List of Data Breaches

Abstract

On January 9, 2019, as part of a regular audit process, Abbott provided its third-party auditor with a portable drive containing information about certain employee stock options and stock grants. On January 19, 2019, the auditor informed us that the drive was misplaced. We immediately began an investigation into the actions of the auditor and circumstances leading to the loss of the drive. Although we have no information suggesting that the drive was improperly accessed, it has not been recovered, and we are notifying individuals who had some of their personal information on the drive out of an abundance of caution.

December 01, 2014 | Network Compromise

Abstract

Anthem discovered on January 29, 2015 that it was the target of a cyber-attack that resulted in unauthorized access to its computer systems over the course of several weeks beginning in December 2014. The Abbott Laboratories Health Care Plan (the “Abbott Plan”) is administered by BCBSIL and not by Anthem. However, Anthem plays a role in processing Abbott Plan claims for Abbott Plan participants who receive health care services in states where Anthem operates (California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Ohio, Virginia and Wisconsin). Consequently, personal information about some Abbott employees and other Abbott Plan participants who received care in those Anthem locations was exposed as a result of the incident. We are sending this notice to you because we have been advised by BCBSIL that it will be contacting you shortly by letter.

AltaMed Health Services Corporation

January 09, 2019 | Malware

Abstract

On February 19, 2019, we discovered our information system had been infected with a virus that prohibited our access to our files. We immediately worked to restore our information system and launched an investigation, with the assistance of third-party forensics, to determine the nature and scope of the incident. As part of our ongoing investigation, we determined this virus was introduced by an unknown third-party that had access to certain servers on our information system which contain personal and protected health information relating to current and former Centrelake patients. After a review of available forensic evidence, we determined that suspicious activity began on our network on January 9, 2019, lasting until the virus infection on February 19, 2019.

May 21, 2018 | Network Compromise

Abstract

On December 31, 2018, SHDS informed AltaMed that it had experienced a data security incident involving the SHDS network which, according to SHDS, affected information belonging to certain AltaMed patients. In its letter to AltaMed, SHDS stated that it first detected abnormal activity within its network on June 22, 2018. Upon detecting this activity, SHDS launched an investigation and engaged a forensics firm to support its inquiry. SHDS ultimately determined that an unauthorized third-party gained access to SHDS’s network as early as May 21, 2018 and acquired files containing patient information. SHDS also notified the Federal Bureau of Investigation (“FBI”) about this incident and will cooperate fully with the FBI’s investigation.

Abstract

After we eradicated the initial infiltration into our system (as we previously informed you), our systems were attacked again by, we believe, the same hacker. This hacker is a sophisticated and persistent criminal with detailed knowledge of how to exploit online shopping cart systems. We discovered on June 10, 2015, that the hacker managed to circumvent the safeguards we had implemented after the initial attack. We worked into the night in response to this discovery, and on the same day, successfully eradicated the malicious software that caused the second attack.

July 10, 2018 | Unauthorized Access

Abstract

On July 10, 2018, we reveived an alert of unusual activity on our system. We immediately stopped all suspicious activity and launched an investigation with the support of outside forensics experts. On August 6, 2018, we confirmed that the activity was unauthorized, and that user data may have been obtained. While we cannot confirm that data was removed from our systems or that your information was affected, we wanted to let you know about this incident out of an abundance of caution.

July 05, 2018 | Third Party

Abstract

Expedia informed American Express of a potential intrusion on its Orbitz travel booking platform, which serves as the underlying booking engine for Amextravel.com and travel booked through Amex Travel Representatives. On July 23, Expedia provided us with a list of potentially impacted Amex travel customers. Expedia has told us that transactions made from July 5 through July 9 may be at risk. Expedia has also told us it has taken remediation steps to prevent further access to the Orbitz platform.

October 01, 2017 | Third Party

Abstract

On March 16, 2018, Orbitz alerted us that it was the victim of a cyber attack. The attack involved Orbitz customers and customers of their business partners, and occurred on a platform that serves as the underlying booking engine for Amextravel.com and travel booked through Amex Travel Representatives. Certain transactions made on the Orbitz platform from January 1, 2016 through December 22, 2017 may have been impacted. Orbitz has assured us that its platform has been remediated. To be clear, this was an attack on the Orbitz platform. It was not an attack on, and did not compromise, the platforms American Express uses to manage your American Express® Card accounts.

Aetrex Worldwide, Inc.

June 22, 2018 | Malware

Abstract

Aetrex recently was contacted by representatives of the credit card industry regarding potential fraud related to a small number of credit/debit cards that were used on our website. We immediately launched an internal investigation and hired third-party forensic investigators. We determined that an unauthorized third-party was able to insert a malicious code into our website to obtain customer payment card information entered into our website between June 22, 2018, and November 20, 2018, and during a few hours on December 4, 2018, possibly impacting our customers whose payment card information was used during these time periods. On or around December 17, 2018, we confirmed the identities of the individuals whose payment card information may have been impacted.

Aimbridge Hospitality Holdings, LLC

June 07, 2018 | Email Compromise

Abstract

On September 14, 2018, we became aware of unusual activity in an employee’s email account. We immediately launched an internal investigation into the unusual activity. With the assistance of computer forensics experts, we learned [Company] was the victim of an email phishing incident which resulted in unauthorized access to a number of employees’ email accounts between June 7, 2018 and September 24, 2018. After determining there was unauthorized access, we undertook a lengthy and labor-intensive process to identify the personal information contained within the affected email accounts. On November 28, 2018, our investigation confirmed the identity of the individuals whose personal information was affected. Based on available forensic evidence, an email containing your personal information was potentially subject to unauthorized access. Although we are unaware of any actual or attempted misuse of your personal information, we are notifying you in an abundance of caution because your information was present in the impacted email accounts.

On October, 2, 2015 the third-party provider, which manages our benefits open enrollment process, inadvertently sent a file containing personal information, which included your name, address and social security number, to another company that is also one of its clients. Immediately upon learning of this incident, Avis Budget Group’s Information Security and Human Resources teams fully and thoroughly investigated this incident, in close cooperation with our third-party provider and the company where the data was erroneously sent. We have no evidence or reason to believe that your personal information was misused or stolen. Our data security investigation confirmed that a file containing your data was briefly viewed by two individuals and promptly and properly deleted.

September 23, 2015 | Breach

Abstract

Protecting the security of our Card Members’ information is very important to us and we strive to let you know about security concerns as soon as possible. We have been informed that a data security incident occurred at a merchant where you used your Card. Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure.

April 23, 2015 | Third Party

Abstract

Protecting the security of our Card Members’ information is very important to us and we strive to let you know about security concerns as soon as possible. We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system. Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure

March 22, 2015 | Third Party

Abstract

Protecting the security of our Card Members’ information is very important to us and we strive to let you know about security concerns as soon as possible. A third party service provider engaged by numerous merchants experienced unauthorized access to its system. As a result, account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure. At this time, we have been informed that your name and address, along with your current or previously issued American Express Card account number, expiration date, and four-digit security code (printed on the front of your Card), may have been compromised. Please be aware that you may receive additional letters from us if more than one of your American Express Card accounts were involved.

February 01, 2015 | Third Party

Abstract

We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A company that provides payment processing services to numerous merchants has informed us that there has been unauthorized access to its processing system. As a result, account information of some of our Cardmembers, including some of your account information, may have been improperly accessed.

January 20, 2015 | Unauthorized Access

Abstract

We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. A merchant where you used your American Express Card detected unauthorized access to its data files.

December 30, 2014 | Unauthorized Access

Abstract

December 21, 2014 | Third Party

Abstract

December 01, 2014 | Unauthorized Access

Abstract

November 20, 2014 | Third Party

Abstract

November 02, 2014 | Third Party

Abstract

October 18, 2014 | Unauthorized Access

Abstract

August 07, 2014 | Unauthorized Access

Abstract

June 02, 2014 | Unauthorized Access

Abstract

May 19, 2014 | Unauthorized Access

Abstract

April 29, 2014 | Unauthorized Access

Abstract

April 14, 2014 | Unauthorized Access

Abstract

April 12, 2014 | Unauthorized Access

Abstract

December 07, 2013 | Unauthorized Access

Abstract

July 06, 2013 | Unauthorized Access

Abstract

June 13, 2013 | Unauthorized Access

Abstract

May 28, 2013 | Unauthorized Access

Abstract

April 09, 2013 | Unauthorized Access

Abstract

We are strongly committed to the security of our Cardmembers’ information and strive to let you know about security concerns as soon as possible. We were recently made aware that your American Express Card information was recovered during an investigation by law enforcement and/or American Express.

March 08, 2013 | Unauthorized Access

Abstract

February 10, 2013 | Unauthorized Access

Abstract

February 01, 2013 | Unauthorized Access

Abstract

January 17, 2013 | Unauthorized Access

Abstract

American Express is strongly committed to the security of all our Cardmembers’ information and wants to inform you that a merchant where you have used your American Express Card for payment detected unauthorized access to its data files.

January 15, 2013 | Third Party

Abstract

December 21, 2012 | Breach

Abstract

We recently learned of a security incident that may have resulted in the disclosure of the credit card information, names, and addresses associated with your account. As a reminder, we do not collect your social security number or date of birth. We take the security of your information very seriously, and sincerely apologize for any inconvenience this may cause you.

December 19, 2012 | Unauthorized Access

Abstract

November 01, 2012 | Unauthorized Access

Abstract

October 16, 2012 | Unauthorized Access

Abstract

On January 7, 2013. I learned of a data security incident that may have resulted in the disclosure of the credit card information names, and billing address associated with your online purchase. Shorty after the learning of the incident, we retained a forensic computer investigator, who determined that on or about October 16, 2012, and unauthorized third party gained access to our website and data system.

September 01, 2012 | Unauthorized Access

Abstract

August 03, 2012 | Unauthorized Access

Abstract

June 26, 2012 | Unauthorized Access

Abstract

American Express is strongly committed to the security of all our Cardmembers’ information. We have recently been made aware that your American Express Card information was recovered during the course of an investigation by law enforcement and/or American Express. At this time, we believe the affected data included your American Express Card account number, your name and the expiration date on your card. Importantly, your Social Security number is not impacted, and our systems do not show any indication of unauthorized activity on your Card account related to this incident.

June 13, 2012 | Unauthorized Access

Abstract

June 03, 2012 | Unauthorized Access

Abstract

May 21, 2012 | Unauthorized Access

Abstract

April 02, 2012 | Unauthorized Access

Abstract

April 01, 2012 | Unauthorized Access

Abstract

March 02, 2012 | Unauthorized Access

Abstract

February 02, 2012 | Unauthorized Access

Abstract

January 17, 2012 | Unauthorized Access

Abstract

November 06, 2011 | Unauthorized Access

Abstract

July 11, 2011 | Unauthorized Access

Abstract

April 06, 2011 | Unauthorized Access

Abstract

We are writing to notify you of a data security incident involving IHS Inc. On February 22, 2013, IHS discovered that some of our databases, including those containing personal information you provided as a customer of IHS Jane’s, were illegally accessed by unauthorized parties. Our investigation indicates that the unauthorized parties acquired the relevant data from the IHS Jane’s environment on or about November 22, 2012.

March 13, 2011 | Unauthorized Access

Abstract

February 15, 2011 | Unauthorized Access

Abstract

May 05, 2008 | Unauthorized Access

June 22, 2014 | Network Compromise

Abstract

BOISE, ID - August 14,2014 -- AB Acquisition LLC, which operates Albertsons stores under Albertson's LLC and ACME Markets, Jewel-Osco, and Shaw's and Star Markets under New Albertson's, Inc., recently learned of an unlawful intrusion to obtain credit and debit card payment information in some of its stores. The appropriate federal law enforcement authorities have been notified, and AB Acquisition is working closely with its third party IT services provider, SUPERVALU, to better understand the nature and scope of the incident. Third-party data forensics experts are supporting an ongoing investigation. AB Acquisition has not determined that any cardholder data was in fact stolen, and currently it has no evidence of any misuse of any such data.

March 14, 2013 | Server Compromise

Abstract

Abstract

Arcadia Health Services, Inc. d/b/a Arcadia Home Care & Staffing

| Third Party

Abstract

We are writing to you because of an incident at your employer, Arcadia Home Care a/k/a Arcadia Health Services, Inc. (“Arcadia”).
There has been a security breach of your employment records and personal information.
The security breach stems from the unauthorized access of your personal information by Mr. Charles E. Symes, II and his new business “Alegre.”
Mr. Symes had previously obtained access to your employment information under strict agreements and protocols that he had with Arcadia. Mr. Symes was an independent contractor for Arcadia.

ADP

| User Error

Abstract

ADP provides payroll-related services to your employer [name]. As part of providing these services, ADP produces payroll and income tax forms and other documents that include your personal information. Unfortunately, we discovered on April 29 that your name and Social Security number were contained in a tax filing record in an embedded format not visible using the Adobe program or other similar PDF reader that was accidentally disclosed to another employee of the company who was not authorized to receive it. We truly regret that this happened.

Altrec, Inc.

| Unauthorized Access

Abstract

While preparing 2019 tax returns, we discovered a potential data security incident that may have affected some of our client’s personal information. We immediately launched an investigation and worked with the IRS and our software provider to ascertain what had occurred. We also retained an independent digital cybersecurity firm to conduct a forensic investigation of B+Co’s network and computer systems.

September 24, 2019 | Phishing

Abstract

Baylor Genetics was the target of an email phishing campaign that resulted in a limited number of employees receiving a suspicious email containing a malicious link. These employees unfortunately fell victim to the phishing campaign, resulting in an unauthorized individual gaining access to those employees’ email accounts. Upon learning of the incident, Baylor Genetics disabled the impacted email accounts and required mandatory password resets to prevent further misuse. There is no evidence that the purpose of the phishing campaign was to obtain patient information and we have no evidence that any of your information was actually acquired or used by the unauthorized individual. However, out of an abundance of caution, we are providing notice and offering you credit monitoring services at no charge.

March 16, 2020 | Unauthorized Access

Abstract

September 04, 2019 | Service Compromise

Abstract

We recently discovered that a third party used email and password information acquired outside Bed Bath & Beyond and Buy Buy Baby to access a limited number of online accounts during the period of September 4 – 27, 2019.

May 15, 2017 | Website Compromise

Abstract

We detected recent suspicious website activity. Upon investigation, we discovered that some person or automated robot was attempting to log in to online Bed Bath & Beyond accounts by guessing commonly used passwords or by obtaining usernames and passwords from another source outside Bed Bath & Beyond. It may be that whoever made these attempts had obtained user names and passwords from another site relying on their knowledge that many people use the same password on multiple sites. It does appear that one of these efforts was succcessful in logging in to your Bed Bath & Beyond online account very recently with a password that was able to be guessed or obrained from some source likely outside of Bed Bath & Beyond. At this time, we have no reason to believe that there was any effort made to place any unauthorized orders on your Bed Bath & Beyond account, that credit card could not have been used without entering the security code from the card itself. That security code is not stored on our website and therefore would not have been available on our website, even if someone entered your username and password. Moreover, only the card type, expiration date, and lat four digits of the card number would have been visible, which means it could not have been used to make unauthorized purchases elsewhere.

BookShark LLC

August 26, 2019 | Malware

Abstract

On August 26, 2019, we learned from our third-party developer that maintains our website that it discovered and removed unauthorized code on our website, www.bookshark.com. Upon learning this, we immediately launched an investigation, and a leading cybersecurity firm was engaged to assist. On September 25, 2019, the investigation determined that the unauthorized code was designed to capture information entered during the login and checkout processes and may have been present from March 11, 2019 through August 26, 2019.

Bamboo HR LLC

February 11, 2019 | Service Compromise

Abstract

On February 13, 2019, BambooHR became aware of unauthorized access by an unidentified thirdparty to the TraxPayroll system. We determined that the unauthorized party was trying to change employee direct deposit information, which we quickly isolated and fixed. We also shut-down the means by which the unauthorized access occurred. It appears that the third party may have had access to the TraxPayroll system as early as February 5, 2019, but the attempted inappropriate actions took place between February 11-13, 2019. BambooHR then conducted a comprehensive review of all unauthorized activity and determined that a report was accessed that may have allowed the third party to view personal information of certain employees. It appears that the unauthorized party’s purpose in accessing the TraxPayroll system was to divert payroll deposits into its own accounts, not to collect personal information. While BambooHR is unable to determine whether your personal information was retained, it was contained in the report that was accessed. Out of an abundance of caution, BambooHR is notifying all individuals that may have been affected by this this unfortunate event.

Brighton Collectibles, LLC

January 28, 2019 | Website Compromise

Abstract

On March 7, 2019, we learned that an unauthorized individual may have gained access to the website we used to process credit card transactions between January 28, 2019 and February 15, 2019. When we first learned of this incident, we took immediate steps to secure the information. A thorough investigation was conducted by a forensic investigation firm to determine what happened, who was impacted and what information may have been affected. We wanted to let you know this occurred and to assure you we take it very seriously.

Bank of the West

December 03, 2018 | Skimming

Abstract

On January 20, 2019, the Bank’s security teams identified instances of unauthorized account withdrawal attempts concerning certain debit cards which had previously been used at our Campbell Branch ATM. We promptly contacted law enforcement and began taking steps to review our ATM network. Our review found that a device known as an “ATM skimming device” had been installed and removed from our Campbell Branch ATM. We believe the ATM skimming device was unlawfully installed on our ATM machine between December 3, 2018 and December 22, 2018.

March 02, 2018 | Third Party

Abstract

On March 2, 2018, we were notified of a security incident that occurred at one of our contracted service providers who furnishes Bank of the West with business data analysis services relating to our business banking customers. The service provider’s investigation determined that unauthorized third parties used compromised credentials to log into a limited number of their employee email accounts and may have accessed information associated with your business. On March 19, 2018, we received a copy of the data file that may have been illegally accessed. We immediately took action, however, the data file was not in an easily useable format and required significant analysis to identify potentially affected individuals and associated mailing addresses.

February 01, 2017 | Skimming

Abstract

On April 9, 2017, the Bank's security teams idnetified instances of unauthorized account withdrawals at the our ATMs in several Aouthern California cities. We immediately contacted law enforcement and began taking steps to review our ATM network. Our review found that devices known as "ATM skimming devices" had been installed and removed from seven of our ATMs in Southern California. We believe these ATM akimming devices were unlawfully installed on our machines at various points between February 1, 2017 and April 9, 2017.

October 03, 2016 | Email Compromise

Abstract

We value and respect the privacy of your information, which is why we are writing to advise you of a recent incident that may have involved certain of your personal information. On October 11, 2016, we learned that the email account of one of our employees had been compromised as part of an investigation we undertook after the email account was used to SPAM, or send an unsolicited email.

BraceAbility

September 24, 2016 | Website Compromise

Abstract

On October 28, 2016, BraceAbility, Inc. learned of a possible security incident involving its online ordering website. We immediately engaged independent IT forensic experts to assist with our investigation. While the investigation is still ongoing, it appears that your credit or debit card data may have been compromised if you made an online purchase between September 24, 2016 and November 28, 2016. The information potentially exposed includes your name, address, card number, verification code, and/or the card’s expiration date as well as information related to your online purchase.

BEYOND YOGA

August 01, 2016 | Breach

Abstract

We recently discovered that your personal information may have been exposed in July and August 2016 as a result of an incident currently under investigation.

Broadview Mortgage

July 28, 2016 | Unauthorized Access

Abstract

On July 28, 2016, we were advised by our third-party information technology provider that it had identified two unauthorized administrative accounts on a server in one of our branch offices. We immediately began an investigation and promptly disabled the unauthorized accounts.

Brian Goldman, MD A Medical Corporation

July 19, 2016 | Laptop Stolen

Abstract

On July 19, 2016 two laptop computers belonging to the medical offices of Dr. Brian HalevieGoldman were stolen. The laptops were password protected, secured in a carrying case and locked inside a vehicle when the theft occurred. It is not known whether the information contained on the laptops was or will be accessed by the thief. It is possible that the laptops themselves and not the information they contained were the target of the thief.

February 26, 2016 | Phishing

Abstract

On Friday, February 26, Billy casper Golf was the targeted victim of an e-mail spoofing attack. Through this attack, a request was made for all 2015 employee W2 information. Unfortunately, this information was provided before it was discovered that the request was made from a fraudulent account by an individual purporting to be our CEO. We discovered the fraudulent nature of this request on Saturday, February 27, 2016 and have been working tirelessly to investigate.

September 15, 2015 | Third Party

Abstract

In December of 2015, Blue Shield was notified by our vendor that data about you may have been accessed by an unauthorized user who gained access to the vendor’s data systems without permission. We believe that the unauthorized access happened between September and December of 2015 and was the result of log-in credentials for certain Blue Shield customer service representatives being misused. No data systems at Blue Shield were impacted. We take this issue seriously and regret the concern it may cause.

December 20, 2013 | Breach

Abstract

I am writing on behalf of Blue Shield California ("Blue Shield") to advise you of a recent incident that resulted in our disclosure of your Blue Shield ID number to one or more of your clients who may have attempted to pay for their Individual and Family Plan policy through our online payment system. The Agent ID number is your Tax Identification Number which, in your case, is your Social Security Number ("SSN"). We have no reason to believe that your personal information has been misused, but we apologize for this incident and regret the concern or inconvenience it may cause you.

January 02, 2012 | Third Party

Abstract

It has recently been brought to our attention that personal information about merchants who currently process with Bank of America Merchant Services (“BAMS”) had been shared outside of the company by our service provider, First Data Corporation (“First Data”). This information was provided to three firms in connection with First Data„s efforts to evaluate effective verification and anti-fraud services. BAMS believes there is little risk of harm to you, however, we sincerely regret this error, as the security of your information is one of our top priorities at BAMS.

October 16, 2020 | Unauthorized Access

Abstract

The Center for Autism and Related Disorders (“CARD”) recently discovered a data security incident that may have affected files containing limited sensitive information. There is no evidence that your personal information was accessed or misused in any way. However, because we are unable to determine with certainty what files may have been compromised, we are sending this advisory so you can take steps to minimize the possibility of misuse of your information.

| Breach

Abstract

California Physicians’ Services d/b/a Blue Shield of California

October 16, 2020 | Update Error

August 4, 2020 | Ransomware

Abstract

We identified a security incident involving ransomware on August 4, 2020. We immediately began to investigate, a cybersecurity firm was engaged, and measures were taken to address the incident and restore operations. We also notified law enforcement and worked to support the investigation. We determined that there was unauthorized activity on our network between July 20, 2020 and August 6, 2020. During that time, there was unauthorized access to files on our file servers.

California Dialysis Management Services, Inc.

August 3, 2020 | Unauthorized Access

Abstract

On August 3, 2020, the FBI notified us that it had arrested an individual who was in possession of some CDMS documents. We subsequently received a copy of the information and determined that the documents contained the personal information of some of our employees are currently cooperating with the law enforcement investigation and have hired a forensic firm to assist with our investigation into the matter. Although those investigations are ongoing, we wanted to notify you of the incident as soon as possible.

| Breach

Abstract

Capital Lumber Company

July 27, 2020 | Service Compromise

Abstract

On September 5, 2020, Capital experienced a data security incident that disrupted access to certain systems. Upon discovering this, we immediately took steps to secure our network and launched an investigation with the assistance of cybersecurity experts to determine what happened and whether sensitive information may have been accessed or acquired. The investigation revealed that personal information stored on certain systems and Capital email accounts may have been accessed or acquired between approximately July 27 and September 6, 2020. On November 13, 2020 following a thorough review, we identified your information as potentially involved. We then worked diligently to identity up-to-date address information to notify you.

Canon U.S.A., Inc.

July 20, 2020 | Ransomware

Abstract

California Western School of Law

July 16, 2020 | Ransomware

Abstract

Abstract

On March 9, 2014, an employee roster was discovered within an unsecure desk drawer of Facility E Visiting, Custody Podium. This roster, which included your full name and the last 6-digits of your Social Security number, was used during the week March 3, 2014 thru March 7, 2014 for TB testing.

February 18, 2020 | Third Party

Abstract

We were notified by PaperlessPay Corporation (“PaperlessPay”) in a letter dated March 20, 2020, that on February 19, 2020, they were contacted by the Department of Homeland Security (“DHS”) regarding a possible breach of their systems. PaperlessPay is a vendor hired by CMHS to house pay stubs and assist with W-2 forms. DHS notified PaperlessPay that there was an unknown person purporting to sell “access” to their client database on the dark web. In response, PaperlessPay shut down their web server and SQL server to prevent potential unauthorized access. During this time, CMHS and its employees experienced an interruption in service for a short amount of time while their servers were offline.

July 30, 2019 | Malware

Abstract

After receiving reports that fraudulent activity was detected on payment cards used legitimately on our website, Bakersfield immediately launched an investigation. Through our investigation, we determined that an unauthorized party had inserted unauthorized code into Bakersfield’s online payment system, Click2Gov, which is developed by a third-party vendor, CentralSquare Technologies (“CentralSquare”). The unauthorized code was designed to capture payment card data and other information entered on Bakersfield’s Click2Gov online payment system between the dates of July 30, 2019 and September 5, 2019. Upon learning of the unauthorized code, Bakersfield began working with CentralSquare to remove the unauthorized code from our website’s Click2Gov online payment system. Bakersfield has also updated its computer systems to protect against future insertion of the unauthorized code. We are notifying you because you made a payment on Bakersfield’s Click2Gov online payment system during this time period.

March 22, 2019 |

Abstract

TBD

January 27, 2017 | Insider Threat

Abstract

Capital One takes compliance with all states’ individual security breach laws seriously, and we periodically conduct testing of our performance against these requirements. It has come to our attention that we inadvertently neglected to notify your office of a recent security incident that involved personal information of our customers who are California residents. The details of the incident are included in the attached documents.

Abstract

On March 12, 2018, a CDPH contractor who performs health facilities inspections on behalf of the department’s vehicle was broken into and some documents and a laptop were stolen. The police were immediately notified and a report was taken and documented. Your personal and health information, which we obtained as part of health surveys/inspections, was stolen from the contractor’s vehicle.

August 20, 2013 | User Error

Abstract

On August 20, 2013, a contracted Madera County WIC employee mistakenly gave WIC paper records about you to another participant. Upon discovering the mistake, the participant immediately notified the Madera County WIC office and returned your records.

May 08, 2012 | User Error

Abstract

On or about May 7-8, 2012, after conducting a survey at the Bakersfield Memorial Hospital, an L&C employee mistakenly left the survey binder in an unattended vehicle. Later, the vehicle was broken into and the survey binder was stolen. As of today, the documents have not been recovered.

On April 3, 2015, during the execution of a search warrant served at the home of a Hawkins’ employee unrelated to County business, law enforcement discovered and seized items that contained confidential patient information of about 900 Hawkins’ patients, treated between 2011 and 2015. Law enforcement is assisting the County with their investigation.

City of Vallejo

May 09, 2016 | Accident

Abstract

Your Social Security number was accidentally disclosed on May 9, 2016. The City takes the security of your personal information very seriously, and I apologize for any inconvenience this incident may cause. Please know that we are taking actions to ensure a similar disclosure does not happen in the future.

CDCR - California Health Care Facility

May 02, 2016 | User Error

Abstract

We are writing to you because of a security incident that occurred on May 2, 2016 at the California Health Care Facility. An employee inadvertently e-mailed a document containing your personal information to the wrong person.

Community Family Care Medical Group IPA, Inc

February 29, 2016 | Third Party

Abstract

CFC has recently become aware that one or more of our contracted Provider’s, possibly including your primary care provider Roy Medical Group (Dr.s Ahdoot, Amor-Roy, Antonio, Kankar, Faustina, Shamsa, Sirajullah, Uy and Wilson), may have provided a limited amount of CFC member information to individuals working for or on behalf of the Heritage Provider Network or one of its affiliates, including Regal Medical Group, Lakeside Medical Organization, and Sierra Medical Group. If the information was provided it was without the knowledge or authorization of CFC, and in violation of our rules and contracts concerning the disclosure or use of CFC member information. Though we only recently learned of it, we suspect that the incident may have occurred sometime in July 2016.

California Correctional Health Care Services

February 25, 2016 | Laptop Stolen

Abstract

On April 25, 2016 California Correctional Health Care Services (CCHCS) identified a potential breach of your Personally Identifiable Information and Protected Health Information that occurred on February 25, 2016. An unencrypted laptop was stolen from a CCHCS workforce member’s personal vehicle. The laptop was password protected in accordance with state protocol.

June 19, 2013 | Files Lost

Abstract

On June 19, 2013, dental records were reported missing from a California Correctional Health Care Services (CCHCS) staff member’s possession while off the premises of a correctional institution. The missing documents contained information such as patient name, CDCR number, date of birth, and dental treatment plan. It is possible that your dental record may have been included in the missing documents. CCHCS has conducted an investigation of this incident and is taking steps to locate the missing documents.

| Third Party

Abstract

Specifically, Global Payments informed Comerica in June that their ongoing investigation revealed potential unauthorized access to its servers that contain merchant application data. Global Payments recently provided Comerica with the details regarding the individuals potentially affected. As part of our Merchant Card services, you provided personal information on your merchant application submitted both to Comerica Bank and Global Payments. The merchant application was provided by you so Global Payments could engage in credit underwriting for Comerica Bank and Global Payments. The personal information on your merchant application may have included your name, social security number and the business bank account number(s) designated for the deposit of merchant processing proceeds.

| Files Lost

Abstract

We are writing to inform you of a security incident involving your personal information relating to the In Home Supportive Services program (IHSS). A package containing your personal information was in transit between the Hewlett Packard (HP) processing center and the State Compensation Insurance Fund (SCIF). On May 1, 2012, the package arrived, was noted as damaged, and some of the contents were determined missing. The State is continuing to work with HP and the SCIF to recover the information, but, to date, it has not been recovered.

California Department of Justice / CATCH

| Email Compromise

Abstract

In November 2011, hackers affiliated with the group Anonymous accessed and released private email accounts belonging to a retired agent for the Department of Justice who was a member of the Computer and Technology Crime High-Tech Response Team (CATCH). CATCH is a multi-agency task force that was formed to apprehend and prosecute criminals who use technology to prey on the citizens of San Diego, Imperial Valley, and Riverside Counties. Some of emails that the hackers released included data that contained your personal information including, but not limited to, your name, address, date of birth, and Social Security number (SSN).

Choice Hotels International

| User Error

Abstract

We are contacting you to inform you of a data incident experienced by a third-party vendor for Cathedral Catholic High School (“CCHS, school”) that involved your personal information. To provide peace of mind, the vendor is offering free credit monitoring and fraud assistance services.

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems.

July 16, 2017 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems.

April 27, 2017 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems.

September 04, 2016 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems.

August 10, 2016 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

June 04, 2016 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

June 02, 2016 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

June 01, 2016 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

February 26, 2016 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

January 31, 2016 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

January 02, 2016 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

November 29, 2015 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

November 24, 2015 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

October 27, 2015 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

August 02, 2015 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems.

July 31, 2015 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

June 21, 2015 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

May 01, 2015 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

March 08, 2015 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

March 02, 2015 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

December 06, 2014 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

November 18, 2014 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

November 02, 2014 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

October 22, 2014 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

September 11, 2014 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

July 01, 2014 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

June 19, 2014 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

May 04, 2014 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

April 10, 2014 | Breach

Abstract

We have been advised that your Discover card account information may have been compromised. This incident did not involve any Discover card systems, and there is no evidence that an unauthorized individual is using this account numner.

February 19, 2014 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems.

January 01, 2014 | Breach

Abstract

We recently learned your Discover card account might have been part of a data breach. Please know, this breach did not involve Discover card systems

December 02, 2015 | Malware

Abstract

Dependable Foods

December 02, 2015 | Malware

Abstract

Dungarees, LLC

October 15, 2015 | Website Compromise

Abstract

On November 20, 2015, we first became aware of a possible breach when we discovered that our website had been manipulated by hackers. After this discovery, we took immediate action to secure our website, and we engaged a forensic IT firm to assist us in determining how this occurred.

March 26, 2015 | Website Compromise

Abstract

On May 15, 2015, we first became aware of a possible breach when we discovered that our website had been manipulated by hackers. After this discovery, we took immediate action to secure our website and we engaged a forensic IT firm to assist us in determining how this occurred. The forensic IT firm discovered that the hackers made additional manipulations to our website that were not apparent on May 15th.

Dominican Hospital

July 16, 2015 | User Error

Abstract

Dominican Hospital regularly meets with community providers and health plans for assistance in the coordination of care for patients that have relationship with both the provider and the hospital. On July 28, 2016, we discovered that a Microsoft Excel workbook was transmitted using our secured (encrypted) email system to a local health plan containing an excessive number of patients, some of whom may not be covered by or associated with the health plan.

Digital Theatre, LLC

April 19, 2015 | Malware

Abstract

Although our independent forensic investigation is ongoing, at this time, we believe that between late April 2015 and late September 2015 unauthorized individuals installed malicious software on a computer server hosting the Website. According to our records, you made a payment card purchase on the Website during that timeframe and your information may be at risk. While Digital Theatre does not store credit card information, we believe the malware could have compromised the personal information (name, address, payment card account number, card expiration date, and payment card security code) of customers that made credit card purchases through the Website.

DutchWear

November 07, 2014 | Website Compromise

Abstract

On Saturday, December 6th, 2014, we received information that raised suspicion of an unauthorized breach of our website that was exposing the payment information for some customers of DutchWear. In order to best protect our customers, we immediately took down our e-commerce site shop.dutchbros.com and conducted an extensive investigation of our computer systems.

July 16, 2014 | User Error

Abstract

We are writing to inform you of a security incident involving your personal information. On July 17, 2014, the California Department of Social Services (CDSS) was informed of the unauthorized release of documentation that may have included your personal information. Confidential documents were accidentally discarded and removed from the office for disposal prior to shredding. The documents may have contained your name, mailing address, date of birth and Social Security number. The incident was immediately investigated and determined to be accidental in nature; however, the documents could not be retrieved. These documents were associated with children's residential and senior care facilities in various counties of California.

As you have likely heard, Home Depot reported unauthorized access to payment card data from their US and Canadian stores between April 11 and September 7, 2014. This data breach includes customer names, debit card numbers, account address, and card expiration dates. East West Bank takes the protection of your account information seriously, and as a result of this information, we have reviewed your account activity and have determined that your debit card was used at a Home Depot store during this time period.

November 01, 2020 | Website Compromise

Abstract

On May 29, 2020, Ferris was alerted by Visa Inc. (“VISA”) that Night Owl’s retail website - https://nightowlsp.com/ - was the last Common Point of Purchase (“CPP”) for credit cards legitimately used to purchase products from Night Owl which were later used to make fraudulent purchases using VISA payment cards.

June 5, 2020 | Website Compromise

Abstract

FRIEDMAN & COMPANY CPA

September 21, 2020 | System Compromise

Abstract

On september 20, 2020, we discovered a data security incident involving our firm and some of our clients whose 2019 tax returns were on Extension. After thorough investigation, we have discovered that the perpetrator(s) hacked into our system, and between september 24 and september 28, 2020, fraudulently filed approximately 30 client tax returns. We know whose returns were filed fraudulently and will contact you personally to discuss. if you do not hear from us your return was not affected. But the information contained in your tax return could be compromised.

September 1, 2020 | Unauthorized Access

Abstract

On September 29, 2020, we discovered a data security incident involving our firm and some of our clients whose 2019 tax returns were on Extension. After thorough investigation, we have discovered that the perpetrator(s) hacked into our system, and between September 24 and September 28, 2020, fraudulently filed approximately 30 client tax returns. We know whose returns were filed fraudulently and will contact you personally do discuss. If you do not hear from us your return was not affected. But the information contained in your tax return could be compromised.

Federal Home Loan Mortgage Corporation

July 7, 2020 | Ransomware

Abstract

February 7, 2020 | Ransomware

Abstract

Blackbaud is a cloud-based software company that provides services to thousands of schools, hospitals, and other nonprofits. On July 16, 2020, Blackbaud notified us that it had discovered a ransomware attack on Blackbaud’s network in May 2020. Blackbaud reported that it conducted an investigation, determined that backup files containing information from its clients had been taken from its network, and an attempt was made to encrypt files to convince Blackbaud to pay a ransom. Blackbaud paid a ransom and obtained confirmation that the files that had been removed had been destroyed. The time period of unauthorized access was between February 7, 2020 to May 20, 2020. Blackbaud reported that it has been working with law enforcement.

February 15, 2018 | Email Compromise

Abstract

Forever 21 was recently notified by our insurance broker, Willis Towers Watson (“WTW”), that an unauthorized third-party obtained access to two of WTW’s employees’ email accounts between February 15, 2018 and March 23, 2018. Upon learning this, we immediately launched an investigation and began working with WTW to conduct a comprehensive review of the contents of the email accounts. The investigation determined that WTW’s affected employee email accounts contained summary documents relating to some Forever 21 insurance claims.

August 14, 2017 | Website Compromise

Abstract

On November 2, 2017, FastHealth received a report from law enforcement indicating that an unauthorized third party may have accessed or acquired certain information from FastHealth databases. We immediately began an investigation and hired a leading computer security firm to assist with the investigation. The investigation determined that, in mid-August 2017, an unauthorized third party was able to access FastHealth’s web server and may have been able to acquire information from certain databases.

January 14, 2016 | Website Compromise

Abstract

On December 21, 2016, FastHealth discovered suspicious code on a server. Upon learning of this, we immediately began an investigation and hired a leading computer security firm to assist. On January 24, 2017, the computer security firm determined that an unauthorized third party altered code on FastHealth's web server that was to capture certain information as it was being entered on FastHealth's Online patient questionnaires from January 14, 206, to December 20, 2016.

FRANKLIN R. NOTO, CPA

July 27, 2017 | Device Lost

Abstract

On July 27, 2017, a burglar broke into our locked office. Upon discovery that same day, an employee immediately called the police and had the window replaced. The burglar stole various items, including password-protected devices. We immediately began an investigation into the matter, worked with law enforcement, and have hired forensic IT specialists.

Funding Circle

June 01, 2017 | Email Compromise

Abstract

On March 3, 2018, a data vendor notified Funding Circle of a security incident whereby unauthorized third parties accessed the email accounts hosted in Microsoft Office 365 of a limited number of the data vendor’s employees. Based on information provided by law enforcement, the data vendor identified the malicious activity in November 2017, and determined that Funding Circle data was included in one of the impacted email accounts on February 20, 2018.

Funding Circle USA, Inc.

April 27, 2017 | Vulnerability

Abstract

On April 27, 207, a professional security researcher discovered a vulnerability in one of our databases that included some information about our U.S. customers, and notified us shortly after. We immediately determined the cause and implemented a fix. Importantly, we are confident that no customer information was accessed or acquired by any third-party other than the professional security researcher, with whom we worked to identify this issue.

Freedom Smokes, Inc.

March 07, 2017 | Website Compromise

Abstract

Although the incident is still under investigation, it appears that between approximately March 7, 2017 and April 25, 2017, an unauthorized individual was able to obtain access to portions of our website and insert malicious code that was designed to capture payment information provided in connection with a purchase.

Abstract

Specifically, on August 2, 2012, certain data were discarded in a way that did not adhere to our strict data disposal requirements. This data included client names, account types and numbers and tax payer identification/social security numbers. While we do not have any indication that your data, or any data, have been compromised in any way, we want to make you aware of this so that we can take steps together to ensure continued protection of your account(s). We have also enhanced our controls regarding the protection of client data.

January 21, 2012 | Breach

Abstract

Global Payment's electronic security was breached during the period between January 21, 2012 and February 25, 2012. As a result of this breach, your name and debit card number and your encrypted personal identification number (PIN number) were acquired by unauthorized persons.

Fusion Management Services, LLC

| Server Compromise

Abstract

On or about March 27, 2020, Fusion Management Services, LLC and each other U.S. subsidiary of Fusion Connect, Inc. (collectively, “Fusion”) discovered that an unauthorized third party gained access to certain Fusion servers and systems

Foxit Software

| System Compromise

Abstract

Foxit has detected that unauthorized access to some of its data systems has taken place, including access to its “My Account” user account data. This means, that data you have entered on our website when signing up for our services has likely been accessed by hackers.

Fresno Unified School District

| Unauthorized Access

Abstract

On July 5, 2017, Fresno Unified contacted the Gilroy Police Department to confirm the arrest of three individuals in Gilroy, California, who were in possession of unauthorized personal information of Fresno Unified employees. On July 6, 2017, it was confirmed that the personal information obtained included that of 53 employees, retirees and their dependents and the information obtained was a few years old. On July 10, 2017, the Clovis Police Department arrested a separate individual in Clovis, California, who was in possession of unauthorized personal information related to Fresno Unified employees, retirees and their dependents.

Abstract

On November 4, 2019, Good Sam became aware of a potential compromise to several of its email accounts as a result of a targeted email phishing campaign that occurred over several days. During the course of this phishing campaign, Good Sam employees began receiving fraudulent emails that appeared to be from a known contact. These fraudulent emails contained a link to a malicious website that was designed to steal email account credentials. Upon discovery, Good Sam swiftly blocked access to the malicious website. Additionally, Good Sam immediately took steps to secure the affected accounts, which included resetting the passwords required to access the affected employee email accounts and implementing additional email and network security measures. Further, Good Sam promptly began investigating the incident with the support of a third-party expert forensics firm. Following progress by experts in their thorough investigation, it was ultimately determined that several employee email accounts experienced unauthorized access between October 28, 2019 and November 8, 2019 as a result of the above-referenced phishing campaign.

April 07, 2018 | Breach

Abstract

On April 24, 2018, we discovered your payment card information and personal identification number (PIN) may have been compromised during its usage at an ATM machine at a Golden 1 branch in Roseville. Once discovered, our Security team responded appropriately, safeguarding your accounts as further highlighted in this letter.

August 04, 2017 | Skimming

Abstract

On August 4, 2017, we discovered that three illegal skimmer devices had been installed on ATM machines at Golden 1 branch locations in Sacramento, El Dorado, and Placer Counties. After immediately initiating an investigation, we determined that the hidden cameras used to capture PIN numbers had also been installed on these ATMs.

December 07, 2015 | Third Party

Abstract

We recently became aware of an incident in which HSBC’s mortgage servicing provider sent encrypted and password protected disks, which inadvertently included some of your personal information, to an unauthorized commercial third party (a firm that performs financial analytics). The information was sent between December 7, 2015 and December 8, 2015. Upon review of some of the data, the third party realized the disks included more information than requested and returned all the disks to the mortgage servicing provider. While the third party has attested that HSBC customer data was not loaded, accessed, or viewed by their personnel, HSBC is notifying you out of an abundance of caution. The security of your information is very important to us and HSBC takes this matter very seriously. HSBC has received assurance from our mortgage servicing provider that they have made changes to their processes to avoid future incidents.

May 18, 2018 | Breach

Abstract

On August 14, 2019, Hunt Memorial Hospital District (“HMHD”) determined that your personal information may have been compromised in a cyber attack against Hunt Regional Medical Center (“Hunt”). We initially learned on May 14, 2019, that the information of a small number of our patients was compromised in the targeted cyber attack dating back to May of 2018. During the attack, hackers gained access to patient personal information in what we believed at the time to be a limited area of our network. Our investigation up to that point indicated only a subset of our patients, which did not include you, were affected by this incident. We engaged independent cyber forensics experts to analyze our systems and investigate the full impact of the unauthorized access. During this investigation, we determined that your information also was accessible. Out of an abundance of caution we are notifying all patients whose information may have been impacted. We deeply regret that this has occurred and apologize for any inconvenience or concern caused by this incident.

March 18, 2017 | Unauthorized Access

Abstract

We understand the importance of protecting customer information and securing our systems, and we regret to inform you that we self-discovered signs of and resolved unauthorized access to payment card information from cards manually entered or swiped at the front desk of certain Hyatt-managed locations between March 18, 2017 and July 2, 2017.

Abstract

Aptos, our former digital commerce solution provider, recently advised us that its systems had been compromised, and that unidentified persons had gained access to customer data for forty of Aptos’ online retailer customers, including Incipio. Aptos reports that the unauthorized access to its systems occurred from approximately February 26, 2016, through approximately December 5, 2016. Notice to us was delayed because of a law enforcement investigation.

| Insider Threat

Abstract

The purpose of this letter is to notify you that your personally identifiable information (PII) was recently found in a little-known location on a public web server along with data for a group of employees of the failed IndyMac Bank, F.S.B. (in receivership since July 11, 2008), and its subsidiary, IndyMac Resources, Inc.

J

Joslin Diabetes Center, Inc.

May 14, 2020 | Ransomware

Abstract

Blackbaud reported that, in May 2020, two months before notifying Joslin, it discovered a ransomware incident that resulted in encryption of certain Blackbaud systems. Blackbaud reported the incident to law enforcement and worked with forensic investigators to determine the nature and scope of the incident. Blackbaud notified its customers, including Joslin, that a cybercriminal may have accessed or acquired certain Blackbaud customer data. Blackbaud reported that the data was potentially exported by the threat actor before Blackbaud locked the cybercriminal out of its environment on May 20, 2020. According to Blackbaud the data was destroyed and they do not believe that any data was or will be misused, disseminated or otherwise be made publicly available. Blackbaud further stated that this belief has been corroborated by outside experts and law enforcement.

JPMorgan Chase Bank, N.A.

April 06, 2020 | Insider Threat

Abstract

We recently learned that between April and November 2020 a call center employee may have allowed an unauthorized third party to overhear their call with you about your Chase account. The employee may also have shown the third party their screen.

June 28, 2018 | Insider Threat

Abstract

On or around June 28, 2018, a Chase employee improperly downloaded customer information, including yours, to a personal computer and two online data storage sites, where third parties could have seen it for about three weeks. The employee was authorized to access and download the information, but should have only used company-approved computers and sites

| Database Compromise

August 12, 2019 | Email Compromise

Abstract

On August 19, 2019, we learned that a Kaiser Permanente provider’s email account containing your protected health information was compromised by an unknown individual for approximately thirteen hours on August 12, 2019. We do not have any evidence that your information was viewed, used or copied. However, because Kaiser Permanente takes the protection of our member data very seriously, we are obliged to notify you of this matter.

November 02, 2017 | Email Compromise

Abstract

On November 13, 2017, we learned that a Kaiser Permanente email system containing your protected health information was compromised.

October 09, 2017 | Unauthorized Access

Abstract

On or about October 9, 2017, a letter containing your protected health information was inadvertently mailed to another Kaiser Permanente member.

May 16, 2013 | User Error

Abstract

An electronic file with information pertaining to a pilot Wellness Screening competition at the East End Complex was accidentally emailed by a Kaiser Permanente employee to a member of the pilot planning team on May 16, 2013. Please note that the recipient of the file does not work for, or represent, your employer. While the recipient was intended and authorized to receive the summary competition information, some of your personal information related to the competition was accidentally included in another location within the same file.

Kimberly-Clark Corporation

October 18, 2017 | Website Compromise

Abstract

Loungefly appears to have experienced an incident in which unauthorized code was placed on the portion of our computer network that processes payment card transactions for the Loungefly online store at www.loungefly.com. In response, we took immediate steps to secure the affected part of our network, including removing the unauthorized code. Following the discovery of the code, an investigation also was commenced to understand the nature and scope of the incident. The investigation concluded on April 3, 2019. At this time, we believe that we will not ever be able to confirm that any payment card information was in fact acquired by an unauthorized individual as a result of the incident. However, we also cannot rule out the possibility that data associated with less than 3,600 payment cards used in transactions between September 19 and December 17, 2018 may have been affected. We have reported the matter to law enforcement, but this notice has not been delayed because of law enforcement investigation.

September 25, 2016 | Breach

Abstract

LASOC developed the I-CAN! web application, which was previously used by individuals, as part of the IRS’s Free File Program, to prepare and file tax forms at no cost to the filer. On October 31, 2016, LASOC became aware that certain completed tax forms from the 2007 and 2008 tax years had become temporarily accessible to the general public through a directed search on certain internet search engines. However, LASOC is unaware of any attempted or actual misuse of personal data contained within the tax forms that were temporarily accessible on the internet as a result of this incident.

January 22, 2014 | Programming Error

Abstract

We are sending you this letter to inform you of an information processing error that may have involved accidental disclosure of your information. On January 24, 2014, we became aware that some L.A. Care Covered members who logged onto our payment portal were able to see another member’s name, address and member identification number.

December 27, 2011 | Phishing

Abstract

On July 2, 2014, Lasko Group, Inc. became aware of the fact that certain customers who made recent on-line parts purchases from Lasko Products, Inc ("Lasko") and Air King America, Inc. ("Air King") were the targets of fraudulent "phishing" emails from an unknown third party purporting to relate to these orders.

July 02, 2020 | Phishing

Abstract

On [b2b_text_2 (Date of Discovery)], 2020, MEDNAX discovered that an unauthorized third party gained access to a Microsoft Office 365-hosted MEDNAX business email account through phishing. “Phishing” occurs when an email is sent that looks like it is from a trustworthy source, but it is not. The phishing email prompts the recipient to share or give access to certain information. Upon discovery of this event, MEDNAX immediately took action to prevent any further unauthorized activity, began an investigation, and engaged a national forensic firm.

November 04, 2019 | Vulnerability

Abstract

MDUSD uses the Aeries Student information system to provide students and their parents access to information on school events, schedules, etc. Aeries learned in late November of 2019 that an unauthorized individual exploited a vulnerability in the Aeries software that would allow access to private student and parent information. Once discovered, Aeires notified law enforcement and together launched an investigation. As of today, the indiviual resposible ofr this breach is in custody.

August 08, 2018 | User Error

Abstract

On Wednesday, August 8, 2018, Walnut Acres Elementary School intended to send out emails to 650 families. About 200 had been delivered when we realized that the emails included personal information about students other than those of the respective individual families.

April 26, 2019 | Programming Error

Abstract

The email address and date of birth (when present) of the user who wrote the latest annotation for any given MusicBrainz entity were available between 2019-04-26 and 2020-11-22 on a JSON block in the source of the entity page (e.g. [1]) We have investigated our database to determine which users were affected. You were one of those, and your email address and date of birth, if you entered it, were temporarily available on our web page. The data was never displayed on the page in a human visible way -- it was embedded in the web page source as JSON. The page source can be viewed with “view source” on your web browser.

August 17, 2017 | Account Compromise

Abstract

On August 20, 2017, MassMutual’s fraud prevention team identified potential fraudulent telephone activity directed toward MassMutual call centers. Upon conducting an investigation into that the activity identified, it was determined that beginning on August 17, 2017 an unknown perpetrator contacted MassMutual call centers purporting to be two separate MassMutual insurance agents. The perpetrator requested assistance in resetting those two agents’ system access credentials (e.g., user name, password, multi-factor authentication). The perpetrator had readily available nonpublic personal information associated with these two agents and, through social engineering tactics, was able to provide such information to the call center personnel to successfully authenticate as the respective agents resulting in the access credentials being reset. MassMutual identified that this individual then used the credentials to access MassMutual business systems that included nonpublic personally identifiable information associated with each agents’ clients.

December 03, 2013 | User Error

Abstract

On December 3, 2013, a MassMutual retirement services account manager sent a secure email to an individual at a MassMutual retirement services client. However, the account manager inadvertently included information about you and your retirement plan in that message to the other MassMutual client. The individual who received the information in error was contacted by MassMutual and confirmed to MassMutual both verbally and in writing that the email and the information received in error was deleted.

September 13, 2013 | Files Lost

Abstract

On or about September 6, 2013, CRL sent an invoice via United States Postal Service (USPS) mail to MassMutual for services performed relating to your recent insurance application with MassMutual. Upon arrival at MassMutual on September 17, 2013, it was noted that the package was damaged and was accompanied by a letter from the USPS stating that the mailing was damaged during processing at the USPS facility in Springfield, Massachusetts and some pages may be missing.

May 08, 2013 | User Error

Abstract

On May 8, 2013 a MassMutual account manager sent an email that inadvertently contained information about you and your retirement plan to a third party retirement plan service provider not associated with MassMutual.

January 30, 2013 | Third Party

Abstract

MassMutual has an established business relationship with Convey Compliance Systems, Inc. (“Convey”) to provide print and mailing services for MassMutual’s annual IRS Form 1099 mailing. On February 1, 2013, Convey notified us of an incident that resulted in the Forms 1099 for a number of MassMutual clients being mailed to an incorrect mailing address. Unfortunately, your Form 1099 was in the affected group.

May 15, 2016 |

Abstract

An East Coast law firm was representing Multi-Color in litigation. As part of that representation, the law firm collected data from Multi-Color's system, which included HR records and information on all current US employees as of April 13, 2016; certain former employees and some employees of a predecessor. company; and application. The data was saved to an external hard drive and password protected. The hard drive was delivered to the law firm and the password was separately emailed to the law firm.

April 27, 2013 | Laptop Stolen

Abstract

On April 27, 2013, an unknown individual(s) burglarized Millimaki Eggert's San Diego, California office and stole, among other things, two password-protected laptops containing sensitive information.

| Breach

Abstract

Shortly before the Memorial Day weekend, we became aware that stolen Myspace user login data was being made available in an online hacker forum. The data stolen included user login data from a portion of accounts that were created prior to June 11, 2013 on the old Myspace platform.

| Device Lost

Abstract

I am writing to let you know that a device containing information regarding mariners who have served aboard vessels operated by Horizon Lines has been identified as missing. While we have no indication that the device has been used or was even intentionally removed, and while accessing any information on the device requires a valid user ID and password, we take the security of such information seriously and are accordingly writing to inform you of this incident.

MUJI U.S.A. LIMITED

| Website Compromise

Abstract

Based on the outcome of our recently completed investigation, we have determined that an unauthorized third party used malicious software (malware) to infiltrate our on-line server, which is hosted by a reputable service provider. We learned of the incident as the result of a thorough investigation, which we initiated immediately following the receipt of information suggesting a possible data compromise on our on-line shopping site. To adequately protect our customers, we shut down our on-line shopping site during the course of the investigation. Our investigation was recently completed, and we are now able to determine the scope of customers whose information was potentially exposed during the incident. At this time, we believe order information that you and other customers provided during the period of January 22, 2015 -- July 20, 2015 may have been at risk.

| Account Compromise

Abstract

Northwest Foundation, Inc.

July 16, 2020 | Ransomware

Abstract

Abstract

The Sabre Hospitality Solutions SynXis Central Reservations system (Sabre) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. These services include reservations for Noble House Hotels & Resorts (Noble House). On May 2, 2017 Sabre informed us that it retained “expert third parties” to investigate a data security incident that may have affected personal information you provided in making reservations at a Noble House property. Sabre informed us that upon discovering the incident, it engaged a digital forensics firm to conduct an investigation. On June 6, 2017, Sabre informed us that certain reservation information may have been accessed between August 10, 2016 and March 9, 2017 without authorization.

Abstract

On March 11, 2020, CBM discovered suspicious activity related to a CBM employee’s email account. We immediately took steps to secure the employee’s email account and launched an investigation which included working with a third-party forensic investigator to determine the nature and scope of the activity. On March 21, 2020, the investigation determined that a CBM employee email account had their account credentials being used by an unknown actor(s) to gain unauthorized access to the account on separate occasions on March 10, 2020 and March 11, 2020. During this limited timeframe, the unauthorized actor may have had access to certain emails and attachments within the account.

December 22, 2017 | Files Lost

Abstract

On or about December 22, 2017, a thief stole a container holding daily backup tapes that, as part of PAR's regular practices, had been taken off-site. Upon learning of thsi incident (on December 22), we promptly notified law enforcement and initiated an investigation. We believe the thief was seeking physical items, not electronic data, and we are not aware of any actual misuse of the backup tape data.

Abstract

November 26, 2016 | Website Compromise

Abstract

On November 26th an unauthorized third party accessed the MyQuest by Care360® internet application and obtained PHI of approximately 34,000 patients. The data included name, date of birth, lab results, and, in some instances, telephone numbers.

November 17, 2014 | User Error

Abstract

On November 17,2014, a Quest Diagnostics employee inadvertently sent a standard report via secured email to two individuals from outside companies with whom we have a business relationship.

Qvale Auto Group, Inc.

Abstract

I am writing to let you know of an incident that may have affected your personal information. On July 18, an unknown third party gained access to a RadNet server that was used to store certain employee data, and copied certain files to an external server. RadNet quickly discovered this activity and blocked further access to the files and its systems and retrieved the copied files.

Robie & Matthai APC

May 7, 2020 | Ransomware

Abstract

On May 7, 2020, Robie & Matthai, APC (the “Firm”) was the victim of a ransomware attack. We were able to recover our information from offline backups with no significant interruption in service. After a third-party forensic analysis, however, we determined that the individual(s) who carried out this attack (the “Attacker”) may have accessed some of the personal information on our system. You are receiving this notice because we believe your personal information may have been included among that data set.

Romanazzi & Associates

April 16, 2020 | Unauthorized Access

Abstract

On April 22, 2020, we learned that fraudulent tax returns were filed for a few of our clients. Based on this information, we contacted our tax software vendor and the Internal Revenue Service as well as the local police and FBI offices to investigate the issue. We also engaged IT professionals to perform a scan and analysis of our system. We immediately took steps to secure the access to our systems and tax software and the client information contained therein.

Rady Children’s Hospital - San Diego and Rady Children’s Hospital Foundation – San Diego

February 7, 2020 | Unauthorized Access

Abstract

Blackbaud recently informed us that it experienced a data security incident that may have involved information pertaining to members of our community who provided information to Rady Children’s Hospital – San Diego or the Rady Children’s Hospital Foundation – San Diego. Upon learning of the incident, we immediately launched an investigation to determine what happened and whether any personal information was impacted. According to Blackbaud, between February 7, 2020 and June 4, 2020, an unauthorized party had access to backup files related to the Blackbaud fundraising and donor management software we use. Upon learning this information, we retained outside cybersecurity experts, including a vendor to review the backup data at issue. On October 7, 2020, we determined that some of your personal information was contained in the backup files. Blackbaud has informed us that it has no reason to believe that any information in the files has been or will be misused, or will otherwise be made available publicly. We nonetheless wanted to make you aware of this incident and offer you complimentary identity monitoring services to help alleviate any concern you may have.

August 12, 2019 | Insider Threat

Abstract

Reiter Brothers, Inc

August 12, 2019 | Insider Threat

Abstract

August 30, 2018 | Programming Error

Abstract

As a result of Rite Aid’s sale of 1,932 stores and 3 distribution centers to Walgreens, Rite Aid provides certain transition services to Walgreens to support the sale of the stores and distribution centers until converted to Walgreens’ systems (“Transition Services”). To support the Transition Services, Rite Aid provides weekly administrative files to certain Walgreens vendor partners including Empower. Due to a programming update made by Rite Aid on August 30, 2018, Rite Aid associates were inadvertently included in the standard eligibility file that goes to Empower.

Abstract

| Third Party

Abstract

REEVE-WOODS EYE CENTER

| Malware

Abstract

On September 17, 2014, our information technology consultant discovered that unknown individuals had breached the Eye Center’s server and installed malware on two computers, one at each facility. The malware was capturing screenshots (i.e., a copy or image of what is seen on a computer screen at a given time) which included patients’ protected health information. We suspect the malware may have been installed in or around August 2014.

RR Donnelley

| Computer Stolen

Abstract

According to RR Donnelley, a print and mailing vendor that UnitedHealthcare uses, sometime between the second half of September and the end of November, 2012, an unencrypted desktop computer was stolen from one of its facilities.

Regions Financial Corporation

| Third Party

April 29, 2020 | Email Compromise

Abstract

On April 30, 2020, SVMHS determined that the email account of one of its employees had been compromised. On May 7, 2020 and June 5, 2020 respectively, SVMHS subsequently determined that email accounts of a contractor and three other employees were also compromised. These five email accounts were compromised through Outlook Web Access, SVMHS’s browser-based email access solution.

April 24, 2020 | Compromise

Abstract

Steel Partners

April 18, 2020 | Email Compromise

Abstract

Steel Partners discovered unauthorized activity in the email account of one of its employees and immediately initiated an investigation, which identified unauthorized access to that email account. Steel Partners locked the account and promptly engaged a forensic security firm to assist. The investigation identified that the method by which the email account was accessed allowed for a local download of the entire mailbox. On May 29, 2020, it was determined that there were documents within the employee’s email account that contained personal information. A broader review of our systems indicated that only one email account was impacted. We are notifying you because some of your personal information was contained in documents within the Steel Partners employee’s email account.

April 1, 2020 | Database Compromise

Abstract

On January 28th, 2020, San Dieguito alerted Aeries that their database may have been potentially subject to unauthorized access. We immediately launched an investigation into the nature and scope of the incident and took measures to secure the database. We also assisted San Dieguito and its forensic experts with their investigation into the incident. On February 25, 2020, the forensic investigations revealed that San Dieguito’s Aeries database was subject to unauthorized access from April 2019 to January 2020. San Dieguito undertook a labor-intensive review of the affected database to determine the scope of personal information contained within. San Dieguito has asked Aeries to notify you out of an abundance of caution because your information was present in the affected database.

July 01, 2019 | Email Compromise

Abstract

The Sabre Hospitality Solutions SynXis Central Reservations system (CRS) facilitates the booking of hotel reservations made by consumers through hotels, online travel agencies, and similar booking services. Following an examination of forensic evidence, Sabre confirmed to us on or about June 6, 2017 that an unauthorized party gained access to account credentials that permitted unauthorized access to unencrypted payment card information, as well as certain reservation information, for a subset of hotel reservations processed through the Sabre’s system.

Findings show that malware was installed on servers that processed payment cards used at restaurants and bars of 12 IHG managed properties. Cards used at the front desk of these properties were not affected. The malware searched for track data (cardholder name, card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the affected server.

Shutterstock Music Canada ULC d/b/a PremiumBeat

September 29, 2016 | Vulnerability

Abstract

Unfortunately, on the afternoon of September 29th, we discovered a security bug in third party software which that resulted in unauthorized access to PremiumBeat user information. We immediately investigated and learned that this unauthorized party may have obtained the names, addresses, phone numbers, email addresses, and encrypted passwords for PremiumBeat users. We sincerely regret any concerns this incident may cause you.

Stanford University

September 01, 2016 | Misconfiguration

Abstract

On October 27, 2017, the University Privacy Office (“UPO”) received a report that several folders with confidential information on a shared file server maintained by the Graduate School of Business (“GSB”) were accessible to GSB faculty, staff and students. The permissions on these folders were incorrectly changed around September 2016, and thus the included files were viewable by the GSB community. The GSB IT team became aware of the incorrect folder permissions on February 23, 2017. They adequately locked down the impacted folders by March 3rd. However, because GSB did not appreciate the scope of the exposure there was a delay in informing the UPO. Following notification, the UPO undertook a comprehensive review of all the files accessible to the GSB community, and last week discovered a file with employee personal information. We do not have any direct evidence that the file containing your personal information was actually accessed, downloaded or used by any unauthorized person. However, out of an abundance of caution, we believe that it is important that we notify you so that you can take steps to protect yourself.

July 28, 2012 | Insider Threat

Abstract

The incident involved an employee who formerly worked in my office. While employed, and contrary to the business practices of my office, the employee used customer information inappropriately. This information would have included names, addresses, birthdates, credit card numbers and social security numbers. It has further been alleged that this employee specifically used your credit card to purchase items online.

| Insider Threat

Abstract

This incident involved an employee who formerly worked in my office. While employed, and contrary to the business practices of my office, the employee allegedly used customer information inappropriately. This information may have included names, addresses, credit card numbers and social security numbers. We have been unable to confirm which customers’ information was allegedly misused by this person.

Abstract

Blackbaud works with many large and small nonprofits, including the Jane Goodall Institute, to support fundraising and engagement efforts. Last week, Blackbaud notified us that it was the target of a ransomware attack that involved the information of a number of its clients. As a result, the hackers obtained some personally identifying information about Blackbaud's nonprofit clients' donors and prospective donors, including those of the Jane Goodall Institute.

February 7, 2020 | Ransomware

Abstract

Blackbaud is a cloud-based software company that provides services to thousands of schools, hospitals, and other non-profits. On July 16, 2020, Blackbaud notified us that it had discovered a ransomware attack on Blackbaud’s network in May 2020. Blackbaud reported that it conducted an investigation, determined that backup files containing information from its clients had been taken from its network, and an attempt was made to encrypt files to convince Blackbaud to pay a ransom. Blackbaud paid a ransom and obtained confirmation that the files that had been removed had been destroyed. Blackbaud reported that it has been working with law enforcement. Upon learning of the incident from Blackbaud, we conducted our own investigation of the Blackbaud services we use and the information provided by Blackbaud to determine what information was involved in the incident. On September 2, 2020, we determined that the backup files contained certain information pertaining to you.

Thomas Cuisine

January 24, 2020 | Email Compromise

Abstract

Earlier this year, Thomas Cuisine became aware of suspicious activity in certain employees’ email accounts. Thomas Cuisine immediately began an investigation into the incident with the assistance of third-party forensic specialists. The investigation determined the employees’ email accounts were accessed without authorization between January 24, 2020 and February 18, 2020.

Although the investigation was unable to determine whether personal information stored in the impacted email account had actually been viewed or removed by an unauthorized actor, Thomas Cuisine could not rule out the possibility of such activity. Therefore, in an abundance of caution, Thomas Cuisine performed a thorough and exhaustive review of the information stored within the impacted email accounts. On May 20, 2020, we determined that your personal information was present in one of the accounts.

Tandem Diabetes Care, Inc.

January 17, 2020 | Phishing

Abstract

On January 17, 2020, we learned than an unauthorized person gained access to a Tandem employee’s email account through a security incident commonly known as “phishing.” Once we learned about the incident, we immediately secured the account and a cyber security firm was engaged to assist in our investigation. Our investigation determined that a limited number of Tandem employee email accounts may have been accessed by an unauthorized user between January 17, 2020 and January 20, 2020.

The Master’s Touch, LLC

October 23, 2019 | Website Compromise

Abstract

The Master's Touch, LLC provides eNoticesOnline.com, an online web portal for your property tax statements and assessments. On October 23, 2019, we fell victim to a malware attack when an unknown individual gained access to the server that manages our eNoticesOnline system, causing the system to crash. We quickly restored the server and blocked the intruder from future attacks on the system. We also engaged a computer forensics company to determine what, if anything, the intruder may have accessed. On November 19, 2019, we discovered that the computer forensic investigation confirmed there was no unauthorized removal of data files, but was unable to determine if the files had been viewed. Out of an abundance of caution, we are notifying you of this incident.

The UPS Store, Inc.

October 11, 2019 | Phishing

Abstract

We recently determined that between October 11 and 22, 2019, a small percentage of local store locations were the victim of a phishing incident in which an unauthorized person potentially had access to a limited number of local store email accounts. Immediately upon learning of this, The UPS Store, Inc. initiated an investigation to assess the incident’s scope, including engaging a third-party cybersecurity firm, and have taken steps to further strengthen and enhance the security of systems in The UPS Store network, including updating administrative and technical safeguards. As part of the investigation, The UPS Store, Inc. reviewed the potentially affected accounts, and in early November, found personal information in those accounts. The personal information was contained in documents that were emailed to The UPS Store location for printing or similar services provided by those locations. You, or someone you know, may have emailed the document(s) containing personal information to the local store for this service. We are unaware of any misuse of your personal information in connection with this incident at this time.

Abstract

On April 20, 2017, Torrance memorial Medical Center ("Torrance Memorial") discovered that it had experienced an email security incident that allowed access to two staff members email accounts which contained work-related reports. Torrance Memorial immediately launched an invetigation, which included working with third-party forensic investigators, to determine the full natur and scope of this incident. The investigation determined that perosnal information for certain individuals was present in some impacted emails. Based upon available forensic evidence, it appears these cyber attacks took place on April 18 and 19, 2017.

Title Boxing, LLC

May 16, 2019 | Website Compromise

Abstract

After suspicious activity within our e-commerce server was identified, we immediately engaged external forensic investigators and commenced a prompt and thorough investigation into the incident. As a result of this review, we learned that certain customer credit and debit card information may have been obtained by an unauthorized party from our payment portal when purchases were made through our online store from May 16, 2019 through July 9, 2019 and on July 12, 2019. We do not store card data on our website; however, this data may have been scraped during the transaction. Purchases through our call center and store locations were not impacted by this incident.

Treloar & Heisel, Inc.

May 13, 2019 | Laptop Stolen

Abstract

In May, 2019, a Treloar employee’s laptop was stolen from their car. Treloar immediately began an investigation to confirm the security of the laptop and to determine the nature and scope of the event. Further, Treloar immediately took steps to secure the information accessible on the laptop, including changing the employee’s password to email and other cloud-based storage systems.

The Crucible

April 28, 2019 | Website Compromise

Abstract

Between April 28, 2019-February 27, 2020, malicious code on TheCrucible.org was skimming data inputted during checkout and saving it on an image file hosted on our site. This code was rendered inactive by updates to TheCrucible.org on February 27, 2020. Upon discovering the malicious code, it was immediately removed and we started a thorough investigation into how the skimmer worked to ensure that no other aspects of TheCrucible.org were compromised. We have reported this security incident to the California Department of Justice.

The Union Labor Life Insurance Company

April 04, 2019 | Email Compromise

Abstract

On April 1, 2019, an unauthorized external user was able to access the Outlook email account of an employee of The Union Labor Life Insurance Company (the “Company”). The employee opened a link from a trusted, external business partner that included a login to what appeared to be a legitimate file sharing site. The link was in fact fraudulent and allowed access to the employee’s email account.

June 22, 2017 | Email Compromise

Abstract

An unauthorized external user was able to briefly access the Outlook email account of an employee of The Union Labor Life Insurance Company (the “Company”) on June 22, 2017. The unauthorized user sent a spam email from the employee's email account to the employee's various personal and business contacts via email which appeared to be a legitimate email from the employee. The body of each email included either a Dropbox or two PDF documents that have links to malicious websites.

August 22, 2018 | User Error

Abstract

On August 22, 2018, one of our employees inadvertently sent an email with an attachment containing some of your personal information to Transamerica clients not associated with your retirement plan. We have received written confirmation from all recipients that the information was deleted, and we have no evidence or other reason to believe that the information was misused in any way. The affected information included your name, Social Security number, retirement plan name and plan number referenced above, hire date, and contribution percentages.

March 01, 2017 | Account Compromise

Abstract

We recently discovered unauthorized access to your retirement plan online account information available through the Transamerica Retirement Solutions website that may have occurred between March, 2017 and January, 2018. Please note that most individual accounts were accessed only once or at limited points in time during this time frame. We found no evidence of a compromise of Transamerica’s network and systems, but unauthorized parties used compromised third-party user credentials to log into Transamerica systems and access your account information.

November 09, 2017 | Third Party

Abstract

Prudential is the administrator of your <<ClientDef1(Company Name)>> variable annuity contract. An electronic file containing your personal information was inadvertently sent by a vendor of Prudential, to a corporate client of that vendor. Although this client ordinarily receives personal information through the normal course of business for its own customers, it was not authorized to receive <<ClientDef1(Company Name)>> variable annuity contract holder personal information. The client who received your information immediately reported the error and has confirmed that the file containing your information was not viewed and was deleted without additional distribution.

January 17, 2017 | Account Compromise

Abstract

The vendor who manages our Rewards“R”Us loyalty program recently advised us of unauthorized attempts to access Rewards“R”Us loyalty member accounts. It appears this was an effort to fraudulently redeem Rewards coupons beginning in November. We expect this activity is related to previously reported online breaches, not affiliated with Toys“R”Us, where thieves stole login names and passwords. This may be because the thieves know that users tend to have the same password across multiple accounts.

August 10, 2016 | Third Party

Abstract

August 10, 2016 | Third Party

Abstract

The Topps Company, Inc.

July 30, 2016 | Website Compromise

Abstract

On Octover 12, 2016, Topps became aware that one or more intruders gained unauthorized access to its website. Topps immediately launched an investigation and determined that the intruders may have gained access to payment card and other data that customers entered when placing orders through the website.

The Credit Pros international

July 9, 2016 | Third Party

Abstract

We use an online storage service for documents we receive from our clients. We recently learned that when the service was built by our vendor, the service allowed unauthenticated access requests. Upon discovering this, we immediately took steps to change the access settings for the service, a security firm was engaged, and a thorough investigation was conducted. Findings from the investigation showed unauthenticated access to files stored in the service, in relatively small amounts, from July 9, 2016 through December 2019, and then a period of concentrated unauthenticated request activity from December 12, 2019 and December 15, 2019. Because we could not identify who made these requests, we reviewed the files associated with the requests to identify the information they contained. On June 30, 2020, we identified that one or more of these files contained some of your information.

Toyota Motor Credit Corporation

June 28, 2016 | Email Compromise

Abstract

On June 28, 2016, a TFS associate mistakenly emailed a spreadsheet containing customer information to her personal email account. The email was sent using an encrypted transmission method. This incident was discovered on June 28, 2016.

Abstract

On June 1, 2020, the University of California San Francisco (“UCSF”) detected a cybersecurity attack that occurred in a limited part of the UCSF School of Medicine’s IT environment. Upon detection of the intrusion, we immediately isolated the impacted environment and successfully contained the incident from the core UCSF network. While we stopped the attack as it was occurring, the attacker obtained certain files and encrypted others with ransomware. UCSF made the difficult decision to pay the attacker, and received the information we needed to decrypt the affected servers and data the attackers stole. Although we have no evidence that the personal information taken has been misused, we are notifying you because we determined that some of your personal information was impacted.

September 25, 2013 | Laptop Stolen

Abstract

We are writing to inform you of an incident involving some of your health information. On September 25, 2013, UCSF learned that an unencrypted personal laptop was stolen from the locked vehicle of a physician in the Division of Gastroenterology at the UCSF School of Medicine. Given the physician’s various UCSF responsibilities, it was determined that the physician had the information appropriately.

US HealthCenter, Inc.

April 13, 2020 | Phishing

Abstract

On April 13, 2020, we were made aware of unauthorized access to USHC’s dedicated Cost Plus email account. This account was used to distribute phishing emails to Cost Plus wellness plan participants in an attempt to gain access to participant personal information. USHC’s internal information security (IT) team conducted an investigation of the compromised account. USHC discovered that there was unauthorized access to the Cost Plus email account, and the individual(s) responsible were able to view and forward emails associated with this inbox. The compromised account contained forms submitted by Cost Plus plan participants, including an Annual Preventive Screening affidavit which may have contained a participant’s name, employee number, date of birth, physician signature, and date of exam. Apart from additional limited health information, the inbox in question did not contain participants’ social security numbers, drivers’ license numbers, credit card data, financial account information, insurance information, or other sensitive personal information.

University of Detroit Mercy

February 7, 2020 | Ransomware

Abstract

On July 16, 2020, Blackbaud notified Detroit Mercy of a ransomware attack on their internal systems. Upon learning of the issue, we commenced an immediate and thorough investigation. As part of our investigation, we engaged external cybersecurity professionals experienced in handling these types of incidents.

Blackbaud reported to us that they identified an attempted ransomware attack in progress on May 20, 2020. Blackbaud engaged forensic experts and law enforcement to assist in their internal investigation. The investigation concluded that the cybercriminal removed data from Blackbaud’s systems intermittently between February 7, 2020 and May 20, 2020. A backup file containing certain information was removed by the cybercriminal. According to Blackbaud, they paid the cybercriminal to ensure that the backup file was permanently destroyed.

University of Minnesota Physicians

January 31, 2020 | Phising

Abstract

Abstract

On January 16, 2019, the Microsoft 365 web email account of a VMF employee was compromised for several hours. During this time, a third party obtained access to the employee’s email account without authorization and from this account, sent emails to various internal and external email accounts containing a malicious link. It appears that this was an attempt to obtain user names and passwords from the recipients of these emails. We have confirmed that the third party did not gain access to the email accounts of any other VMF employee or to the VMF servers or network more generally.

November 28, 2018 | Email Compromise

Abstract

On November 28, 2018, the Microsoft 365 web email account of a VMF employee was compromised for approximately 1.5 hours. During this time, a third party obtained access to the employee’s email account without authorization and from this account, sent emails to various internal and external email accounts containing a malicious Docusign link. It appears that this was an attempt to obtain user names and passwords from the recipients of these emails. We have confirmed that the third party did not gain access to the email accounts of any other VMF employee or to the VMF servers or network more generally.

January 06, 2017 | Unauthorized Access

Abstract

On January 6, 2017, Verity Health System learned that some of his/her personal information may have been accessed by an unauthorized third party. Although we are not aware of any misuse of the information, we are notifying you to advise you of the incident out of an abundance of caution.

Verity Health System

Abstract

On September 2, we were informed by our credit card service provider that unauthorized charges had been made on a number of our customers’ credit cards. We have hired forensic experts, notified law enforcement and we have been working diligently and comprehensively to investigate the incident, identify how our systems may have been impacted, and secure our systems. Although our investigation is continuing, we currently believe that some forms of your data may be affected by the compromise. This information includes encrypted credit or debit card number, along with card expiration date, name, billing address, email address and, if you have created a Viator account, the associated email address, encrypted password and Viator “nickname.” At this time, we have no reason to believe that the three or four digit value printed at the back or front of your card was compromised. Additionally, debit PIN numbers are not collected by Viator and could therefore not be compromised.

Valve Corporation

| CAUSE

Abstract

Sometime between May 26 and June 5, 2020, various groups of individuals broke into multiple Walgreens stores and forced entry into the secured pharmacy at select locations, including your preferred Walgreens. Among the many items stolen were certain items containing health-related information —such as filled prescriptions waiting for customer pick up and paper records. This included a very limited number of hard drives that were attached to stolen cash registers. These hard drives contained information about certain recent pharmacy purchases completed at that cash register. One pharmacy automation device that stored prescription labeling information for a short time period was also involved. Between May 26 and June 5, Walgreens discovered customer information was impacted. We later determined that one or more of the items described above may have contained your information. We wanted to alert you to this fact.

January 09, 2020 | CAUSE

Abstract

On January 15, 2020, Walgreens discovered an error within the Walgreens mobile app personal secure messaging feature. Our investigation determined that an internal application error allowed certain personal messages from Walgreens that are stored in a database to be viewable by other customers using the Walgreens mobile app. Once we learned of the incident, Walgreens promptly took steps to temporarily disable message viewing to prevent further disclosure and then implemented a technical correction that resolved the issue.

July 24, 2018 | CAUSE

Abstract

On or around August 2, 2018, Welk learned of unusual activity related to an employee email account. We immediately began an investigation to confirm the security of our network and to determine the nature and scope of this event. With the assistance of third-party forensic investigators, we learned that an unauthorized actor(s) was able to gain access the employee’s email account. Based upon available forensic evidence, it appears the email account was subject to unauthorized access between July 24, 2018 and August 2, 2018. While we have no evidence of actual or attempted misuse of personal information, the investigation revealed certain information related to you was present in the impacted email account at the time of the incident. Our investigation indicates only a small percentage of Welk’s Owners were potentially affected by the incident.

September 29, 2017 | CAUSE

Abstract

On or around December 4, 2017, Welk learned of unusual activity in certain employee email accounts. We immediately began an investigation, to confirm the security of our network, and to determine the nature and scope of this event. With the assistance of third-party forensic investigators, we learned that unauthorized actor(s) were able to gain access to certain employee email accounts. Based upon available forensic evidence, it appears these email accounts were subject to unauthorized access between November 29 and December 4, 2017. While we have no evidence of actual or attempted misuse of personal information, the investigation revealed some personal information was present in the impacted email accounts at the time of the incident. Our investigation indicates only a small percentage of Welk’s Owners were potentially affected by the incident.

October 05, 2016 | CAUSE

Abstract

On October 6, 2016, we learned that, late on October 5, a Welk team member’s home was burglarized, and the team member’s company laptop was stolen. Upon learning of the theft, we immediately launched an investigation to determine what information may have been involved in this incident. While our investigation is ongoing, we have determined that your information may have been stored on the stolen laptop. To date, we have no evidence to suggest that the data stored on the laptop has been accessed. Further, we have no evidence to date that there has been any attempted or actual misuse of data stored on the laptop. This incident has been reported to local police and, to our knowledge, there is an ongoing criminal investigation.

Walker Advertising, LLC

January 29, 2018 | CAUSE

Abstract

Two senior Walker employees’ corporate e-mail accounts were hacked between approximately January 29, 2018 and February 22, 2018. At least one of the corporate e-mail accounts was used to send phishing e-mails to solicit individuals to respond with access credentials to Walker’s electronic information network. The employees who suffered the hacks reported the instances to Walker’s Information Technology (“IT”) Department. Upon learning of the hacks, the IT Department immediately isolated the affected e-mail accounts, stopped the phishing e-mails, and locked out the hacker. Walker reported the unlawful activity to the Federal Bureau of Investigation (“FBI”) and will cooperate in any law enforcement investigation.

Worldwide Services Insurance Agency, LLC

October 11, 2017 | CAUSE

Abstract

Following the conclusion of our investigation of a suspected security incident, with the assistance of a leading computer forensic firm, we determined that an unauthorized party obtained credentials to two employees’ email accounts through a phishing email scheme. Our investigation determined that unauthorized access to those email accounts could have occurred between the dates of October 11, 2017 and October 13, 2017. As a result, the unauthorized party may have viewed or accessed emails in one employee’s email account that contained information provided to us in connection with your international health insurance plan.

W.W. Grainger, Inc.

September 26, 2017 | CAUSE

Abstract

On April 10, 2018, Grainger was notified by [24]7.ai that [24]7.ai was involved in a cyber incident, which occurred from September 26, 2017 through October 12, 2017. During this time, credit card information of those conducting business with certain [24]7.ai clients, including Grainger, may have been accessed. Those customers who used guest check out and manually entered credit card information on Grainger.com or its app were potentially affected. TBD

August 23, 2017 | CAUSE

Abstract

On August 23, 2017, Grainger learned that a team member’s laptop was stolen. On that same day, as soon as the theft was discovered, Grainger launched an investigation to determine the specifics and information involved. The team member’s network and all other IT credentials were immediately disabled, and the laptop was set to automatically wipe its contents completely and permanently the next time it connects to the internet.

| CAUSE

Abstract

We learned on October 27, 2015 that the information was inadvertently stored in a system file that was at potential risk of unauthorized access. The issue was immediately fixed, and we continue to work with outside experts to further strengthen our coding review protocols.

WEI Mortgage LLC

September 13, 2017 | CAUSE

Abstract

On or around September 20, 2017, WEI Mortgage LLC (“WEI Mortgage”) received reports of unusual activity in an employee’s email account. We immediately began an investigation to confirm the security of our network and to determine the nature and scope of this event. With the assistance of third-party forensic investigators, we learned our company was the victim of an email phishing attack, resulting in unauthorized access to certain employee email accounts. Based upon available forensic evidence, it appears these email accounts were subject to unauthorized access between September 13 and September 28, 2017. While we have no evidence of actual or attempted misuse of personal information, the investigation revealed some personal information was present in the impacted email accounts at the time of the incident.

Wells Fargo Advisors

July 06, 2017 | CAUSE

Abstract

We were recently notified that on July 6, 2017, a law firm representing Wells Fargo inadvertently provided some of our client information to another law firm in response to a legal subpoena. Although the data was provided securely to the law firm on an encrypted disk that was marked "confidential" your information should have been removed. We were informed the information was shared with two attorneys, their client, and his employer. We also understand that some limited information was shown to reporters from one newspaper, but they were not given copies of any Wells Fargo client information.

Washington State University

April 21, 2017 | CAUSE

Abstract

On April 21, 2017, Washington State University learned that a locked safe containing a hard drive had been stolen. Immediately upon learning of the theft, we initiated an internal review and notified local law enforcement. On April 26, we confirmed that the stolen hard drive contained personal information from some survey participants and, as a result, we retained a leading computer forensics firm to assist in the investigation.

January 13, 2016 | CAUSE

Abstract

April 16, 2013 | CAUSE

Abstract

One copy of XX’s confidential psychological assessment report containing [patient’s] name; date of birth; current placement history; developmental and psychological treatment history; limited family history; educational history; current psychological concerns; testing data, interpretation, results, and treatment recommendations was incorrectly faxed to an unintended recipient on April 16, 2013. The error resulted from an incorrect fax number entered onto the fax cover sheet (the intended number ended in 0842, while the unintended number ended in 0843).

November 20, 2012 | CAUSE

Abstract

A referral document containing your name, date of birth, Social Security Number, address, and your current health concerns was unintentionally sent by email to an unauthorized recipient, a county social worker, at the Alameda County Department of Social Services, Child and Family Services Unit.

Western University of Health Sciences

November 14, 2012 | CAUSE

Abstract

On November 14, 2012, WesternU learned that BanWeb Self-Service Federal Work Study reports were potentially accessible to BanWeb users with a WesternU ID and password.

Wilton Brands LLC

October 08, 2012 | CAUSE

Abstract

On or about January 8, 2013, one of Wilton’s service providers discovered that a malicious user modified the shopping cart functionality used on the www.wilton.com website.

X-Rite Incorporated

February 06, 2012 | CAUSE

March 29, 2013 | CAUSE

Abstract

Yolo FCU has been notified by our monitoring center that a merchant was victimized by unauthorized access of their data files. This breach has resulted in quick moving fraudulent activity, and we have blocked cards as quickly as possible in an attempt to prevent fraudulent activity from posting to your account.

October 27, 2012 | CAUSE

Abstract

Yolo Federal Credit Union identified your ATM/Visa debit card information as one that may have been compromised. Due to the high risk for fraudulent activity it was critical for the credit union to block and reissue your card as quickly as possible. Y

March 22, 2012 | CAUSE

Abstract

VISA was notified that Global Payments was victimized by unauthorized access of their data files. Global Payments is a third party payment processor that processes plastic card transactions. Your card was included and may be at risk.

You Can Trade, Inc.

| CAUSE

Abstract

On May 28, 2020 YCT discovered that certain personal data of YCT customers and prospective customers (“YCT Data”) was accessed by one or more unauthorized persons.

Yahoo! Inc.

| CAUSE

Abstract

A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from our systems in late 2014 by what we believe is a statesponsored actor. We are closely coordinating with law enforcement on this matter and working diligently to protect you.

YP Holdings

| CAUSE

Abstract

Anthem was the target of a very sophisticated external cyber attack. There attackers gained unauthorized access to Anthem's IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, ...

Z

ZEG – Berlin Center for Epidemiology and Health Research GMBH

August 4, 2020 | Malicious Code

Abstract

July 30, 2017 | CAUSE

Abstract

We take security extremely seriously at Zazzle and wanted to let you know that in July 2017, our Security Team detected a brute force data security attack. During this data breach, some unauthorized login attempts to Zazzle accounts were made, including one using your Zazzle username (email address) and password.

| Insider Threat

Abstract

This letter is written to inform you, that on August 21, 2017 we became aware of an employee who accessed your account information without a direct business need. The access was not necessary for the employee to perform or complete their job assignment. We believe the improper access occurred between the dates of August 29, 2016 and April 21, 2017.

List of Data Breaches

1

1919 Investment Counsel LLC

1873349 Ontario, Inc.

1-800-Flowers.com

2

21st Century Oncology

7

7-Eleven, Inc.

8

80sTees

9

9W Halo OpCo L.P. d/b/a Angelica

A

Atlas Mechanical, Inc.

Agoura Health Products, LLC dba Gundry MD

Aetna

ArbiterSports

Assured Imaging

American Payroll Institute, Inc. (APA); Global Payroll Management Institute, Inc.

American Payroll Institute, Inc. (APA); Global Payroll Management Institute, Inc. (GPMI)

Amphastar Pharmaceuticals, Inc.

American Symphony Orchestra League

Allergy & Asthma Medical Group of the Bay Area, Inc.

Ascend Clinical LLC

Arbonne International, LLC

Alcorn Fence Company

Alameda Health System

Andrew Dang, DDS

Amtrak

Accident Insurance Company

Angeion Group

AST LLC

Athenian School

Advantage Capital Funding, LLC

Allstate Benefits

Ambry Genetics Corporation

Artech, L.L.C.

Atria Wealth Solutions

Andrew Lundholm CPA

ACCO Engineered Systems, Inc.

Adelanto Elementary School District

Apple Valley Unified School District

ABC Unified School District

Altice USA, Inc.

AFTRA Retirement Fund

Audio Visual Services Group, LLC d/b/a PSAV

AmeriSave Mortgage Corporation

American Medical Technologies

Active Network, LLC

Atria Senior Living

Auto Approve, LLC

Aveanna Healthcare

Athens Insurance Services, Inc.

AliMed, Inc.

Andy Frain Services

Avalara, Inc.

Ameritas Life Insurance Corp.

Acrisure LLC, d/b/a Filice Insurance Agency

Arthur J. Gallagher & Co.

Altura Credit Union

American Indian Health & Services, Inc.

Abbott Laboratories

AltaMed Health Services Corporation

American Cancer Society, Inc.

ArmorGames, Inc

Abel HR

Ally Bank

AeroGrow International

ACE Cash Express, Inc.

Avid Technology, Inc.

Amateur Athletic Union

American Medical Response, Inc.

Atrium Health (formerly Carolinas HealthCare System)

Allen Chern LLP

Applied Data Finance, LLC d/b/a Personify Financial

Animoto Inc.

American Express Travel Related Services Company, Inc.

Aetrex Worldwide, Inc.

Aimbridge Hospitality Holdings, LLC