contained information about certain recent pharmacy purchases completed at that cash register. One pharmacy automation device that stored prescription labeling information for a short time period was also involved. Between May 26 and June 5, Walgreens discovered customer information was impacted. We later determined that one or more of the items described above may have contained your information. We wanted to alert you to this fact.January 09, 2020 | CAUSE
Abstract
On January 15, 2020, Walgreens discovered an error within the Walgreens mobile app personal secure messaging feature. Our investigation determined that an internal application error allowed certain personal messages from Walgreens that are stored in a database to be viewable by other customers using the Walgreens mobile app. Once we learned of the incident, Walgreens promptly took steps to temporarily disable message viewing to prevent further disclosure and then implemented a technical correction that resolved the issue.December 20, 2017 | CAUSE
Abstract
On April 17, 2018, Walgreens discovered unauthorized skimming devices attached to a point-of-sale pin pad in two Nashville Rite Aid locations owned and operated by Walgreens, specifically at 2416 West End Avenue and 700 Gallatin Road. The skimming devices were removed immediately upon identification. Law enforcement was contacted immediately, and a criminal investigation is pending.Williams Hart Boundas Easterby LLP
May 12, 2020 | Email Compromise
Abstract
On May 13, 2020, we became aware that a firm email account was used to send unauthorized emails, and we swiftly engaged security experts to help determine what occurred. The investigation found that the account had been accessed by an unauthorized individual. In response, we reset the password to affected email accounts and implemented additional security controls to prevent further unauthorized access. We are not aware of any unauthorized access to the firm’s network or underlying systems, and we are providing this notice to you as a precautionary measure.WESTECH International Inc.
May 10, 2020 | CAUSE
Abstract
On May 10, 2020, WESTECH detected that a ransomware infection began encrypting files stored on our networkWeaver Fundraising, LLC d/b/a Trail’s End
May 03, 2020 | CAUSE
Abstract
It appears that an unauthorized party obtained your username from sources other than Trail’s End (i.e. the dark web or previously compromised accounts), used it to attempt to access your account, and clicked the “forgot password” button. When we sent a new password to your email address, the unauthorized party was able to pull the new password from network traffic.Warner Music Group
April 25, 2020 | Website Compromise
Abstract
On August 5, 2020, we learned that an unauthorized third party had compromised a number of US-based e-commerce websites WMG operates but that are hosted and supported by an external service provider. This allowed the unauthorized third party to potentially acquire a copy of the personal information you entered into one or more of the affected website(s) between April 25, 2020 and August 5, 2020.Windes, Inc.
March 16, 2020 | Email Compromise
Abstract
On or around March 19, 2020, Windes learned of a potential compromise to one (1) of its employee email accounts. Windes swiftly secured the suspected account and engaged a third-party forensics company to investigate. Following progress by experts in their thorough investigation, it was ultimately determined on May 4, 2020 that two (2) employee email accounts experienced unauthorized access between March 16-19, 2020 and on March 25, 2020. Upon confirmation of the unauthorized access to the Windes employee email accounts, Windes’ third-party forensic experts immediately investigated whether the affected email accounts contained individuals’ sensitive information. On June 15, 2020, Windes learned that the unauthorized access may have enabled access to your personal information.Woodruff Sawyer & Co.
March 2, 2020 | Email Compromise
Abstract
Woodruff Sawyer recently discovered suspicious activity related to certain Woodruff Sawyer employee email accounts. We immediately took steps to secure the email accounts and launched an investigation which included working with a third-party forensic investigator to determine the nature and scope of the activity. The investigation determined that an email accounts belonging to Woodruff Sawyer employees were subject to unauthorized access on separate occasions between March 2, 2020 and April 30, 2020. As a result, the unauthorized actor may have had access to certain emails and attachments within the accounts.Weber and Company, Inc.
January 27, 2020 | CAUSE
Abstract
On February 23, 2020, our office attempted to e-file a tax return for a client, but the filing was rejected multiple times. We contacted the IRS to investigate the error. Subsequently, our office experienced another e-field tax return rejection. Suspecting a possible data breach, Weber and Company, Inc. had their IT consultants conduct a full scan and analysis of our systems. No positive breaches were detected.Woods & Woods LLC
January 15, 2020 | CAUSE
Abstract
Woods & Woods, LLC is a law firm located in Evansville, Indiana. This letter is to notify you of a recent incident involving your information. On February 1, 2020, Woods & Woods became aware that we were the victim of a ransomware attack, with the attackers claiming to have stolen some of our data and threatening to release the stolen data publicly.Westcor Land Title Insurance Company
January 10, 2020 | Malware
Abstract
On January 12, 2020, Westcor became aware of unusual activity on its network. Westcor conducted an immediate investigation and determined that the network was partially impacted by malware. Third-party forensic investigators were engaged to assist in the investigation to determine the nature and scope of the event, and identify what personal information may have been impacted by this event.Wichita State university
December 03, 2019 | CAUSE
Abstract
In December 2019, WSU learned of a security incident involving unauthorized access to a computer server that WSU used to operate various student and employee web portals. WSU immediately secured this server and engaged a leading computer forensic firm to investigate the incident to determine its scope and impact. The investigation determined that an unauthorized person gained access to this computer server between December 3, 2019 and December 5, 2019.Wurkforce, Inc.
November 22, 2019 | Email Compromise
Abstract
On February 11, 2020, Würk learned of unusual activity within its email environment. Upon discovering this activity, Würk immediately took steps to secure all Würk email accounts and launched an investigation. As part of that investigation, Würk engaged an independent digital forensics firm to determine what happened and whether any information was accessed or acquired without authorization as a result. As a result of this engagement, the digital forensics firm reported to Würk that the email accounts of certain Würk employees had been accessed without authorization between November 22, 2019 and February 12, 2020. Following a review of the contents of the relevant email accounts, Würk learned on July 2, 2020 that some of your personal information was contained therein which may have been accessed without authorization as a result of this incident. Würk then worked diligently to identify up-to-date address information in order to provide notification to potentially impacted individuals.Wells Fargo Bank, N.A. on behalf of KDW Automotive
November 06, 2019 | CAUSE
Abstract
On December 23rd, 2019, Wells Fargo learned that an email, which included a file with some of your personal information intended for your current 401K service provider, was mistakenly sent to another financial institution and one of our business customers on November 6, 2019. Upon discovering the error, the recipients notified Wells Fargo and confirmed deleting the information. We have no evidence that any of the information has been misused. Nevertheless, out of an abundance of caution, we want to make you aware of the incident.TBDWoodland Unified School District
November 4, 2019 | Third Party
Abstract
On April 27, 2020 Woodland was notified by Aeries Software, Inc. (“Aeries”), a third-party student data management vendor, of a potential data incident affecting Aeries’ school district clients. While Aeries indicated it found no evidence to suggest that any data was specifically accessed, that type of activity cannot be ruled out with certainty. Aeries also stated that local and federal law enforcement officials were notified of this incident. The notification prompted Woodland to immediately launch an investigation into the nature and scope of the event. The investigation determined that personal information residing in our Aeries Student Information System (“SIS”) was potentially subject to unauthorized access on or around November 4, 2019. While we are unaware of any actual or attempted misuse of this information, we undertook a comprehensive review of our Aeries SIS to confirm the type of information it contained and to whom it related. This review was completed on September 15, 2020 and we determined certain information relating to you resided in our Aeries SIS in November 2019 and thus was potentially subject to unauthorized access.Western Health Advantage
October 20, 2019 | Third Party
Abstract
On October 25, 2019, Western Health Advantage (WHA) was informed by our contracted vendor (Vendor) of a computer system error that resulted in WHA files being downloaded to another company’s server. The recipient company is a client of Vendor and a covered entity obligated under the Health Insurance Portability and Accountability Act (HIPAA) to protect the confidentiality of information. We do not have any evidence that your information was used or further disclosed.Web.com Group, Inc.
August 22, 2019 | CAUSE
Abstract
On October 16, 2019, [Web.com] OR [[Brand], a Web.com subsidiary], determined that a third-party gained unauthorized access to a limited number of our computer systems in late August 2019, and as a result, account information may have been accessed. No credit card data was compromised as a result of this incident.Wescom Central Credit Union
May 14, 2019 | CAUSE
Abstract
On May 14, 2019, an unauthorized party downloaded database backup files belonging to Geezeo, the provider for Wescom’s eBudget services. Wescom was notified by Geezeo of this incident on or about September 24, 2019.Wawa, Inc.
March 04, 2019 | CAUSE
Abstract
Based on our investigation to date, we understand that at different points in time after March 4, 2019, malware began running on in-store payment processing systems at potentially all Wawa locations. Although the dates may vary and some Wawa locations may not have been affected at all, this malware was present on most store systems by approximately April 22, 2019. Our information security team identified this malware on December 10, 2019, and by December 12, 2019, they had blocked and contained this malware. We also immediately initiated an investigation, notified law enforcement and payment card companies, and engaged a leading external forensics firm to support our response efforts. Because of the immediate steps we took after discovering this malware, we believe that as of December 12, 2019, this malware no longer poses a risk to customers using payment cards at Wawa.Wolverine Solutions Group
September 23, 2018 | CAUSE
Abstract
TBDBWestern Pathology
August 01, 2018 | CAUSE
Abstract
On May 15, 2019, we were notified that ACMA experienced a data security incident that involved the payment page on AMCA’s website and unauthorized access to an AMCA database containing information belonging to Western Pathology’s patients. AMCA is a vendor that assisted Western Pathology with the collection of unpaid accounts. The security of Western Pathology’s systems was not affected by this incident. Upon receiving notification about this incident, we immediately began an investigation to identify the affected individuals and the nature of affected information. We are utilizing cyber security experts to assist us in our investigation. Although we are unaware of the misuse of any of your personal information, out of an abundance of caution, we are notifying you about this incident and providing you information about steps you can take to protect your personal information.Welk Resort Group, Inc.
July 24, 2018 | CAUSE
Abstract
On or around August 2, 2018, Welk learned of unusual activity related to an employee email account. We immediately began an investigation to confirm the security of our network and to determine the nature and scope of this event. With the assistance of third-party forensic investigators, we learned that an unauthorized actor(s) was able to gain access the employee’s email account. Based upon available forensic evidence, it appears the email account was subject to unauthorized access between July 24, 2018 and August 2, 2018. While we have no evidence of actual or attempted misuse of personal information, the investigation revealed certain information related to you was present in the impacted email account at the time of the incident. Our investigation indicates only a small percentage of Welk’s Owners were potentially affected by the incident.September 29, 2017 | CAUSE
Abstract
On or around December 4, 2017, Welk learned of unusual activity in certain employee email accounts. We immediately began an investigation, to confirm the security of our network, and to determine the nature and scope of this event. With the assistance of third-party forensic investigators, we learned that unauthorized actor(s) were able to gain access to certain employee email accounts. Based upon available forensic evidence, it appears these email accounts were subject to unauthorized access between November 29 and December 4, 2017. While we have no evidence of actual or attempted misuse of personal information, the investigation revealed some personal information was present in the impacted email accounts at the time of the incident. Our investigation indicates only a small percentage of Welk’s Owners were potentially affected by the incident.October 05, 2016 | CAUSE
Abstract
On October 6, 2016, we learned that, late on October 5, a Welk team member’s home was burglarized, and the team member’s company laptop was stolen. Upon learning of the theft, we immediately launched an investigation to determine what information may have been involved in this incident. While our investigation is ongoing, we have determined that your information may have been stored on the stolen laptop. To date, we have no evidence to suggest that the data stored on the laptop has been accessed. Further, we have no evidence to date that there has been any attempted or actual misuse of data stored on the laptop. This incident has been reported to local police and, to our knowledge, there is an ongoing criminal investigation.Walker Advertising, LLC
January 29, 2018 | CAUSE
Abstract
Two senior Walker employees’ corporate e-mail accounts were hacked between approximately January 29, 2018 and February 22, 2018. At least one of the corporate e-mail accounts was used to send phishing e-mails to solicit individuals to respond with access credentials to Walker’s electronic information network. The employees who suffered the hacks reported the instances to Walker’s Information Technology (“IT”) Department. Upon learning of the hacks, the IT Department immediately isolated the affected e-mail accounts, stopped the phishing e-mails, and locked out the hacker. Walker reported the unlawful activity to the Federal Bureau of Investigation (“FBI”) and will cooperate in any law enforcement investigation.Worldwide Services Insurance Agency, LLC
October 11, 2017 | CAUSE
Abstract
Following the conclusion of our investigation of a suspected security incident, with the assistance of a leading computer forensic firm, we determined that an unauthorized party obtained credentials to two employees’ email accounts through a phishing email scheme. Our investigation determined that unauthorized access to those email accounts could have occurred between the dates of October 11, 2017 and October 13, 2017. As a result, the unauthorized party may have viewed or accessed emails in one employee’s email account that contained information provided to us in connection with your international health insurance plan.W.W. Grainger, Inc.
September 26, 2017 | CAUSE
Abstract
On April 10, 2018, Grainger was notified by [24]7.ai that [24]7.ai was involved in a cyber incident, which occurred from September 26, 2017 through October 12, 2017. During this time, credit card information of those conducting business with certain [24]7.ai clients, including Grainger, may have been accessed. Those customers who used guest check out and manually entered credit card information on Grainger.com or its app were potentially affected. TBDAugust 23, 2017 | CAUSE
Abstract
On August 23, 2017, Grainger learned that a team member’s laptop was stolen. On that same day, as soon as the theft was discovered, Grainger launched an investigation to determine the specifics and information involved. The team member’s network and all other IT credentials were immediately disabled, and the laptop was set to automatically wipe its contents completely and permanently the next time it connects to the internet.Abstract
We learned on October 27, 2015 that the information was inadvertently stored in a system file that was at potential risk of unauthorized access. The issue was immediately fixed, and we continue to work with outside experts to further strengthen our coding review protocols.WEI Mortgage LLC
September 13, 2017 | CAUSE
Abstract
On or around September 20, 2017, WEI Mortgage LLC (“WEI Mortgage”) received reports of unusual activity in an employee’s email account. We immediately began an investigation to confirm the security of our network and to determine the nature and scope of this event. With the assistance of third-party forensic investigators, we learned our company was the victim of an email phishing attack, resulting in unauthorized access to certain employee email accounts. Based upon available forensic evidence, it appears these email accounts were subject to unauthorized access between September 13 and September 28, 2017. While we have no evidence of actual or attempted misuse of personal information, the investigation revealed some personal information was present in the impacted email accounts at the time of the incident.Wells Fargo Advisors
July 06, 2017 | CAUSE
Abstract
We were recently notified that on July 6, 2017, a law firm representing Wells Fargo inadvertently provided some of our client information to another law firm in response to a legal subpoena. Although the data was provided securely to the law firm on an encrypted disk that was marked "confidential" your information should have been removed. We were informed the information was shared with two attorneys, their client, and his employer. We also understand that some limited information was shown to reporters from one newspaper, but they were not given copies of any Wells Fargo client information.Washington State University
April 21, 2017 | CAUSE
Abstract
On April 21, 2017, Washington State University learned that a locked safe containing a hard drive had been stolen. Immediately upon learning of the theft, we initiated an internal review and notified local law enforcement. On April 26, we confirmed that the stolen hard drive contained personal information from some survey participants and, as a result, we retained a leading computer forensics firm to assist in the investigation.Wiseburn Unified School District
April 04, 2017 | CAUSE
Abstract
Wiseburn Unified School District and Da Vinci Schools use a school data platform operated by Schoolzilla PBC Inc. DBA Schoolzilla Inc. (“Schoolzilla”) to manage and store information about our students, together with information about their performance on certain exams. In April, we received a Notice of Data Breach from Schoolzilla that described what happened as follows:Whole Foods Market Services, Inc.
March 10, 2017 | CAUSE
Abstract
Whole Foods Market (Nasdaq: WFM) has resolved the incident previously announced on September 28, 2017, involving unauthorized access of payment card information used at certain venues such as tap rooms and full table-service restaurants located within some stores.WildWater Express Carwash
February 10, 2017 | CAUSE
Abstract
WildWater Express Carwash was informed on March 27, 2017 that our point-of-sale system experienced an intrusion. Our point-of-sale system is operated by a third-party platform provider and this provider experienced the intrusion.Westlake Touchless Car Wash
February 06, 2017 | CAUSE
Abstract
Westlake Touchless Car Wash was informed on March 27, 2017 that our point-of-sale system experienced an intrusion last month. Our pointof-sale system is operated by a third-party platform provider and this provider experienced the intrusion.Wonderful Center for Health Innovation
December 12, 2016 | CAUSE
Abstract
On December 12, 2016, it was discovered that a laptop containing medical information from the Wonderful Center for Health Innovation was stolen between December 9, 2016 and December 12, 2016. We promptly reported the incident to law enforcement, and we continue to cooperate with the authorities. Unfortunately, the laptop has not yet been recovered.Woodside Hotels and Resorts
August 10, 2016 | CAUSE
Abstract
The Sabre SynXis Central Reservations system (CRS) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following a forensic investigation, Sabre notified us, by letter dated June 6th, that an unauthorized party gained access to their systems and was able to view some reservation information for a subset of hotel reservations that Sabre processed on behalf of Woodside. The investigation determined that the unauthorized party was able to access Sabre’s system between August 10th 2016 and March 9, 2017. Please note that no Woodside computer or network systems were affected in any way by this incident.Wheeler & Egger, CPAs, LLP
August 04, 2016 | CAUSE
Abstract
As reported to you in our communication of August 22, on August 15, 2016, we discovered a data security incident involving our firm and your personal information. Our tax software company reported to us that the IRS reported to them that your tax return had been e-filed. Knowing that we had not filed the return and conferring with both our software company and the IRS, it became evident that someone, other than you or us, had filed your return and a total of 44 other clients, on dates between August 3rd and August 9th, 2016.Western Union Financial Services, Inc., on behalf of itself and its applicable subsidiaries
July 01, 2016 | CAUSE
Abstract
We recently became aware that your information may have been accessed without authorization in July of this year in a computer intrusion against a vendor-supplied external system formerly used by Western Union for secure data storage. We promptly informed federal law enforcement and began work to notify individuals whose information may have been compromised.Watsonville Chiropractic, Inc.
May 01, 2016 | CAUSE
Abstract
On September 18, 2016, Luque was notified by its billing software company that its Amazon "S3" storage account was vulnerable because it was accessible to persons outside their organization, and that a security researcher accessed and downloaded information form the storage account.West Music Company
February 01, 2016 | CAUSE
Abstract
To process its payment card transactions on its websites (westmusic.com and percussionsource.com), West Music uses a digital commerce platform provided and maintained by a third party vendor named Aptos. On February 6, 2017, we learned from Aptos that it discovered unauthorized access into the portion of the Aptos system containing payment card information for various Aptos customers, including some West Music customers. Upon learning of the unauthorized access, Aptos contacted the FBI Cyber Division and the U.S. Department of Justice and engaged a cybersecurity firm to help contain and eliminate the issue. While investigating, law enforcement requested that Aptos defer disclosing and discussing the matter with potentially affected retailers (like West Music) and customers (you) until February 5, 2017 given the active investigation. The investigation determined that malware injected into the Aptos system may have allowed unauthorized access to certain customer and payment card information maintained by Aptos. The unauthorized access occurred between February 2016 and December 2016. Based on the investigation, Aptos informed us that payment card transactions that were made on www.westmusic.com and www. percussionsource.com were affected by the incident, including both historical card transactions and transactions made during the period of unauthorized access. This may have affected a transaction you made using a card ending in [last four numbers of card].Wencom LLC
January 13, 2016 | CAUSE
Abstract
Wendy’s recently reported additional malicious cyber activity involving some franchisee-operated restaurants. The Company believes this criminal cyberattack resulted from a service provider’s remote access credentials being compromised, allowing access – and the ability to deploy malware – to some franchisees’ POS systems. Soon after detecting the malware, Wendy’s identified a method of disabling it and thereafter has disabled the malware in all franchisee restaurants where it has been discovered. The investigation has confirmed that criminals used malware believed to have been effectively deployed on some Wendy’s franchisee systems starting in late fall 2015.Wendy’s of Fresno, Inc.
December 02, 2015 | CAUSE
Abstract
Wendy’s recently reported additional malicious cyber activity involving some franchisee-operated restaurants. The Company believes this criminal cyberattack resulted from a service provider’s remote access credentials being compromised, allowing access – and the ability to deploy malware – to some franchisees’ POS systems. Soon after detecting the malware, Wendy’s identified a method of disabling it and thereafter has disabled the malware in all franchisee restaurants where it has been discovered. The investigation has confirmed that criminals used malware believed to have been effectively deployed on some Wendy’s franchisee systems starting in late fall 2015.WP Technology Inc. d/b/a Wattpad
May 29, 2015 | CAUSE
Abstract
We need to inform you of an important matter concerning your Wattpad account. On Friday, May 29, we identified an attack against our system. While we were able to block the attack within hours of identification, following a review of the incident, it’s possible that some of your information may have been accessed.Watermark Retirement Communities, Inc.
June 13, 2014 | CAUSE
Abstract
The situation arose when a laptop containing employee information was recently stolen. On June 13, 2014, a thief broke into a locked vehicle and grabbed valuables, including the laptop.Weyerhaeuser Company
May 01, 2014 | CAUSE
Abstract
On March 17, 2015, Premera notified Weyerhaeuser and others that cyber-attackers had gained unauthorized access to Premera’s Information Technology (IT) systems since as early as May of 2014. Premera discovered the unauthorized access on January 29, 2015. Premera’s investigation determined that the attackers may have gained unauthorized access to information on Weyerhaeuser enrollees in Premera health plans, dating back to 2005. Premera says the information accessed may include name, date of birth, address, email address, telephone number, Social Security number, member identification number, and claims information, including clinical information.WestCoast Children’s Clinic
April 16, 2013 | CAUSE
Abstract
One copy of XX’s confidential psychological assessment report containing [patient’s] name; date of birth; current placement history; developmental and psychological treatment history; limited family history; educational history; current psychological concerns; testing data, interpretation, results, and treatment recommendations was incorrectly faxed to an unintended recipient on April 16, 2013. The error resulted from an incorrect fax number entered onto the fax cover sheet (the intended number ended in 0842, while the unintended number ended in 0843).November 20, 2012 | CAUSE
Abstract
A referral document containing your name, date of birth, Social Security Number, address, and your current health concerns was unintentionally sent by email to an unauthorized recipient, a county social worker, at the Alameda County Department of Social Services, Child and Family Services Unit.Western University of Health Sciences
November 14, 2012 | CAUSE
Abstract
On November 14, 2012, WesternU learned that BanWeb Self-Service Federal Work Study reports were potentially accessible to BanWeb users with a WesternU ID and password.Wilton Brands LLC
October 08, 2012 | CAUSE
Abstract
On or about January 8, 2013, one of Wilton’s service providers discovered that a malicious user modified the shopping cart functionality used on the www.wilton.com website.July 19, 2012 | CAUSE
Abstract
On or about October 31, 2012 a service provider of Wilton discovered that a malicious user had added a file to a computer server that hosts www.wilton.com and www.copco.com. During the period of July 19, 2012-October 2, 2012 this activity resulted in the malicious user being able to view some Wilton/Copco user information, including name, ...White and Bright Family Dental
Abstract
On January 30, 2018, a business computer server containing your protected health information was accessed by cyber criminals. We immediately notified the Fresno Police Department, so that identification and prosecution of those involved could begin. A police report has been prepared on this incident; the report number is 18300943.White Blossom Care Center
Abstract
On May 25, 2017, we received information that a former White Blossom employee may have improperly accessed resident data while employed at the facility. We immediately engaged an independent technical security expert to investigate this incident. We also contacted state and federal law enforcement and continue to work closely with them on their investigations.Washington Township Health Care District
Abstract
On October 8, 2015, the District learned that an unauthorized individual may have gained access to a computer associated with Washington Community Health Resource Library. This particular computer was used to maintain library identification cards. Upon learning this, we immediately initiated a comprehensive internal review to determine what information may have been accessed. We also retained an outside computer forensic firm to assist in our investigation. That investigation is now completeWe End Violence LLC
Abstract
? On August 24, 2015 we discovered a potential intrusion into our website server. We quickly moved to investigate this issue. In an abundance of caution, we took down the Agent of Change website on August 26, 2015. Third-party computer forensics experts were retained to assist with an investigation into the nature and scope of any intrusion. While the investigation is ongoing, it has been determined that there was unauthorized access to certain personal information relating to you, including your name, student ID number, email address (both the one provided by the school and any email provided by you upon registering), your Agent of Change username, your Agent of Change password, gender identity, race, ethnicity, age, relationship status, sexual identity and the name of your college or university.W.J. Bradley Mortgage Capital, LLC
Abstract
During late July and early August 2013, one of WJB’s former loan officers, Shelly Logemann (“Ms. Logemann”), in concert with another mortgage company, RPM Mortgage, Inc. (“RPM”) took files from WJB’s computer systems, including some of your personal data while she was still employed with WJB. Specifically, the following items were taken: credit reports, social security numbers, bank account information, tax information and other private information contained in loan applications.Windhaven Investment Management, Inc.
Abstract
Windhaven recently discovered evidence of an unauthorized intrusion on a web server maintained by a third-party vendor that we hired. The intruder may have been able to use this web server to access a database that contained your name, account number, custodian, and investment positions for your Windhaven account(s) only. Please note that the database did not include your Social Security number, date of birth or information about any other accounts. We learned of this intrusion in August 2013, although any potential access to your account information may have occurred months earlier. While we have not detected any specific indication that your information was accessed, we are informing you of this incident as a precautionary measure.World Travel Holdings
Abstract
On November 30, 2012, we learned that an unauthorized person gained access to the booking system by misusing the log-in credentials of an authorized user.X
X-Rite Incorporated
February 06, 2012 | CAUSE
Abstract
We are writing to notify you that a breach of security of your personal information may have occurred on as early as February 6, 2012.Y
Young, Molohan, Cohen & Durrett, LLP
May 26, 2020 | CAUSE
Abstract
On March 31, 2020, we discovered a broken window on YMCD property. The perpetrator threw a rock through a window to gain access to YMCD property, and subsequently stole a YMCD hard drive.Yuba City Unified School District
November 04, 2019 | CAUSE
Abstract
The District uses the Aeries Student Information System to provide students and their parents with online access to information regarding school events and schedules. In late November 2019, Aeries learned that an unauthorized individual attempted to exploit a vulnerability in the Aeries software that would allow access to student and parent information. Aeries later determined that the exploit was successful. Upon discovery, Aeries began an investigation and law enforcement launched an investigation to identify the person responsible, who Aeries believes is now in police custody. On May 6, 2020, we learned that this individual may have accessed the District’s Aeries System. Based on our own investigation of the information available, we cannot rule out the possibility that parent and student data in the District’s Aeries System was accessed.Yucaipa-Calimesa Joint Unified School District
November 04, 2019 | CAUSE
Abstract
El Distrito utiliza el Portal Aeries para Estudiantes/Padres para proporcionar a los estudiantes y a sus padres acceso en línea a información sobre eventos escolares, horarios de estudiantes y calificaciones. A fines de noviembre de 2019, Aeries se enteró de que una persona no autorizada explotó una vulnerabilidad en el software Aeries que permitiría el acceso a la información de los padres y estudiantes. Tras el descubrimiento, Aeries comenzó una investigación y la policía inició una investigación para identificar a la persona responsable, que Aeries cree que ahora está bajo custodia policial. El 4 de mayo de 2020, Aeries notificó al Distrito que esta persona pudo haber accedido al Portal Aeries para Estudiantes/Padres del Distrito.Yogurtland Franchising, Inc.
June 05, 2019 | CAUSE
Abstract
We recently discovered our iOS Yogurtland App was accessed by an unauthorized individual between June 5th and June 6th, 2019, potentially allowing access to our Real Rewards members' usernames (email address) and passwords.YRC Worldwide Inc.
July 24, 2018 | CAUSE
Abstract
On July 24th, YRC was alerted to a possible cybersecurity attack triggered by a phishing e-mail. The e-mail contained a link, which when clicked, allowed a perpetrator to establish a forwarding rule on a YRC Office 365 account. As soon as it detected this anomaly, YRC contacted law enforcement and was directed to delay notification of potentially affected individuals until its investigation was complete. YRC also immediately engaged a leading forensic investigation firm to look into the matter and undertook enhancements to its already robust IT system to block potential e-mail exploitation.YMCA of San Diego County
June 14, 2017 | CAUSE
Abstract
On or about June 14, 2017, the YMCA became aware that an Excel spreadsheet containing personal information of certain YMCA employees was inadvertently sent over email to certain YMCA employees. Upon learning of the event, the YMCA immediately launched an investigation to determine its nature and scope, including remediating the incident with the assistance of the YMCA IT department.Yuba Sutter Medical Clinic
August 03, 2016 | CAUSE
Abstract
On or about August 3, 2016, the Yuba-Sutter Medical Clinic's computer system came under a "ransomware attack" by hackers. Ransomware attacks are designed to deny access to certain portions of a computer system until a ransom is paid.YapStone, Inc.
July 15, 2014 | CAUSE
Abstract
YapStone, a provider of payment services is writing to inform you that certain personal information you provided on your VacationRent Payments application that was stored by YapStone may have been accessible by unauthorized persons via a YapStone URL between approximately July 15, 2014.Yandy.com
May 28, 2014 | CAUSE
Abstract
On August 18, 2014, Yandy.com discovered an unauthorized, external cyber-attack affecting its website. The unauthorized intrusion permitted access to customer's payment card data which was submitted during the checkout process.Yusen Logistics (Americas) Inc.
September 24, 2013 | CAUSE
Abstract
On the morning of September 24, 2013, we learned that a password-protected, unencrypted laptop computer issued to a YLA employee was stolen from the employee’s vehicle the night before. The incident was reported to the police and we immediately began a thorough investigation to determine the information that may have been stored on the laptop.Yolo Federal Credit Union
March 29, 2013 | CAUSE
Abstract
Yolo FCU has been notified by our monitoring center that a merchant was victimized by unauthorized access of their data files. This breach has resulted in quick moving fraudulent activity, and we have blocked cards as quickly as possible in an attempt to prevent fraudulent activity from posting to your account.October 27, 2012 | CAUSE
Abstract
Yolo Federal Credit Union identified your ATM/Visa debit card information as one that may have been compromised. Due to the high risk for fraudulent activity it was critical for the credit union to block and reissue your card as quickly as possible. YMarch 22, 2012 | CAUSE
Abstract
VISA was notified that Global Payments was victimized by unauthorized access of their data files. Global Payments is a third party payment processor that processes plastic card transactions. Your card was included and may be at risk.You Can Trade, Inc.
Abstract
On May 28, 2020 YCT discovered that certain personal data of YCT customers and prospective customers (“YCT Data”) was accessed by one or more unauthorized persons.Yahoo! Inc.
Abstract
A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from our systems in late 2014 by what we believe is a statesponsored actor. We are closely coordinating with law enforcement on this matter and working diligently to protect you.YP Holdings
Abstract
Anthem was the target of a very sophisticated external cyber attack. There attackers gained unauthorized access to Anthem's IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, ...Z
ZEG – Berlin Center for Epidemiology and Health Research GMBH
August 4, 2020 | Malicious Code
Abstract
On August 4, 2020, malicious code was found on certain servers. The threat was contained and expelled, and a thorough investigation promptly commenced. Through investigation, it became apparent that the intrusion had been active since early July 2020. On October 28, 2020, we determined that one of the impacted servers contained data from the Study mentioned above. While we have no indication that any data related to the Study were actually stolen, viewed, or misused, we are taking the precautionary step of notifying you.July 07, 2020 | CAUSE
Abstract
On August 4, 2020, malicious code was found on certain servers. The threat was contained and expelled, and a thorough investigation promptly commenced. Through investigation, it became apparent that the intrusion had been active since early July 2020.Zoosk, Inc.
January 12, 2020 | CAUSE
Abstract
While our investigation remains ongoing, we determined that an unauthorized third party gained access to Zoosk data stored in a database hosted by a third party on or around January 12, 2020. The database contained certain information you may have included in your online Zoosk profile. The majority of this profile information was maintained in the database in an unreadable format, however, your name, email address, date of birth, generalized demographical information, gender, and gender search preference may have been readable in the database. While not confirmed, passwords may also have been affected. The database did not contain financial or credit card data. Of course, as you know, we do not collect Social Security numbers, Social Insurance Numbers, driver’s licenses, passport numbers, or other taxation or government identity information, so none of these types of information are at issue.Zions Bancorporation, N.A.
June 01, 2019 | CAUSE
Abstract
We recently learned of unauthorized access to our computer network on or around June 1, 2019. As a result, we believe some personal information of some of our online banking customers may have been improperly viewed or acquired.ZOLL Services LLC
November 08, 2018 | CAUSE
Abstract
ZOLL’s email is archived by a third-party service provider to comply with record retention and maintenance requirements, policies, and procedures. Some of your personal information was included in the email communications stored by the third-party service provider.Zero Technologies, LLC
November 04, 2018 | CAUSE
Abstract
Zero Water (“Zero”) recently received a report of unusual card activity from its credit card processor. Upon receiving these reports, Zero worked with a third-party forensic investigator, and our website provider to identify the source of the activity and to confirm the security of our network. The investigation determined that a vulnerability existed on our website that would permit access to certain customer payment card information if the vulnerability was exploited. On or around May 24, 2019 we determined that there was evidence that the vulnerability was exploited and that there was unauthorized access to obfuscated payment card information used at www.zerowater.com.Zurich American Insurance Company
August 01, 2018 | CAUSE
Abstract
Zurich works with a vendor to collect the payment information required to process electronic claim-related payments. Recently, Zurich learned that falsified account information was submitted through the vendor system in order to gain unauthorized access to certain claim payments between August – December 2018. Because the Explanation of Benefits (EOB) related to your insurance claim was included with the claim payment, there was unauthorized access to your personal information.Zazzle Inc.
July 30, 2017 | CAUSE
Abstract
We take security extremely seriously at Zazzle and wanted to let you know that in July 2017, our Security Team detected a brute force data security attack. During this data breach, some unauthorized login attempts to Zazzle accounts were made, including one using your Zazzle username (email address) and password.August 22, 2016 | CAUSE
Abstract
We take security extremely seriously at Zazzle and wanted to let you know that on [INSERT DATE], our Security Team detected some unauthorized login attempts to Zazzle accounts, including one using your Zazzle username (email address) and password.Zymo Research Corporation
March 15, 2017 | CAUSE
Abstract
Unfortunately, on or about August 2, 2017, Zymo Research Corporation (“Zymo”) discovered that its external cloud e-commerce network may have been accessed by an unknown actor. The unauthorized access appears to have occurred on or about March 15, 2017. In particular, the unauthorized access occurred when an unknown actor placed code on Zymo’s system allowing for access to a database containing personal information about its customers.Ziprick & Cramer, LLP
January 25, 2015 | CAUSE
Abstract
Unfortunately, on or around January 25, 2015, our firm was the victim of a single cyberattack, by a relatively new variant of a Cryptolocker-type virus (which is a fairly sophisticated form of ransomware, which is apparently being used by criminals around the world). It infected one of our workstations (with the virus encrypting data on the workstation), and then traveled to the in-house server where data was also encrypted on shared folders (collectively, the “Computer”).Zest Dental Solutions
December 31, 2013 | CAUSE
Abstract
We began an ivestigation of our systems after reports from some customers receiving unusual emails containing Zest Dental purchase inofrmation. We engaged a computer security firm to examine our systems for any signs of an issue. On February 16, 2017, we learned that an unauthorized entity had compromised our e-commerce system, potentially affecting customer payment card information.Zocdoc, Inc.
June 15, 2011 | CAUSE