Breach Report 2012.Pdf

Identity Theft Resource Center Report Date: 1/4/2013 2012 Breach List: Breaches: 470 Exposed: 17,491,690 Page 1 of 95

A Humana office in the Tampa, Florida area moved to a new location on July 12, 2012. On November 28, due to a business need to pull information from the 2011 files that were boxed for storage during the move, it was discovered that one box of paper files containing member appeals regarding discharge from a skilled nursing facility and/or hospital was lost during the move. The files contained member name, demographic information, date of birth, Medicare identification number, and possibly clinical information. Humana has no information to date indicating that the information has been inappropriately used.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Humana Article URL: http://doj.nh.gov/consumer/security-breaches/documents/humana-20121217.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-21 Irvine Scientific CA Electronic Business Yes - Unknown # 0

This letter is being sent in accordance with New Hampshire law to inform your office that our company recently suffered the theft of credit card information which potentially exposed the name and credit card number of one (1) New Hampshire resident. We have enclosed a copy of the notice letter that we will be sending to potentially affected individuals on a nationwide basis on or before December 18, 2012.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Irvine Scientific Article URL: http://doj.nh.gov/consumer/security-breaches/documents/irvine-scientific-20121218.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-20 Montana State University MT Electronic Educational Yes - Unknown # 0

On September 16, 2012, our client, Montana State University ("MSU"), discovered that certain documents on a network storage device were inadvertently left unencrypted and available on MSU's network between August 1, 2012 and September 15, 2012. During this time period, the device had been decrypted and reset to factory settings in order to troubleshoot performance issues. After conducting a thorough investigation, MSU does not believe anyone viewed the documents as the information could only be accessed from MSU's network by a user with specialized knowledge. The device contained certain student loan documents from students who attended MSU in 2006. The information involved included names, dates of birth, and Social Security numbers. No financial or bank account information was involved.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Montana State University Article URL: http://doj.nh.gov/consumer/security-breaches/documents/montana-state-university-20121221.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-19 LexisNexis FL Electronic Business Yes - Unknown # 0

We are writing in accordance with your state's information security breach notification statute to inform you that we are notifying consumers of an incident in which a technical error led to sensitive personally identifiable information, including Social Security numbers and drivers ' license numbers, about them being displayed in full in reports sent to other consumers. Typically, the Social Security numbers and drivers' license numbers would have been redacted. The issue began on October 30, 2012, was discovered on November 5, 2012 and was corrected by November 6, 2012.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: LexisNexis Article URL: http://doj.nh.gov/consumer/security-breaches/documents/lexisnexis-20121206.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-18 Valpak FL Electronic Business Yes - Unknown # 0

On November 14, 2012, our client, Valpak, learned from an investigator at the United States Postal Inspection Services (USPS) that a temporary independent contractor used by Valpak was indicted and charged with mail fraud. When the individual was arrested in November 2012, law enforcement found a file in his possession that contained the names, Social Security numbers, and employment start and end dates for employees of Valpak franchises. Because the contractor only performed work for Valpak from June through September 2011 , only individuals hired before September 2011 were in the file. Valpak was informed by the USPS that the contractor opened a post office box in a limited number of individuals' names.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Valpak Article URL: http://doj.nh.gov/consumer/security-breaches/documents/valpak-20121214.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-17 Sunview Vineyards CA Electronic Business Yes - Unknown # 0

We are writing to inform you that on or about the 15th of December 2012, we believe that a company laptop computer was stolen from one of our facilities as part of a burglary. We have reason to believe that personal information concerning you was or may have been on the laptop computer and that information may be in the possession of the thief. While the laptop computer was password protected, the files were not encrypted, so it is unclear if the thief has or can access any of your personal information. Regardless, we wanted to make sure that you were aware of this issue.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Sunview Vineyards Article URL: https://oag.ca.gov/system/files/SampleLetterforSecurityBreachNotification%2801126564%29%20%283%29_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-16 Yale University CT Electronic Educational Yes - Published # 450

The hacker group NullCrew claimed it had obtained 1,200 accounts on Yale databases, but the University said only 450 accounts were affected by the breach. Photo by NullCrew.

A hacker group known as NullCrew claims it obtained the personal information of 1,200 Yale students and staff members from University databases.

Attribution 1 Publication: yaledailynews.com Author: Date Published: Article Title: Hacker group breaches Yale databases Article URL: http://yaledailynews.com/crosscampus/2012/07/30/hacker-group-breaches-yale-databases/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-15 Westside Park Elementary CA Paper Data Medical/Healthcare Yes - Published # 1,370 School Based Health Center Medical records at the Westside Park Elementary School Based Health Center may have been accessed when the county clinic was burglarized, San Bernardino County officials said Tuesday.

Attribution 1 Publication: phiprivacy.net Author: Date Published: Article Title: Patient records accessed after county clinic burglary Article URL: http://www.phiprivacy.net/?s=westside

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-14 San Jose State University CA Electronic Educational Yes - Published # 10,000 Associated Students On June 26, SJSU learned a hacker breached an Associated Students of SJSU server. Please note the breach affected Associated Students only. SJSU employee data and MySJSU are completely separate and were not affected. Therefore, the breach will not impact fall 2012 registration and did not result in the release of thousands of student Social Security numbers or student ID passwords as suggested by the media.

Attribution 1 Publication: SJSU Today website Author: Date Published: Article Title: Update: Associated Students Server Security Breach Article URL: http://blogs.sjsu.edu/today/2012/update-associated-students-server-security-breach/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-13 Rhinebeck Health Center - NY Electronic Medical/Healthcare Yes - Published # 6,745 Center for Progressive Rhinebeck Health Center and the Center for Progressive Medicine (“the Centers”) are attempting to notify patients of a potential breach to their personal and protected health information. Unauthorized access to patient information may have occurred between approximately November 15, 2011 and December 14, 2011. Rhinebeck was notified of the hacking/IT incident by their computer vendor on February 15, 2012.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: RHC/CPM Company Press Release Author: Date Published: Article Title: Rhinebeck Health Center/Center for Progressive Medicine Notifies Patients of Information Breach Article URL: http://www.rhinebeckhealth.com/breach_release.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-12 Phoebe Putney Memorial GA Electronic Medical/Healthcare Yes - Unknown # 0 Hospital On April 9, 2012, PPMH learned from law enforcement officials that a now former employee improperly accessed patient information with the intent to file fraudulent tax returns. PPMH immediately began an internal investigation to determine the information accessed by the former employee. The former employee may have accessed some patients’ names, dates of birth, and social security numbers some time between June 2010 and April 2012. No medical records were taken, and no medical information has been lost.

Attribution 1 Publication: PPMH website / phiprivacy.net Author: Date Published: Article Title: An Important Notice to Phoebe Putney Home Health Care Patients Regarding Confidentiality of Patient Information Article URL: http://www.phoebeputney.com/PhoebeContentPage.aspx?nd=1694

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-11 Office of Dr. Jeffrey Paul AZ Electronic Medical/Healthcare Yes - Published # 4,800 Edelstein I am writing to inform you about a potential data security issue related to the robbery of my computer server, other electronic devices, medical equipment, and stamps from the office on Memorial Day (May 28, 2012). The crime was discovered shortly after it occurred, the Chandler Police Department was immediately informed, and it remains an active investigation. Please understand that the data was securely backed up and I still retain all of my patient data on a new server.

Attribution 1 Publication: phiprivacy.net / Notification letter Author: Date Published: Article Title: Server stolen from Arizona physician results in notification of almost 5,000 patients Article URL: http://jpemd.com/assets/files/Notification-Letter-FINAL.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-10 Lady of the Lake Regional LA Electronic Medical/Healthcare Yes - Published # 17,130 Medical Center Our Lady of the Lake Regional Medical Center has determined that a laptop computer containing limited health information for former Intensive Care Unit patients was discovered to be missing from a local physician office sometime between March 16 and 20, 2012. An extensive search was initiated as soon as the incident was discovered. Investigation of the incident continues and we have reported this occurrence to law enforcement. We will continue to share updated information. We are sorry this incident occurred and assure our patients and the community that we are committed to protecting patients’ personal information.

Attribution 1 Publication: phiprivacy.net Author: Date Published: Article Title: Our Lady of the Lake Regional Medical Center laptop missing; held data on over 17,000 ICU patients Article URL: http://www.phiprivacy.net/?s=lady+of+the+lake

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-09 Gressler Clinic FL Paper Data Medical/Healthcare Yes - Published # 1,400

Documents containing personal information from about 1,400 patients were stolen from Gessler Clinic in May, the clinic announced Tuesday.

Attribution 1 Publication: phiprivacy.net Author: Date Published: Article Title: Records stolen from Gressler Clinic Article URL: http://www.phiprivacy.net/?s=gressler

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-08 Rosenthal Collins Group IL 11/27/2012 Electronic Business Yes - Unknown # 0

On Tuesday morning, November 27, RCG detected unauthorized access to personal information contained in an RCG web application. The unauthorized access began late Monday night and was detected by RCG Tuesday morning. Access to the web application (https:\\accountforms.rcgdirect.com) was shut down immediately and the unauthorized access was terminated. RCG conducted an internal investigation and is working with law enforcement and security professionals to identify the person(s) responsible for the unauthorized access.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Rosenthal Collins Group Article URL: https://oag.ca.gov/system/files/Consumer%20Letter%20%28FINAL%2047-state%20letter%29_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-07 WhatGreatSkin.com CA 8/28/2012 Electronic Business Yes - Unknown # 0

At WhatGreatSkin.com, we take account security very seriously and use industry standard encryption to ensure that your account information is kept secure. This afternoon at 3:30PM PST, our servers were hit with an organized attack, which was immediately detected by our server administrators. Our server administration team discovered that the following account information may have been compromised: customer names, addresses, and credit card details. WhatGreatSkin.com was immediately taken offline to prevent further access, and all credit card information was wiped from our secure database to make it completely inaccessible to further attempts. At this time, it is unclear if the data compromised can be used to make unauthorized charges.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: WhatGreatSkin.com Article URL: https://oag.ca.gov/system/files/Security%20Breach%208282012_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-06 Cigna CT 3/23/2012 Electronic Business Yes - Unknown # 0

I am writing to inform you of a matter that the Cigna Enterprise Privacy Office was made aware of on March 27, 2012. On March 23, 2012, in violation of Cigna corporate policies, a Cigna employee emailed an unencrypted document containing Cigna Dental customers’ first names and social security numbers to her home email address and to the email address of her son. The document was created by Cigna for internal use by our Dental Customer Service Agents. It included your first name and social security number, but it did not contain any other personal information about you (such as your address or health information).

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Cigna Article URL: https://oag.ca.gov/system/files/Email%20Customer%20Letter%20final%20approved.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-05 Pennsylvania State University PA Electronic Educational Yes - Published # 1,406

A server hosted at Penn State’s University Park campus that contained 1,406 Social Security numbers, all of which belong to students who were enrolled at Penn State Altoona before 2005, was found to be infected with malware that enabled it to communicate with an unauthorized computer outside the network. "Malware" is short for malicious software and refers to any software designed to cause damage to a single computer, server, or computer network, whether it's a virus, spyware, worm or other destructive program.

Attribution 1 Publication: Penn State website Author: Date Published: Article Title: Malware opens door to possible information exposure Article URL: http://live.psu.edu/story/63362

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-04 LSU Health Care Services LA Electronic Medical/Healthcare Yes - Published # 416 Division The LSU hospital system has notified 416 patients that their checking account numbers and other personal information on checks paid to hospitals have been stolen.

Attribution 1 Publication: thetowntalk.com Author: Date Published: Article Title: 416 cases of identity theft reported at LSU hospitals Article URL: http://www.thetowntalk.com/viewart/20121227/NEWS01/121227001/416-cases-identity-theft-reported-LSU-hospitals

The Hospice of North Idaho (HONI) has agreed to pay the U.S. Department of Health and Human Services’ (HHS) $50,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. This is the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500 individuals.

The HHS Office for Civil Rights (OCR) began its investigation after HONI reported to HHS that an unencrypted laptop computer containing the electronic protected health information (ePHI) of 441 patients had been stolen in June 2010. Laptops containing ePHI are regularly used by the organization as part of their field work. Over the course of the investigation, OCR discovered that HONI had not conducted a risk analysis to safeguard ePHI. Further, HONI did not have in place policies or procedures to address mobile device security as required by the HIPAA Security Rule. Since the June 2010 theft, HONI has taken extensive additional steps to improve their HIPAA Privacy and Security compliance program.

Attribution 1 Publication: hhs.gov Author: Date Published: Article Title: Hospice of North Idaho Article URL: http://www.hhs.gov/news/press/2013pres/01/20130102a.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-02 Kentucky Cabinet for Health KY Electronic Government/Military Yes - Published # 1,090 and Family Services A computer security breach may have resulted in the release of information on 1,090 Kentucky Medicaid clients, including some Social Security numbers.

The Cabinet for Health and Family Services announced Friday that the clients will be receiving letters explaining the breach.

Attribution 1 Publication: Kentucky.com Author: Mary Meehan Date Published: Article Title: Kentucky Medicaid clients' information might have been breached Article URL: http://www.kentucky.com/2012/12/28/2457718/kentucky-medicaid-clients-information.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121231-01 Rhode Island Department of RI Electronic Government/Military Yes - Published # 700 Labor The Rhode Island Department of Labor and Training says a technical problem may have led to a privacy breach for some callers to its phone line for unemployment and disability benefits.

Attribution 1 Publication: Boston.com Author: Date Published: Article Title: RI labor dept. warns of possible privacy breach Article URL: http://www.boston.com/news/local/rhode-island/2012/12/31/labor-dept-warns-possible-privacy-breach/qamG0J2dhmhK

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121229-01 US Army NJ Electronic Government/Military Yes - Published # 36,000

Hackers have cracked computer systems connected with a former US military base at Fort Monmouth, New Jersey, stealing the personal details of more than 36,000 people.

Attribution 1 Publication: International Business Times Author: Date Published: Article Title: Hackers Steal Personal Details of 36,000 People with US Army Connections Article URL: http://www.ibtimes.co.uk/articles/419150/20121229/american-army-hackers-fort-monmouth-cyber-attack.htm

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121228-02 Gibson General Hospital IN Electronic Medical/Healthcare Yes - Published # 29,000

A laptop containing personal information on thousands of patients was stolen, Gibson General Hospital officials announced Friday. The laptop and other items were reported stolen from a hospital employee’s home on Nov. 27, according to press release from the hospital.

Attribution 1 Publication: Princeton Daily Clarion Author: Date Published: Article Title: Stolen Gibson General laptop may have had patient info Article URL: http://www.tristate-media.com/pdclarion/article_d29d5b90-513c-11e2-b750-001a4bcf887a.html

Dear Customer: We very recently determined that unauthorized individuals stole credit and debit card information from the card processing system we use in some of our stores.You are receiving this letter because we believe your credit or debit card information may have been stolen. We are sending this notice as soon as practically possible taking into consideration that legal enforcement authorities are involved. This letter explains actions we have taken in response to the theft and describes some actions you can take to protect yourself against fraud.

Attribution 1 Publication: Corporate Breach Notification Letter / C Author: Date Published: Article Title: Jetro Cash & Carry Article URL: http://www.restaurantdepot.com/docs/default-document-library/credit-card-letter.pdf?sfvrsn=0

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121226-17 Children's Center ID Paper Data Government/Military Yes - Unknown # 0

A man is questioning just how safe our medical records are, after he found volumes of records in the Dumpster behind his workplace.

State officials were shredding the documents Thursday. Wes Dustin doesn't want to share where he works, but he does want to share what he found there when he went to take out the trash.

"Boxes," Dustin explained. "Looked like records or something."

Attribution 1 Publication: phiprivacy.net / KIDK Author: Date Published: Article Title: Children's medical records found in Dumpster to be shredded Article URL: http://www.localnews8.com/news/Children-s-medical-records-found-in-Dumpster-to-be-shredded/-/308662/17839236/-/e

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121226-16 Surgical Associates of Utica NY Electronic Medical/Healthcare Yes - Published # 1,017

theft - network server

Attribution 1 Publication: hhs.gov / phiprivacy.net Author: Date Published: Article Title: Surgical Associates of Utica Article URL: http://www.phiprivacy.net/?p=10885

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121226-15 Upper Skagit Valley Casino WA Electronic Business Yes - Unknown # 0 Resort I am writing to inform you that on November 29, 2012 the Skagit Valley Casino Resort learned that an incident involving one of its vendors, Bally Technologies, Inc. ("Bally"), may have involved your personal data. Electronic equipment in Bally's possession in the normal course of business for the purposes of performing services for us, was stolen from a Bally employee's home office and may have contained data of our customers. The customer data may have included your name, driver's license number, social security number, and bank account information.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Skagit Valley Casino Resort Article URL: https://oag.ca.gov/system/files/Multi-State_Skagit_1Leaf_Proofs%20%282%29.pdf%20-%20Adobe%20Acrobat%20Pro_0

Attribution 2 Publication: Author: Date Published: Article Title: Article URL:

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121226-14 Brigham & Women's Hospital MA Electronic Medical/Healthcare Yes - Published # 615

On or around Oct. 16, 2012, a desktop computer was reported stolen from a building at Brigham and Women’s Hospital. BWH believes that data related to 615 individuals may have been present on the stolen computer, and may include medical record number, age, medications, laboratory values or other clinical information. Individuals impacted by the theft were notified. BWH has no knowledge that any information on this computer has been accessed. BWH values our patients’ privacy and the security of our staff, and is committed to protecting both at all times. We are taking steps to reduce or prevent the risk of such events taking place in the future.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: phiprivacy.net / hhs.gov Author: Date Published: Article Title: Brigham & Women's Hospital Article URL: http://www.phiprivacy.net/?s=brigham

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121226-13 Vidant Pungo Hospital NC Electronic Medical/Healthcare Yes - Published # 1,100

The purpose of this notice is to inform certain individuals of a data security incident involving personal information. Specifically, the paper jackets that held one or more old radiology films were improperly discarded with office trash, picked up by a sanitation company, and disposed of in a landfill. The information contained on the paper jacket was limited to name, address, date of birth, age, sex, race and the date and name of the radiology procedure prior to May of 2012. The radiology films themselves were not disclosed, nor was any financial information.

Attribution 1 Publication: phiprivacy.net / hhs.gov Author: Date Published: Article Title: Vidant Pungo Hospital Article URL: https://www.vidanthealth.com/vidant/dynamic-detail.aspx?id=11781

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121226-12 Robbins Eye Center CT Electronic Medical/Healthcare Yes - Published # 1,749

theft - desktop computer

Attribution 1 Publication: hhs.gov / phiprivacy.net Author: Date Published: Article Title: Robbins Eye Center Article URL: http://www.phiprivacy.net/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121226-11 Office of Dr. James M. McGee GA Paper Data Medical/Healthcare Yes - Published # 1,306

1,306 dental patients were notified of a September 19, 2012 incident involving the theft of paper records. There is no statement on his web site that I can find and no media coverage that I can find at this time.

Attribution 1 Publication: hhs.gov / phiprivacy.net Author: Date Published: Article Title: Office of Dr. James M. McGee Article URL: http://www.phiprivacy.net/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121226-10 Coastal Behavioral FL Paper Data Medical/Healthcare Yes - Published # 4,907 Healthcare Inc. Coastal Behavioral Healthcare, Inc. (“Coastal”) became aware of a breach of patient information on October 10, 2012 when a law enforcement officer contacted Coastal to report discovery of a list, dated April 2011, of approximately 136 Coastal patient names and identifying information found in a vehicle during a traffic stop.

Attribution 1 Publication: Company website / phiprivacy.net / hhs. Author: Date Published: Article Title: Coastal Behavioral Healthcare Inc. Article URL: http://www.coastalbh.org/pdfs/website_notification.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121226-09 Omnicell MI Electronic Medical/Healthcare Yes - Published # 68,000

Approximately 4,000 patients at the University of Michigan Health System (UMHS) have been notified this December that their personal health information has been compromised, UMHS officials announced.

UMHS was notified Nov. 20 by Mountain View, Calif.-based medication management vendor Omnicell that an unsecured electronic device containing patient health information was stolen from an Omnicell employee's car on Nov. 14, according to a UMHS press release. Notification letters to patients were sent out Dec. 18.

Attribution 1 Publication: Healthcare IT News Author: Date Published: Article Title: U of Michigan Health System, Omnicell report patient data breach Article URL: http://www.healthcareitnews.com/news/u-michigan-health-system-omnicell-report-patient-data-breach

How is this report produced? What are the rules? See last page of report for details.

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121226-08 ipromo.com IL Electronic Business Yes - Unknown # 0

I am contacting you regarding a data security incident that occurred at ipromo.com. This incident involved a customer data file that may have included some or all of the following personal identification information (first and last name, shipping address, billing address, email, and ipromo.com account password). The file also contained masked credit card information, meaning all but the last four digits of the credit card numbers where hidden. Your credit card (type), the last four digits ( ) and the expiration date ( ) was listed in this file. As a result, this personal information may have been potentially exposed to others.

Attribution 1 Publication: VT AG's office Author: Date Published: Article Title: ipromo.com Article URL: http://www.atg.state.vt.us/issues/consumer-protection/privacy-and-Data-Security/documents-and-resources5/ipromo-s

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121226-07 CruiseOne FL Electronic Business Yes - Unknown # 0

CruiseOne recognizes the importance of the privacy and confidentiality of the personal information provided to us by our customers. Regrettably, we are writing to inform you of an incident involving that information. On November 30, 2012, we learned that an unauthorized person gained access to the booking system by misusing the log-in credentials of an authorized user. Although credit card information is encrypted when it is stored in the booking system, the unauthorized person used a decryption feature of the system to view the credit card number and expiration date for a limited number of individuals.

Attribution 1 Publication: VT AG's office Author: Date Published: Article Title: CruiseOne Article URL: http://www.atg.state.vt.us/issues/consumer-protection/privacy-and-Data-Security/documents-and-resources5/world-tra

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121226-06 Western University of Health CA Electronic Educational Yes - Unknown # 0 Sciences Western University ofHealth Sciences (''WesternU") is committed to protecting the personal information it maintains. Regrettably, we are writing to inform you about an incident potentially involving some of that information.

Attribution 1 Publication: VT AG's office Author: Date Published: Article Title: Western University of Health Sciences Article URL: http://www.atg.state.vt.us/issues/consumer-protection/privacy-and-Data-Security/documents-and-resources5/westernu-

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121226-05 DeLaval Inc. MO Electronic Business Yes - Unknown # 0

We recently sent to you a letter dated December 13, 2012 in which we informed you of a recent security incident at DeLaval, Inc. Fidelity, our retirement program administrator, detected some unusual activity related to a small number of DeLaval employee retirement accounts. Based upon that unusual activity, we were able to conclude that unauthorized access to the personal infonnation of all DeLaval employees with Fidelity accounts may have occurred.

Attribution 1 Publication: VT AG's office Author: Date Published: Article Title: DeLaval Inc. Article URL: http://www.atg.state.vt.us/issues/consumer-protection/privacy-and-Data-Security/documents-and-resources5/delaval-in

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121226-04 SunTrust Loan Education GA Electronic Banking/Credit/Financial Yes - Unknown # 0

This letter is to notify you of an issue regarding your private student loan and possible exposure of your personal information, including Social Security number and date of birth. SunTrust uses an outside vendor to originate our private student loans. Recently, SunTrust was notified that a temporary employee of this vendor had taken client information inappropriately. We believe your information may have been included in the material recovered by police.

Attribution 1 Publication: VT AG's office / NH AG's office Author: Date Published: Article Title: SunTrust Loan Education Article URL: http://www.atg.state.vt.us/issues/consumer-protection/privacy-and-Data-Security/documents-and-resources5/suntrust-

TwinSpires.com, the wagering site for customers of the Louisville, Ky.-based Churchill Downs racetrack, was hacked, exposing the personal information of account holders.

Attribution 1 Publication: SC Magazine / CA AG's office Author: Date Published: Article Title: Churchill Downs wagering site hacked Article URL: http://www.scmagazine.com/churchill-downs-wagering-site-hacked/article/259114/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121226-02 CCS Medical DE Electronic Medical/Healthcare Yes - Unknown # 0

We are writing on behalf of our client, CCS Medical, Inc., a Delaware corporation ("CCS Medical"), to report a potential security breach of personal information maintained by CCS Medical. CCS Medical is providing this report to the New Hampshire Department of Justice pursuant to New Hampshire statutes governing security breach notification. We also enclose a copy of the form of notice that CCS Medical is sending to individuals who are New Hampshire residents that could be affected by the potential breach.

Attribution 1 Publication: phiprivacy.net / NH AG's office Author: Date Published: Article Title: CCS Medical employee may have accessed and disclosed Social Security numbers for a tax refund fraud scheme Article URL: http://www.phiprivacy.net/?p=11056

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121226-01 Germantown Credit Union MD Electronic Banking/Credit/Financial Yes - Unknown # 0 ATMs A Navy Federal Credit Union ATM in Germantown was among three ATMs in Montgomery County targeted in a skimming device scheme, Montgomery County Police said.

Attribution 1 Publication: datalossdb.org Author: Date Published: Article Title: Germantown Credit Union Targeted in ATM Skimming Scheme Article URL: http://northpotomac.patch.com/articles/police-germantown-credit-union-targeted-in-atm-skimming-scheme

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121219-06 California DOJ - CATCH CA Electronic Government/Military Yes - Unknown # 0

This letter is to inform you of an incident that involved unauthorized access to your personal information. In November 2011, hackers affiliated with the group Anonymous accessed and released private email accounts belonging to a retired agent for the Department of Justice who was a member of the Computer and Technology Crime High-Tech Response Team (CATCH). CATCH is a multi-agency task force that was formed to apprehend and prosecute criminals who use technology to prey on the citizens of San Diego, Imperial Valley, and Riverside Counties. Some of emails that the hackers released included data that contained your personal information including, but not limited to, your name, address, date of birth, and Social Security number (SSN).

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: California DOJ - CATCH Article URL: https://oag.ca.gov/system/files/Notification_Letter_FINAL_SSNs_04-25-12_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121219-05 Blue Cross Blue Shield of MA Electronic Medical/Healthcare Yes - Unknown # 0 Massachusetts Health insurer Blue Cross Blue Shield of Massachusetts has referred to the state attorney general’s office a report that a vendor made “inappropriate use” of an employee record.

Attribution 1 Publication: The Globe / boston.com Author: Robert Weisman Date Published: Article Title: Blue Cross Blue Shield reports misuse of employee record to attorney general’s office Article URL: http://www.boston.com/businessupdates/2012/09/19/blue-cross-blue-shield-reports-misuse-employee-record-attorney-g

Awklein ,CA,,”2,000″,2/1/2011,Theft,Other,6/8/2012,,

Attribution 1 Publication: hhs.gov / phiprivacy.net Author: Date Published: Article Title: Awklein Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

Attribution 2 Publication: hhs.gov Author: Date Published: Article Title: Awklein Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121219-03 Anchorage Community AK Electronic Medical/Healthcare Yes - Published # 2,743 Mental Health Services, Inc. Unauthorized Access/Disclosure

Attribution 1 Publication: HHS.gov / datalossdb.org Author: Date Published: Article Title: Anchorage Community Mental Health Services, Inc. Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121219-02 Affordable Medical and KS Paper Data Medical/Healthcare Yes - Published # 1,000 Surgical Services An Overland Park, Kan., woman made a disturbing discovery Saturday as she dumped her recycling inside a yellow and green bin in front of Brookridge Elementary School: More than 1,000 private abortion records sat in plain view, dumped on top of magazines and newspapers in a possibly serious violation of federal privacy law.

Attribution 1 Publication: phiprivacy.net / Grandforksherald.com Author: Date Published: Article Title: Affordable Medical and Surgical Services Article URL: http://www.phiprivacy.net/?s=affordable+medical

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121219-01 Diversified Support IN Electronic Medical/Healthcare Yes - Published # 1,945 Services - Choices On or about May 10, 2012, Choices, Inc. learned that its website and computer system was breached by an unknown, external third party “hacker”. Choices promptly secured all systems and conducted a detailed investigation which confirmed the “hacker” illegally accessed a combination of Social Security numbers, private health and other demographic information, for Choices’ clients, family members and some providers.

Attribution 1 Publication: HHS / phiprivacy.net Author: Date Published: Article Title: Choices, Inc. hacked: clients’ SSN and health info accessed (updated) Article URL: http://www.phiprivacy.net/?s=adult+and+child+care+center

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121218-06 Luxor Industries FL Paper Data Medical/Healthcare Yes - Unknown # 0

LEE COUNTY - Invasion of privacy.....Fox 4 finding hundreds of patients' medical records containing sensitive information....just tossed in a dumpster in North Fort Myers. These documents belonging to a medical facility that's now under investigation. Four in your Corner investigator Mike Mason is here now with more.

Attribution 1 Publication: fox4now.com / Becker's Hospital Review Author: Date Published: Article Title: Luxor Industries Article URL: http://www.fox4now.com/news/local/183093551.html

A Winston-Salem woman whose personal information was found alongside Stratford Road, says other parents of a now closed Winston- Salem daycare need to check their credit report because their personal information could have been leaked too.

Ikeshia Knight was contacted by a man who found a file from her son’s daycare Thursday.

When Ikeshia met the man at the daycare, more files were on the ground, near the dumpster and in the playground.

Attribution 1 Publication: Myfox8.com / datalossdb.org Author: Date Published: Article Title: Higher Learning Article URL: http://myfox8.com/2012/12/13/personal-information-compromised-in-winston-salem/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121218-04 Mt. Diablo Unified School CA Electronic Educational Yes - Unknown # 0 District The confidentiality of personal information we maintain is critically important to Mt. Diablo Unified School District ("District") and we take great efforts to protect it. Regrettably, we are writing to let you know about an incident involving some of that information. One of our offices was burglarized on Saturday, December 1, 2012 and a password protected unencrypted computer was stolen after thieves broke a window. Law enforcement and District staff were immediately alerted because the office was protected by a security camera, motion detector, and an alarm. The stolen computer contained Excel and Word files that included employees’ names, dates of birth, addresses, and Social Security numbers for employees and former employees who worked at the District between 1998 and 2010.

Attribution 1 Publication: CA AG's office / VT AG's office Author: Date Published: Article Title: Mt. Diablo Unified School District Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-37238

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121218-03 Library Systems & Services MD Electronic Business Yes - Unknown # 0 LLC Theft of a company laptop computer. Although we do not believe the laptop contained any customer information, we do believe it may have contained some employees' personal information including names, addresses, dates of birth and/or Social Security numbers.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Library Systems & Services LLC Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-37274

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121218-02 World Travel Holdings FL 11/30/2012 Electronic Business Yes - Unknown # 0

World Travel Holdings ("WTH") recognizes the importance of the privacy and confidentiality of the personal information provided to us by our customers. Regrettably, we are writing to inform you of an incident involving that information. On November 30, 2012, we learned that an unauthorized person gained access to the booking system by misusing the log-in credentials of an authorized user. Although credit card information is encrypted when it is stored in the booking system, the unauthorized person used a decryption feature of the system to view the credit card number and expiration date for a limited number of individuals. We deactivated the log-in credentials that were misused and added additional technical safeguards to prevent this from happening again.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: World Travel Holdings Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-37286

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121218-01 Wilton Brands LLC IL Electronic Business Yes - Unknown # 0

We are writing to inform you of a potential security incident involving personal information maintained by Wilton Brands LLC (“Wilton”). While we currently have no evidence that your personal information was misused, out of an abundance of caution, we are providing this notice and outlining some steps you may take to help protect yourself. We sincerely apologize for any inconvenience or concern this may cause you.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: CA AG's office / VT AG's office Author: Date Published: Article Title: Wilton Brands LLC Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-37224

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121212-01 ABQ Health Partners NM Electronic Medical/Healthcare Yes - Unknown # 0

Some patient records may be in jeopardy, thanks to a lost or stolen laptop computer from ABQ Health Partners, the state's largest independent doctor's group.

Attribution 1 Publication: KOB.com Author: Date Published: Article Title: ABQ Health Partners' patient records on missing laptop Article URL: http://www.kob.com/article/stories/S2861824.shtml?cat=500

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121211-09 Accume Partners NJ Electronic Business Yes - Unknown # 0

Recently we learned of a data security breach involving a laptop belonging to WeiserMazars, LLC, the CPA firm which audits the statement of net assets available for Plan benefits in connection with the Plan's annual reporting obligations under the Employee Retirement Income Security Act of 197 4. The laptop was stolen from the vehicle of a WeiserMazars employee on October 10, 2012 prior to 7:30AM in Philadelphia, Pennsylvania. The WeiserMazars employee stored certain personal information regarding plan participants on the laptop, including name and Social Security number of plan participants, and in some instances, address, date of birth, 401 (k) information and payroll information for plan participants.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Accume Partners Article URL: https://oag.ca.gov/system/files/CA.FormNotce_0.PDF?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121211-08 Pinkerton Government CA Electronic Business Yes - Unknown # 0 Services We are contacting you about a potential problem involving identity theft. During the night of November 15, 2012, a number of computers were stolen from a PGS operating center. At this time it appears that the theft was intended for the actual value of the computers, and not the information that may have been stored. We do not believe that information was targeted.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Pinkerton Government Services Article URL: https://oag.ca.gov/system/files/Letter%20to%20Employees_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121211-07 California Department of CA Electronic Government/Military Yes - Published # 14,000 Health Care Services Names and Social Security numbers were discovered on the website of the Department of Health Care Services. People who sent their information in order to become a provider of In-Home Supportive Services (IHSS) may have had their information exposed online between November 5, 2012 and November 20. The issue was discovered on November 14 and was not fully addressed until November 20.

Attribution 1 Publication: KCRA.com Author: Date Published: Article Title: State of Calif. mistakenly publishes thousands of SSN online Article URL: http://www.kcra.com/news/State-of-Calif-mistakenly-publishes-thousands-of-SSN-online/-/11797728/17723434/-/tad6swz

Attribution 2 Publication: CA AG's office / Privacy Rights Clearing Author: Date Published: Article Title: California Department of Health Care Services Article URL: https://oag.ca.gov/system/files/DHCS_PrivacyIncident_0.pdf?

I write on behalf of Workers United to inform you of a potential security incident that involved the personal information of approximately 6 New Hampshire residents. On October 25, 2012, Workers United was informed by an independent contractor that a hard drive containing certain retiree personal information had been stolen from the contractor's office. The theft is believed to have occurred on October 13 or 14, 2012. The hard drive included a database containing personal information of some former Workers United members, including but not limited to their first name, last name and Social Security number. At this time Workers United has no evidence indicating that any personal information was accessed by unauthorized persons or misused .

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Workers United Article URL: http://doj.nh.gov/consumer/security-breaches/documents/workers-united-20121130.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121211-05 Sourcefire MD Electronic Business Yes - Unknown # 0

On behalf of Sourcefire Inc., I am writing to inform you about a recent incident in which personal information maintained by Sourcefire relating to New Hampshire residents may have been accessed by an unauthorized party.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Sourcefire Article URL: http://doj.nh.gov/consumer/security-breaches/documents/sourcefire-20121115.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121211-04 U.S. Secret Service DC Electronic Government/Military Yes - Unknown # 0

The Secret Service is the target of an investigation into an "immense breach" involving the loss of two backup computer tapes left on a Washington, D.C., Metro train that contained sensitive personal information about all agency employees, contacts and overseas informants, according to multiple law enforcement and congressional sources.

Attribution 1 Publication: Fox News Author: Jana Winter Date Published: Article Title: Secret Service under investigation over loss of sensitive files on Metro Article URL: http://www.foxnews.com/politics/2012/12/07/secret-service-under-investigation-over-loss-sensitive-files-on-metro/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121211-03 Rock Bottom Auto Sales FL Paper Data Business Yes - Unknown # 0

Garbage bags full of people’s personal information, such as copies of driver’s licenses and social security numbers, dumped on the side of the road. All of the evidence leads to one source -

Attribution 1 Publication: TBO.com Author: Date Published: Article Title: Documents containing private data found on Hudson roadside Article URL: Documents containing private data found on Hudson roadside

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121211-02 West Pittsburgh Partnership PA Paper Data Business Yes - Unknown # 0

Documents with confidential information including names, addresses and even Social Security numbers were apparently found a street corner sitting next to a dumpster in the West End.

Attribution 1 Publication: WPXI.com Author: Date Published: Article Title: Target 11 investigates confidential information apparently found on street corner in West End Article URL: http://www.wpxi.com/news/news/local/target-11-investigates-confidential-information-ap/nTRw2/

President Andrew K. Benton sent an email today informing the university community that a laptop computer belonging to an authorized university employee was stolen from that individual’s car. This laptop had been used extensively in work related to the IRS, “and it contained data dating back to 2008 involving as many as 8300 Pepperdine campus community members.” Approximately 75 percent of these names belong to students.

Attribution 1 Publication: University Publication - Graphic Online Author: Date Published: Article Title: Laptop theft compromises information of 8300 campus community members Article URL: http://www.pepperdine-graphic.com/headline/laptop-theft-compromises-information-of-8300-campus-community-memb

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121210-01 Carolinas Medical Center- NC Electronic Medical/Healthcare Yes - Published # 6,300 Randolph An upgrade in security software at Carolinas Medical Center-Randolph in Charlotte, N.C. found a provider’s email account had been hacked, resulting in notifying about 6,300 patients of a breach of protected health information.

Attribution 1 Publication: Healthdatamanagement.com Author: Date Published: Article Title: Provider E-mail Hacked, Thousands of Patients Now Notified Article URL: http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-health-care-45375-1.html?ET=

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121207-01 Louisiana State University LA Electronic Educational Yes - Published # 400 Health LSU Health is already working to restore its reputation after an employee allegedly stole the identities of hundreds of patients.

Attribution 1 Publication: Fox 44 - WGMB Author: Date Published: Article Title: Nerves rattled by identity theft involving LSU Health employee Article URL: http://www.fox44.com/news/nerves-rattled-identity-theft-involving-lsu-health-employee

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121204-07 Soundental Associates P.C. CT Electronic Medical/Healthcare Yes - Unknown # 0

A bag stolen from a car in September contained data from a local dentist office, but the business said Monday that patients’ privacy has not been compromised.

Attribution 1 Publication: phiprivacy.net Author: Date Published: Article Title: Bag stolen from car in September contained data from Soundental Associates Article URL: http://www.phiprivacy.net/?s=soundental

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121204-06 Jackson North Medical Center FL Electronic Medical/Healthcare Yes - Published # 500

Jackson North Medical Center in North Miami Beach is part of the Jackson Health System. It appears they, too, have suffered an insider breach for tax refund fraud purposes. John Dorschner reports that a volunteer at the medical center used a smart phone to take pictures of patient records:

The volunteer’s misdeeds unraveled in a bizarre case that started in January, when Miramar police responded to a report of suspicious activity to find three men sitting in a car in a McDonald’s parking lot for several hours working furiously on laptops, apparently using the restaurant’s free wi-fi to file tax returns, according to court documents.

Attribution 1 Publication: phiprivacy.net Author: Date Published: Article Title: Volunteer at Jackson North used smartphone to steal data Article URL: http://www.phiprivacy.net/?cat=19

The Action 16 Investigation into the continuing problems of a hospital in Schuylkill County that was shut down this spring continues. At the time State Health Officials said St. Catherine Medical Center in Schuylkill County failed to meet patient safety standards, and the facility ended up in bankruptcy.

Attribution 1 Publication: WNEP.com / datalossdb.org Author: Date Published: Article Title: Personal Information Found on Items at Auction Article URL: http://wnep.com/2012/11/29/personal-private-info-found-on-items-from-auction-at-shuttered-hospital/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121204-04 Western Connecticut State CT Electronic Educational Yes - Published # 235,000 University Western Connecticut State University is in the process of notifying students, their families, and other constituents that their personal information may have been exposed to unauthorized access by a computer system vulnerability that has since been corrected. WCSU has found no evidence that records were inappropriately accessed.

Attribution 1 Publication: University website Author: Date Published: Article Title: Western Connecticut State University Article URL: https://www.wcsu.edu/securityincident/pressrelease.asp

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121204-03 WestCoast Children's Clinic CA Electronic Medical/Healthcare Yes - Unknown # 0

WestCoast Children’s Clinic is mailing letters to its patients after an e-mail error on November 20 resulted in referral documents containing names, dates of birth, Social Security numbers, addresses, and current health concerns being sent to an unauthorized recipient – a county social worker with the Alameda County Department of Social Services, Child and Family Services Unit.

Attribution 1 Publication: CA AG's office / PHIprivacy.net Author: Date Published: Article Title: WestCoast Children's Clinic Article URL: https://oag.ca.gov/system/files/SAMPLE%20Nov%2028%202012%20Breach%20Notification%20Letter%20to%20Client_0

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121204-02 Advanced Data Processing, FL Electronic Business Yes - Unknown # 0 Inc. This notice is sent to you on behalf of Advanced Data Processing, Inc. (the "Company") and ______(the "Ambulance Agency") to alert you to an important matter. The Company manages billing for ambulance agencies. We learned on October 1, 2012 that an employee of the Company illegally accessed and disclosed certain patient account information in connection with a scheme to file false federal tax returns. Accessed account information included name, date of birth, Social Security number and record identifier. No medical information was accessed.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Advanced Data Processing, Inc. Article URL: https://oag.ca.gov/system/files/California%20Attorney%20General%20Notice%20--%20Sample%20Notice%20Letters_0.p

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121204-01 University of Virginia Medical VA Electronic Medical/Healthcare Yes - Published # 1,846 Center The University of Virginia Medical Center is warning patients that an electronic device containing their medical and personal information is missing.

Attribution 1 Publication: PilotOnline.com Author: Date Published: Article Title: U.Va. med center warns of potential privacy breach Article URL: http://hamptonroads.com/2012/12/uva-med-center-warns-potential-privacy-breach

Attribution 2 Publication: HealthData Management Author: Date Published: Article Title: U-Virginia Medical Center Notifying 1,846 Patients Following Breach Article URL: http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-45349-1.html?ET=healthdatam

A chiropractic office was broken into early Monday morning and reportedly had a safe and computer stolen.

Attribution 1 Publication: WHIO.com Author: Date Published: Article Title: Safe stolen from Dayton chiropractic office Article URL: http://www.newstalkradiowhio.com/news/news/crime-law/safe-stolen-from-dayton-chiropractic-office/nTFwF/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121128-09 CHRISTUS St. John Hospital TX 9/27/2012 Electronic Medical/Healthcare Yes - Unknown # 0

On September 27, 2012, we learned that an unencrypted memory stick containing patient information from the St. John Sports Medicine program was missing on September 25, 2012. We immediately conducted a thorough search of our facilities but have been unable to locate it. We also began an investigation to determine what information was on the memory stick and confirmed that it may have contained patient names, dates of birth, health insurance information, Social Security numbers, diagnoses, and progress notes. Not all St. John Sports Medicine patients have been affected, only those who were treated from January 1, 2011 to July 31, 2012.

Attribution 1 Publication: CHRISTUS St. John Hospital website / Author: Date Published: Article Title: Confidentiality Notice for CHRISTUS St. John Sports Medicine Patients Article URL: https://www.christusstjohn.org/body.cfm?id=18&action=detail&ref=14

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121128-08 Nassau County Police NY Paper Data Government/Military Yes - Unknown # 0 Department Parade-goers in New York City say they found shredded police documents mixed in with confetti at the Macy's Thanksgiving Day Parade.

The documents contained confidential information, including detectives' Social Security numbers, bank information and unveiled undercover officers' identities, WPIX-TV, New York, reported.

Attribution 1 Publication: UPI.com / datalossdb.org Author: Date Published: Article Title: Police documents found in parade confetti Article URL: http://www.upi.com/Top_News/US/2012/11/25/Police-documents-found-in-parade-confetti/UPI-68261353887903/ - axzz2

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121128-07 Scripps College CA Paper Data Educational Yes - Unknown # 0

The personal information of nearly 1,000 Scripps College students was stolen from a staff member's vehicle in Anaheim this past weekend, students learned Wednesday through an email from the Dean of Students office.

Attribution 1 Publication: Inland Valley Daily Bulletin Author: Beatriz E. Valenzuela Date Published: Article Title: Personal information of nearly 1,000 Scripps College students stolen Article URL: http://www.dailybulletin.com/breakingnews/ci_22047059/personal-information-nearly-1-000-scripps-college-students

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121128-06 Oak River Insurance NE Electronic Business Yes - Published # 2,700

Oak River Insurance Co., a subsidiary of Warren Buffett’s Berkshire Hathaway Inc. (A), asked clients to guard against identity theft after an employee released some of their personal information.

Attribution 1 Publication: BloombergBusinessweek / databreache Author: Noah Buhayar Date Published: Article Title: Berkshire Says Private Data Released for Claimants Article URL: http://www.businessweek.com/news/2012-11-23/berkshire-says-private-data-released-for-claimants

An Overland Park man found an ominous voicemail waiting for him when he got home one Friday night in September.

His mortgage loan documents had been stolen from a loan official’s car while it was parked at a gym almost 12 hours earlier.

His Social Security and driver’s license numbers, two years of tax returns and other sensitive documents had been stolen.

Attribution 1 Publication: KansasCity.com / databreaches.net Author: Karen Dillon Date Published: Article Title: Personal data face low-tech peril Article URL: http://www.kansascity.com/2012/11/26/v-print/3935912/personal-data-face-low-tech-peril.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121128-04 Pinnacle Foods Group LLC WI Electronic Business Yes - Published # 1,818

Pinnacle Foods Group LLC, a producer, marketer and distributor of branded food products, today announced that the personal information of up to 1,818 individuals in up to 13 states plus Mexico may have been affected by a theft of a company laptop from an employee’s home.

Attribution 1 Publication: Businesswire.com / databreaches.net Author: Date Published: Article Title: Pinnacle Foods Group LLC Reports Data Breach; Individuals in Multiple States Could Be Affected Article URL: http://www.businesswire.com/news/home/20121126006302/en/Pinnacle-Foods-Group-LLC-Reports-Data-Breach

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121128-03 50Can NY 8/20/2012 Electronic Business Yes - Unknown # 0

On Monday August 20th, 2012, 50CAN, Inc. discovered that one of the laptops belonging to the finance department had gone missing. On or about September sth, we leanied that that it is likely that the laptop contained the names and social security numbers of our employees. Since 50CAN cannot account for the whereabouts of the laptop and is unable to access the data saved on the laptop, 50CAN has determined that there has been a potential security breach.

Attribution 1 Publication: MD AG's office Author: Date Published: Article Title: 50Can Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU%20218838.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121128-02 City of Tulsa OK Electronic Government/Military Yes - Unknown # 0

Letters have gone out to individuals whose personal information was potentially accessed last week when the city's website was hacked by an unknown source, officials said Wednesday.

Attribution 1 Publication: Tulsa World Author: Brian Barber Date Published: Article Title: Tulsa residents warned after city website is hacked Article URL: http://www.tulsaworld.com/news/article.aspx?subjectid=334&articleid=20120920_11_A1_Letter87887

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121128-01 University of Arkansas for AR Electronic Educational Yes - Published # 1,500 Medical Services The University of Arkansas for Medical Sciences is letting some 1,500 patients know their information was kept without permission by a resident physician after she was terminated.

Attribution 1 Publication: ThreatPost.com Author: Anne Saita Date Published: Article Title: UAMS Alerts Patients to Data Breach Linked to Fired Resident Article URL: http://threatpost.com/en_us/blogs/uams-alerts-patients-data-breach-linked-fired-resident-112712

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121120-05 Kentucky Department for KY Electronic Government/Military Yes - Published # 2,500 Community Based Services Thousands of individuals may have had their personal information exposed after hackers used a successful phishing attack to springboard to an email server belonging the Kentucky Department for Community Based Services.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: SC Magazine Author: Danielle Walker Date Published: Article Title: Kentucky health agency breached after worker falls for phish ploy Article URL: http://www.scmagazine.com/kentucky-health-agency-breached-after-worker-falls-for-phish-ploy/article/260618/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121120-04 Dermatologist - Unknown OH Electronic Medical/Healthcare Yes - Unknown # 0

A dermatologist at 755 Boardman Canfield Road told police someone forced open a box that holds lab specimens outside the rear door of his office.

The burglary happened sometime between 7 p.m. Friday and 1 p.m. Monday.

The doctor told police the box held skin specimens.

He checked and discovered the lab did pick up the specimens at 7 p.m. Friday, but he is concerned because patients’ personal information, such as dates of birth and Social Security numbers, are in the boxes with specimens. He told police there is a risk for identity theft.

Attribution 1 Publication: Vindy.com Author: Date Published: Article Title: Boardman dermatologist reports potential patient ID theft Article URL: http://www.vindy.com/news/2012/nov/13/boardman-dermatologist-reports-potential-patient-i/?nw

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121120-03 Landmark Medical Center RI Electronic Medical/Healthcare Yes - Unknown # 0

WOONSOCKET, R.I. (WPRI) -- An investigation is underway into the theft of a hospital laptop from Landmark Medical Center.

The laptop was stolen sometime last month, Landmark spokesman Bill Fischer said Thursday. He added the computer did not contain any sensitive patient information.

Fischer said Landmark was reaching out to any affected patients, and has taken steps to prevent future thefts.

Attribution 1 Publication: WPRI.com Author: Date Published: Article Title: Laptop stolen from Woon. hospital Article URL: http://www.wpri.com/dpp/news/local_news/blackstone/woonsocket-laptop-stolen-from-landmark-medical-center

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121120-02 American Tool Supply NC Electronic Business Yes - Unknown # 0

Pursuant to Cal. Civ. Code § 1798.82 et seq., we are writing to inform you that American Tool Supply ("ATS") is providing notice to certain California residents regarding a recent potential intrusion to the ATS online ordering system (the "ATS System") that may have compromised personal information.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: American Tool Supply Article URL: https://oag.ca.gov/system/files/Notice%20to%20CA_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121120-01 Nationwide Mutual OH 10/3/2012 Electronic Business Yes - Published # 1,100,000 Insurance - Allied Insurance Georgia Insurance Commissioner Ralph Hudgens has confirmed that 28,467 households in the state could be affected by an online security breach involving Nationwide Insurance Co.

Attribution 1 Publication: eSecurity Planet Author: Jeff Goldman Date Published: 12/3/2012 Article Title: Nationwide Data Breach Affects 1 Million Article URL: http://www.esecurityplanet.com/network-security/nationwide-data-breach-affects-1-million.html

Attribution 2 Publication: 13WMAZ.com / databreaches.net Author: Jake Wade Date Published: Article Title: Nationwide Insurance Breach Puts Company in Emergency Mode Article URL: http://www.13wmaz.com/news/article/204606/175/Nationwide-Insurance-Breach-Puts-Company-in-Emergency-Mode-

How is this report produced? What are the rules? See last page of report for details.

Attribution 3 Publication: CA AG's office Author: Date Published: Article Title: Nationwide Mutual Insurance - Allied Insurance Article URL: https://oag.ca.gov/system/files/PE%2320121003-127_letter%20_Final%20Template__0.pdf?

Attribution 4 Publication: ABC News Author: AP Date Published: Article Title: Nationwide Insurance Says Data Breach Affects 1.1M Article URL: http://abcnews.go.com/US/wireStory/nationwide-insurance-data-breach-affects-11m-17887992 - .UMDdqYPAcwA

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121115-05 Chicago Board of Elections IL Electronic Government/Military Yes - Published # 1,200

Chicago election officials say personal data, including partial Social Security numbers, were exposed online for approximately 1,200 people.

Attribution 1 Publication: The Republic Author: Date Published: Article Title: Chicago officials say breach of election worker data has been exaggerated by security firm Article URL: http://www.therepublic.com/view/story/234e953136d74d21aafd9007fbcbf97d/IL--Personal-Data-Breach

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121115-04 NASA DC Electronic Government/Military Yes - Published # 10,000

The bad news is that a NASA laptop was stolen recently, resulting in a major security breach. The good news is that neither the Klingon nor Romulan Empires are implicated in the theft.

Attribution 1 Publication: InformationWeek.com Author: Mathew J. Schwartz Date Published: Article Title: Stolen NASA Laptop Had Unencrypted Employee Data Article URL: http://www.informationweek.com/security/attacks/stolen-nasa-laptop-had-unencrypted-emplo/240142160

Attribution 2 Publication: Techzone360.com Author: Rich Steeves Date Published: Article Title: NASA Article URL: http://www.techzone360.com/topics/techzone/articles/2012/11/15/316103-houston-we-have-problem-nasa-security-breac

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121115-03 Adobe Connect CA 11/14/2012 Electronic Business Yes - Unknown # 0

Adobe pulled down a forum for users of its video conferencing service, Adobe Connect, after a hacker successfully compromised the server and downloaded information on its 150,000 members.

Attribution 1 Publication: eWeek Author: Date Published: Article Title: Adobe Connect Article URL: http://www.eweek.com/security/adobe-connect-security-breach-exposes-personal-data-of-150k-users/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121115-02 Sprechman & Associates FL Electronic Business Yes - Unknown # 0

I am writing to advise you that your personally identifiable information (“Information”) may have been viewed by a former employee of Sprechman & Associates without permission. Specifically, the former employee may have viewed your name, address, date of birth, driver’s license number, and/or social security number. Sprechman & Associates learned of this incident in July 2012, but was unable to notify you until now because notification at that time may have interfered with a law enforcement investigation and the best known contact information for potentially affected individuals was not known until October 2012. Although we cannot be sure that your Information was in fact used in an inappropriate manner, in an abundance of caution we are informing you that such viewing of your information may have occurred.

Attribution 1 Publication: Breach Notification Letter/ CA AG's offic Author: Date Published: Article Title: Sprechman & Associates Article URL: https://oag.ca.gov/system/files/MIAMI-%23682648-v1-Sprechman-CA_AG_Sample_0.pdf?

We regret to inform you that sensitive personally identifiable information ("information") was improperly accessed in a system that allowed Tyann Martinez, a former employee of Central Financial Control to review. Specifically, your name, address, date of birth, and social security number may have been viewed. We know that your bankruptcy, property, marriage/divorce, and motor vehicle records were searched as well.

Attribution 1 Publication: Breach Notification letter Author: Date Published: Article Title: Central Financial Control Article URL:

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121113-09 Memorial Hospital CO Paper Data Medical/Healthcare Yes - Published # 6,400

Officials at Colorado's Memorial Hospital are currently investigating reports of data theft. According to NBC affiliate KOAA, the hospital announced on November 6 that 6,400 documents containing patient's personal information were stolen from the facility. Although there hasn't been any proof of people using the documents for illicit purposes, hospital security management officials would still like to be able to track down the documents and provide patients with peace of mind. Each of the stolen documents contain the patient's name, hospital account numbers, birth dates and the type of lab work that was completed.

Attribution 1 Publication: KRDO.com Author: Date Published: Article Title: Memorial Hospital reports missing papers with patient names Article URL: http://www.krdo.com/news/Memorial-Hospital-reports-missing-papers-with-patient-names/-/417220/17310678/-/xdkug1z/

Attribution 2 Publication: Report Exec.com Author: Date Published: Article Title: Hospital security breaches on the rise Article URL: http://www.reportexec.com/news/Hospital_security_breaches_on_the_rise__.aspx

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121113-08 Alere Home Monitoring, Inc. FL Electronic Medical/Healthcare Yes - Published # 116,000

A laptop containing the unencrypted personal records of Alere Home Monitoring customers was stolen from an employee's car.

How many victims? More than 100,000 patients.

What type of personal information? Full names, Social Security numbers, addresses and diagnoses of patients.

Attribution 1 Publication: Alere Home Monitoring Author: Date Published: Article Title: Alere Home Monitoring Announces Theft of Company-Owned Laptop Article URL: http://www.prnewswire.com/news-releases/alere-home-monitoring-announces-theft-of-company-owned-laptop-1802272

Attribution 2 Publication: SC Magazine Author: Date Published: Article Title: Stolen laptop results in theft of 100k patient records Article URL: http://www.scmagazine.com/stolen-laptop-results-in-theft-of-100k-patient-records/article/268062/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121113-07 Alexander J. Tikhtman, MD KY Electronic Medical/Healthcare Yes - Published # 2,376

Loss of Other Portable Electronic Device

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: Alexander J. Tikhtman, MD Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121113-06 Gulf Coast Health Care FL Electronic Medical/Healthcare Yes - Published # 13,000 Services, Inc. On September 26, Gulf Coast Health Care Services Inc. discovered that an employee had, without authorization or legitimate purpose, accessed and downloaded limited information on our patients. Forensic investigation revealed that the unauthorized access occurred on five occasions between June 29, 2012 and September 20, 2012.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Author: Date Published: Article Title: Gulf Coast Health Care Services Notice Concerning Patient Privacy Breach Article URL: http://www.phiprivacy.net/?paged=2

Attribution 2 Publication: HHS.gov Author: Date Published: Article Title: Gulf Coast Health Care Services, Inc. Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121113-05 4Access KY 9/24/2012 Electronic Business Yes - Unknown # 0

4Access sold point-of-sale terminals that merchants used to process transactions when customers paid with a check. The terminals that 4Access sold were designed to send the information needed to process the transaction to only one computer network. 4Access experienced financial difficulties and was going to shut down its computer network, which would have meant that the merchants using its terminals would not be able to process check transactions. To avoid such a problem, arrangements were made to keep the 4Access computer network operational so that the merchants could continue to accept payments by check until they purchased a new terminal. Regrettably, we are writing to inform you of an incident involving the security of the computer network that supported the 4Accesss terminals.

Attribution 1 Publication: CA AG's office/ VT AG's office Author: Date Published: Article Title: 4Access Article URL: https://oag.ca.gov/system/files/Sample%20CA%20notice_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121113-04 Cypress Cove Apartments SC Paper Data Business Yes - Unknown # 0

With the shaky housing market, many Americans have traded buying a home for renting an apartment.

In most cases, tenants are required to hand over personal information to rental companies before they move into a complex, but a Live 5 Special Investigation reveals the law isn't doing much to keep your sensitive documents safe.

Pictures taken in July show boxes of old leasing agreements from Cypress Cove Apartments in West Ashley tossed outside the complex's storage unit area.

Attribution 1 Publication: WCSC Live5News.com Author: Date Published: Article Title: Rental leases with personal information found outside apartment complex Article URL: http://www.live5news.com/story/19978406/rental-leases-on-the-loose

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121113-03 Illinois Department of IL Electronic Government/Military Yes - Published # 508 Healthcare and Family The personal information of 508 Illinois nursing home residents was inside a stolen briefcase, prompting the state agency overseeing Medicaid to notify the people affected by the breach.

Attribution 1 Publication: St. Louis Post-Dispatch Author: Date Published: Article Title: Illinois nursing home residents' data stolen Article URL: http://www.stltoday.com/news/state-and-regional/illinois/illinois-nursing-home-residents-data-stolen/article_fa1b4fad-2

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121113-02 Bob Ward & Sons, Inc. MT Electronic Business Yes - Unknown # 0

Montana-based Bob Ward & Sons report that customers who ordered online between May 31 and August 3 had their names, addresses, and credit card information acquired by unauthorized individuals who used at least some of the data for fraudulent purposes.

Attribution 1 Publication: databreaches.net /NH AG's office Author: Date Published: Article Title: Bob Ward & Sons notifies online customers of security breach (updated) Article URL: http://www.databreaches.net/?p=26013 / http://doj.nh.gov/consumer/security-breaches/documents/bob-ward-20121023

How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121113-01 Labelmaster (American IL Electronic Business Yes - Unknown # 0 Labelmark Company) We are writing to notify you of a data security event that compromised the security of personal information. American Labelmark Company d/b/a Labelmaster is informing your office of pertinent facts that are known at this time related to an illegal intrusion into its e-commerce site. This illegal intrusion resulted in the unauthorized access by unknown individual(s) to the name, address, and credit card information of those Labelmaster customers that made online purchases at www.labelmaster.com between May 18, 2012 and August 2, 2012. Upon discovery of the unauthorized access, Labelmaster immediately took steps to end the intrusion, and also retained forensic investigators TrustWave and breach notification legal counsel Nelson, Levine, de Luca & Hamilton, LLC to assist with its investigation of, and response to, this incident. The investigation is ongoing, and this notice will be supplemented with any new significant facts learned subsequent to its submission. By providing this notice, Labelmaster does not waive any rights or defenses regarding the applicability of New Hampshire law or personal jurisdiction.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Labelmark Company, d/b/a Labelwnaster- Notice of Data Security Event Article URL: http://doj.nh.gov/consumer/security-breaches/documents/labelmaster-20121017.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121106-05 Sierra Plastic Surgery NV Electronic Medical/Healthcare Yes - Unknown # 0

This legal notice is being posted in compliance with HIPAA laws, in relation to Sierra Plastic Surgery, LLC, 9436A Double R Blvd. Reno, NV, 89521 (“Sierra”) and its patients.

In August 2012, Sierra was informed of a potential data breach of its electronic records. The data breach occurred between August 11, 2011 – September 23, 2011 by a former employee seeking information on compensation owed.

Attribution 1 Publication: Sierra Plastic Surgery website / HHS Author: Date Published: Article Title: Sierra Plastic Surgery Article URL: http://www.sierraplasticsurgery.net/HIPAADataNotice.aspx

Attribution 2 Publication: Company website Author: Date Published: Article Title: Sierra Plastic Surgery Article URL: http://www.sierraplasticsurgery.com/hipaa-data-notice/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121106-04 Illinois Department of IL Electronic Medical/Healthcare Yes - Published # 508 Healthcare and Family The personal information of 508 Illinois nursing home residents was inside a stolen briefcase, prompting the state agency overseeing Medicaid to notify the people affected by the breach.

Attribution 1 Publication: phiprivacy.net Author: Date Published: Article Title: Illinois nursing home residents’ data stolen Article URL: http://www.phiprivacy.net/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121106-03 Women & Infants Hospital RI Electronic Medical/Healthcare Yes - Published # 14,404

Women & Infants Hospital today announced that on September 13, 2012, the hospital discovered that unencrypted backup tapes containing ultrasound images from two of its ambulatory sites located at 79 Plain Street in Providence, RI and 67 Brigham Street in New Bedford, MA were missing. The hospital immediately began an investigation and conducted a thorough search of its facilities but has been unable to locate the backup tapes.

Attribution 1 Publication: Health IT Security Author: Patrick Ouellette Date Published: Article Title: RI hospital missing unencrypted backup tapes Article URL: http://healthitsecurity.com/2012/11/06/ri-hospital-missing-unencrypted-backup-tapes/

Attribution 2 Publication: Women & Infants Website Author: Date Published: Article Title: Call Center Assists Those Affected by Patient Information Incident Article URL: http://www.womenandinfants.org/news/WIH-Reports-Patient-Information-Incident.cfm

The Hawai‘i State Department of Health (DOH) is notifying members of the Waipahu Aloha Clubhouse of a possible security breach in a computer file that stored personal information on Clubhouse members. The breach was discovered on September 25, 2012, when an employee observed unusual activity on a computer suggesting that someone may have been remotely accessing it without authorization.

Attribution 1 Publication: Hawaii Dept. of Health Website Author: Date Published: Article Title: POSSIBLE SECURITY BREACH AT http://www.sierraplasticsurgery.net/HIPAADataNotice.aspx Article URL: hawaii.gov/health/about/pr/2012/12-052.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121106-01 Abilene Telco Federal Credit TX Electronic Banking/Credit/Financial Yes - Published # 847 Union When hackers broke into computers at Abilene Telco Federal Credit Union last year, they gained access to sensitive financial information on people from far beyond the bank’s home in west-central Texas.

The cyberthieves broke into an employee’s computer in September 2011 and stole the password for the bank’s online account with Experian Plc, the credit reporting agency with data on more than 740 million consumers. The intruders then downloaded credit reports on 847 people, said Dana Pardee, a branch manager at the bank. They took Social Security numbers, birthdates and detailed financial data on people across the country who had never done business with Abilene Telco, which has two locations and serves a city of 117,000.

Attribution 1 Publication: Bloomberg - Tech Blog Author: Jordan Robertson Date Published: Article Title: Experian Customers Unsafe as Hackers Steal Credit Report Data Article URL: http://go.bloomberg.com/tech-blog/2012-10-29-experian-customers-unsafe-as-hackers-steal-credit-report-data/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121102-04 Salinas Valley State Prison CA Electronic Government/Military Yes - Unknown # 0

We are writing to you because of an information security incident at Salinas Valley State Prison (SVSP) involving your personal information. On September 26, 2012 it was discovered that a database file containing personal information for custody staff, which was located on the institutional server, was accessible to all SVSP staff. The database file contained your first and last name, Social Security number, personal phone number, address, and institutional-position information.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Salinas Valley State Prison Article URL: https://oag.ca.gov/system/files/SVSP%20Notification%20Letter_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121102-03 HSBC Bank USA National US Electronic Banking/Credit/Financial Yes - Unknown # 0 Association We recently became aware of an incident that occurred in late July 2012 where an employee who resigned from HSBC left with information about your account. The information potentially included your name, phone number, account number, and account type. HSBC takes this very seriously and we believe your personal information may have been exposed to a third party. We recommend that you take steps to mitigate the risk.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: HSBC Bank USA National Association Article URL: https://oag.ca.gov/system/files/Customer%20Notification_1.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121102-02 First Niagara Bank NY Electronic Banking/Credit/Financial Yes - Unknown # 0

First Niagara Bank is warning customers about a possible breach in MasterCard's security system.

Attribution 1 Publication: WHEC.com Author: Date Published: Article Title: Possible MasterCard security breach Article URL: http://www.whec.com/news/stories/S2821011.shtml?cat=565

The personal information of up to 2,000 people was exposed to the public for five days on a computer in Cornell’s athletics department, a University administrator confirmed Thursday.

Attribution 1 Publication: Cornell Daily Sun Author: Akane Otani Date Published: Article Title: Breach in Cornell Information Technology Exposes Personal Data for Five Days Article URL: http://www.cornellsun.com/section/news/content/2012/11/02/breach-cornell-information-technology-exposes-personal-

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121031-02 Monsour Medical Center PA Paper Data Medical/Healthcare Yes - Unknown # 0

Federal officials are investigating how patient records loaded with intimate medical details and doctors’ personnel files were abandoned amid the ruins of Monsour Medical Center when its administrators walked away from the failing facility six years ago.

Attribution 1 Publication: TribLive News Author: Date Published: Article Title: Feds open investigation into closed Monsour Medical Center Article URL: http://triblive.com/news/westmoreland/2792837-74/records-medical-monsour-avolio-hospital-center-health-department-i

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121031-01 Dorsey Alston Realtors LLC GA Paper Data Business Yes - Unknown # 0

11Alive News is investigating who dumped sensitive documents behind a bank on West Paces Ferry Road.

A concerned citizen called our newsroom after seeing paperwork blowing out of an open, collapsible dumpster behind First Citizens Bank.

Attribution 1 Publication: 11 Alive HD / datalossdb.org Author: Ron Nakfoor Date Published: Article Title: Sensitive files found in Buckhead dumpster Article URL: http://datalossdb.org/incidents/7808-documents-containing-tax-id-numbers-and-copies-of-personal-checks-with-bank-a

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121030-11 LA Care Health Plan CA Electronic Medical/Healthcare Yes - Unknown # 0

L.A. Care is serious about member privacy. We are sending you this letter to make sure that you are aware of an accidental mailing error involving member identification (ID) cards. On September 18, 2012, L.A. Care learned that some member ID cards were sent to the wrong members. The ID cards were mailed starting September 17, 2012. Please note that the information in the mailing included only your name, your member ID number, and your date of birth; no other identifying information that could expose you to identity theft was included. There is no indication that the information has been misused or disclosed. Nonetheless, we felt it necessary to inform you since your health insurance plan information was involved.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: LA Care Health Plan Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-36791

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121030-10 Philip P. Corneliuson, DDS CA Electronic Medical/Healthcare Yes - Unknown # 0

On the afternoon of Saturday , September 15th 2012, we discovered our office suite broken into and our computer stolen. The computer stored both medical records and insurance information, including social security numbers of several patients, including yours. As a result, your personal information is now potentially accessible to unauthorized individuals.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Philip P. Corneliuson, DDS Article URL: https://oag.ca.gov/system/files/PHILIP%20P%20BREACH%20%28Recovered%29_0.pdf?

We are writing to let you know of an incident involving the unauthorized transmission of confidential employee information, including some information belonging to you. We take privacy very seriously and we sincerely apologize that this happened. As a result of our investigation, we believe it is highly unlikely that your information has been, or will be used for unlawful purposes. This notification is in compliance with California law, which requires notifying all former and current employees when there is a release of certain confidential information.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Kaiser Permanente Article URL: https://oag.ca.gov/system/files/KP%20Privacy%20Incident%20Sample%20Letter%20082412_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121030-08 Advance Auto Parts FL Electronic Business Yes - Published # 500

An auto parts company is investigating potential incidents of credit card skimming at two of its South Florida stores.

Advance Auto Parts on Northwest 14th Street and 27th Avenue and the store on Northeast 119th Street and Biscayne Boulevard, are believed to have been affected, potentially compromising the credit card information of nearly 500 customers.

A spokesperson for the company releasing a statement: "Advance has no evidence that any customers' payment cards have been misused as a result of this incident. Nevertheless, Advance has notified its payment card processors. As an additional precautionary measure, the company is sending letters to potentially affected customers whom it has been able to identify."

Attribution 1 Publication: WSVN.com / datalossdb.org Author: Date Published: Article Title: Auto part store investigating credit card fraud Article URL: http://www.wsvn.com/news/articles/local/21008837907053/auto-part-store-investigating-credit-card-fraud

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121030-07 Loyola University MD Paper Data Educational Yes - Unknown # 0

SUMMARY Over 1,600 faculty and staff's names, Social Security numbers and contributions to their retirement accounts were discarded instead of shredded

Attribution 1 Publication: datalossdb.org Author: Date Published: Article Title: Loyola University Article URL: http://datalossdb.org/incidents/7807-over-1-600-faculty-and-staff-s-names-social-security-numbers-and-contributions-to

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121030-06 Duquesne Light PA Electronic Business Yes - Published # 20,000

Duquesne Light said Thursday that an employee accessed and mishandled personal and financial information of about 20,000 utility customers although there’s no indication that employee did anything damaging with the records.

Attribution 1 Publication: Pittsburgh Business Times Author: Anya Litvak Date Published: Article Title: Duquesne Light notifying 20,000 of data mishandling Article URL: http://www.bizjournals.com/pittsburgh/blog/energy/2012/10/duquesne-light-notifying-20000-of.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121030-05 Hillsborough Area Regional FL Electronic Business Yes - Unknown # 0 Transit Authority Employees of the Hillsborough Area Regional Transit Authority found out Thursday that their Social Security numbers and bank information may have been compromised in an internal data breach, according to a memorandum from the agency.

Attribution 1 Publication: Tampa Bay Times Author: Date Published: Article Title: Hillsborough transit agency's data breach leads to firing, investigation Article URL: http://www.tampabay.com/news/publicsafety/hillsborough-transit-agencys-data-breach-leads-to-firing-investigation/125

SUMMARY 500 debit and credit card numbers of Kearney residents compromised by hack of unknown business or businesses

Attribution 1 Publication: datalossdb.org / San Francisco Chronicl Author: Date Published: Article Title: Kearny Area Businesses Article URL: http://datalossdb.org/incidents/7848-500-debit-and-credit-card-numbers-of-kearney-residents-compromised-by-hack-of-

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121030-03 Aultman Hospitals Gift Shop OH Electronic Business Yes - Unknown # 0

An unknown entity gained access to credit and debit card information on purchases at Aultman Hospital’s gift shop between February and September.

Attribution 1 Publication: CantonRep.com Author: Date Published: Article Title: Aultman gift shop credit security breached. Article URL: http://www.cantonrep.com/newsnow/x493674050/Aultman-gift-shop-credit-security-breached

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121030-02 Vermont State Employees VT Electronic Banking/Credit/Financial Yes - Unknown # 0 Credit Union (VSECU) On September 10, 2012, we discovered that two unencrypted computer backup tapes that were created on August 27, 2012 were missing. We immediately started a thorough search and an investigation into what happened to them. We have concluded our investigation and did not find any evidence that the backup tapes were stolen or that the information on the tapes has been accessed or used improperly. Rather, we believe that the tapes were mistakenly thrown away and are now buried in a landfill where they cannot be retrieved.

Attribution 1 Publication: VT AG's office / NH AG's office Author: Date Published: Article Title: Vermont State Employees Credit Union (VSECU) Article URL: http://www.atg.state.vt.us/assets/files/VSECU%20Security%20Breach%20Notice%20ltr%20to%20consumer.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121030-01 South Carolina Department SC Electronic Government/Military Yes - Published # 5,700,000 of Revenue The S.C. Department of Revenue today announced that approximately 3.6 million Social Security numbers and 387,000 credit and debit card numbers have been exposed in a cyber attack. Of the credit cards, the vast majority are protected by strong encryption deemed sufficient under the demanding credit card industry standards to protect the data and cardholders. Approximately 16,000 are unencrypted.

Attribution 1 Publication: heraldonline.com Author: Seanna Adcox Date Published: Article Title: SC Gov. Haley admits hacking errors; revenue chief resigns Article URL: http://www.heraldonline.com/2012/11/20/4428743/sc-gov-haley-to-give-update-on.html

Attribution 2 Publication: Department of Revenue website Author: Date Published: Article Title: South Carolina Department of Revenue Article URL: http://www.sctax.org/NR/rdonlyres/5AF6995A-F9F0-42E7-A430-EC620CCE8C7D/0/1DORmediarelease.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121024-01 Barnes & Noble NY Electronic Business Yes - Unknown # 0

Retailer Barnes & Noble said customers who shopped at any of its 63 stores in the U.S. as recently as September may have had their credit card information stolen, and that federal law enforcement authorities have been informed of the breach.

All PIN pads at its U.S. stores were disconnected by the close of business Sept 14. due to signs of tampering, the company said in a statement.

Attribution 1 Publication: MSN Money Author: Date Published: Article Title: Barnes & Noble reports breach of U.S. customer credit card data Article URL: http://money.msn.com/business-news/article.aspx?feed=OBR&date=20121024&id=15708083

SUMMARY 4,873 patients' information was on a stolen portable electronic device

Attribution 1 Publication: Datalossdb.org / HHS Author: Date Published: Article Title: Valley Plastic Surgery Article URL: http://datalossdb.org/incidents/7768-4-873-patients-information-was-on-a-stolen-portable-electronic-device

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121023-04 Colon Digestive Health AZ Electronic Medical/Healthcare Yes - Published # 5,713 Specialists 5,713 patients' medical and billing records including names, Social Security numbers, dates of birth, addresses, telephone numbers, account numbers and diagnoses on a missing USB drive

Attribution 1 Publication: datalossdb.org / HHS Author: Date Published: Article Title: Colon Digestive Health Specialists Article URL: http://datalossdb.org/incidents/7767-5-713-patients-medical-and-billing-records-including-names-social-security-numbe

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121023-03 FEI OR Electronic Business Yes - Unknown # 0

We are writing on behalf of our client, FEI Company ("FEI") to inform you that FEI will be sending notice to three New Hampshire residents advising them that FEI discovered a theft of a laptop computer on August 29, 2012, which may have contained FEI employees' personal information. The information may have included: names, social security numbers, taxpayer I. D. information, salary information, home address, dates of birth, and related basic employment information.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: FEI Company Article URL: http://doj.nh.gov/consumer/security-breaches/documents/fei-company-20120918.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121023-02 Red Boat Advisor Resources NH Electronic Business Yes - Unknown # 0

We write to advise you of the discovery of unauthorized access to a virtual server used by Red Boat Advisor Resources ("Red Boat"), an independently-owned financial planning office associated with our client Lincoln Financial Securities Corporation ("LFS"). LFS is a brokerdealer subsidiary of Lincoln National Corporation ("LNC"). It appears Red Boat's server was accessed without authorization between January 2012 and early April 2012. Based upon the facts available, we believe the purpose of the intrusion was to use the virtual server as a "jumping off point" for attempted intrusions into third party computer systems.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Red Boat Advisor Resources Article URL: http://doj.nh.gov/consumer/security-breaches/documents/red-boat-advisor-20120820.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121023-01 Wentworth Douglass Hospital NH Electronic Medical/Healthcare Yes - Unknown # 0

Wentworth Douglass Hospital discovered malware on desktop computers containing patient information. WDH took immediate action and removed the desktop computers from the network. WDH also launched an internal investigation and determined that the desktop computers contained patient information, including names, dates of birth, medical record numbers, clinical information, Social Security numbers and insurance information.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Wentworth Douglass Hospital Article URL: http://doj.nh.gov/consumer/security-breaches/documents/wentworth-douglass-20120802.pdf

Blount Memorial Hospital in Maryville, Tenn., has notified about 27,000 patient that protected information--including Social Security numbers for 5,000--was on a password-protected laptop computer that was stolen.

Attribution 1 Publication: Health Data Management Author: Date Published: Article Title: Hospital Notifies 27,000 Following Laptop Theft Article URL: http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-45136-1.html?ET=healthdatam

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121019-05 Neurocare, Inc. MA Electronic Medical/Healthcare Yes - Unknown # 0

On behalf of our client, Neurocai e, Inc., we write to advise you of an incident involving an unauthorized intrusion by one 01\ more unidentified individuals into Neurocare's computer systems, resulting in the potential compromise of the personal information of Neurocare employees resident in New Har+shire. The incident occurred remotely through a malware attack on a Neurocare CPU loca,ed in Newton, Massachusetts. The malware attack appears to have compromised Neurocare's fredentials for accessing its account at its third party payroll processor, resulting in unauthon~· ed access into Neurocare's payroll system on or about June 26, 2012. Based on Neurocare's in estigation, which is described below, the intrusion potentially exposed certain personal inform tion of approximately 136 Neurocare employees and/ or former employees, six of whom are New Hampshire residents, to unauthorized access.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Neurocare, Inc. Article URL: http://doj.nh.gov/consumer/security-breaches/documents/neurocare-20120709.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121019-04 Great River Entertainment IA Electronic Business Yes - Unknown # 0

We are writing to notify you of a data security event that compromised the security of personal information. Great River Entertainment, LLC ("GRE"), 300 I Winegard Drive, Burlington, Iowa 52601, the entertainment company which includes the Catfish Bend Inn and Spa, Catfish Bend Casino, Fun City and Pzazz Resort Hotel and Event Center, in Burlington, Iowa, is informing your office of pertinent facts that are known at this time related to one of its payment application systems becoming infected by mal ware of unknown origin. This infection resulted in a potential compromise of credit card information of individuals who patronized these establishments between August and November, 20 II and utilized credit or debit cards to pay for goods and services.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Great River Entertainment Article URL: http://doj.nh.gov/consumer/security-breaches/documents/great-river-20121001.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121019-03 Fujifilm NY 8/13/2012 Electronic Business Yes - Unknown # 0

We write to inform you of a recent data security incident that may have involved personal information about you, and to share information about what FUJIFILM Recording Media U.S.A., Inc. ("Fujifilm") has done to address the incident. Additionally, this letter contains information about steps you should take to prevent against potential misuse of your personal information.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Fujifilm Article URL: http://doj.nh.gov/consumer/security-breaches/documents/fujifilm-recording-20120917.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121019-02 Database Design Associates IL Electronic Business Yes - Unknown # 0

We represent Database Designs Associates, Inc. ("Database Designs") with respect to an incident involving the exposure of certain personal information described in detail below. Database Designs is a small software development and web design company that provides technology services to its business clients, which primarily include nonprofits, labor unions, public-sector organizations, and small businesses. On July 17, 2012, a Database Designs independent contractor was visiting family members at a nursing home in a suburb of New York. He was asked to leave the room briefly and when he returned, he discovered the backpack containing his laptop and flash drive was missing. As noted in the attached packets, the laptop contained information pertaining to two of Database Designs' business clients, Health Care for All ("HCFA") and Boston Teachers Union ("BTU"). No HCFA or BTU information was contained on the flash drive.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Database Design Associates Article URL: http://doj.nh.gov/consumer/security-breaches/documents/database-designs-20120828.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121019-01 bellacor MN Electronic Business Yes - Unknown # 0

We discovered that an unauthorized third party obtained unlawful access to certain temporary data files on our website. These temporary data files are used only to complete e-commerce transactions and are not otherwise retained by Bellacor.

Attribution 1 Publication: CA AG's office / NH AG's office Author: Date Published: Article Title: bellacor Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-32569

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121017-01 Southern Environmental Law AL Electronic Business Yes - Unknown # 0 Center (SELC) Birmingham, AL(WIAT) An enormous breach of confidential information in the greater birmingham area...is exploding on the internet. It's highly sensitive data from the Southern Environmental Law Center. We're talking about credit card information, medical information and donor information. The data is easily accessible with a simple google search. The sensitive information details addresses, phone, numbers, and client files.

The southern environmental law center has released this statement.

We have reported it to the fbi, and will take any action necessary to address the breach and the unauthorized release of confidential information." "The SELC has been the victim of a major internet security breach in which highly confidential information was taken without consent or authorization.

Attribution 1 Publication: CBS42.com Author: Sonya DiCarlo Date Published: Article Title: SELC Security Breach Article URL: http://www.cbs42.com/content/localnews/story/SELC-security-breach/3o5oen5mv0Wx5zqotgoCrA.cspx

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121016-10 University of Michigan MI Electronic Educational Yes - Unknown # 0

SUMMARY 4,824 email addresses, 4,734 user names (17 admin), 4,718 passwords (4,704 encrypted) and 3,151 names dumped on the Internet

Attribution 1 Publication: datalossdb.org Author: Date Published: Article Title: University of Michigan Article URL: http://datalossdb.org/incidents/7675-4-824-email-addresses-4-734-user-names-17-admin-4-718-passwords-4-704-encryp

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121016-09 American Heart Association - NV Electronic Business Yes - Unknown # 0 Olive Crest

Attribution 1 Publication: Fox 5 KVVU.tv Author: Chrisitan Cazares Date Published: Article Title: Personal information stolen from 2 nonprofits Article URL: http://www.fox5vegas.com/story/19650418/personal-information-stolen-from-2-nonprofits

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121016-08 PlaySpan CA Electronic Business Yes - Unknown # 0

A PlaySpan breach by hackers has been shut down after the firm detected and terminated illegal access to the Marketplace.

Hackers gained access to user information, but no evidence of payment account – credit, debit, or prepaid card – data was accessed or exported, the firm has said.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: VG 24/7 Author: Date Published: Article Title: PlaySpan Article URL: http://www.vg247.com/2012/10/10/playspan-breach-compromises-user-ids-no-evidence-of-credit-card-data-being-acces

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121016-07 Nemacolin Woodlands Resort PA 5/1/2012 Electronic Business Yes - Unknown # 0

Credit Card numbers, expiration dates and CSC numbers compromised by a breached point of sale system

Attribution 1 Publication: dataloss.db Author: Date Published: Article Title: Nemacolin Woodlands Resort Article URL: http://datalossdb.org/incidents/7679-credit-card-numbers-expiration-dates-and-csc-numbers-compromised-by-a-breach

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121016-06 Litton & Giddings MT Paper Data Medical/Healthcare Yes - Published # 13,000 Radiological Associates Litton & Giddings Radiological Associates announced a potential HIPAA breach, which may impact the personal health information of 13,000 patients, according the Healthcare IT News.

The company issued a press release earlier this week, and said the mistake occurred because the janitorial provider at the billing company sent patient billing records to a recycling center without shredding the records first.

So far there is no indication the information has been misused. All affected patients were notified that their names, addresses, dates of birth, diagnosis codes and social security numbers may be vulnerable.

Attribution 1 Publication: Clinical Innovation + Technology Author: Beth Walsh Date Published: Article Title: Janitorial shredding mix-up causes data breach impacting 13K Article URL: http://www.clinical-innovation.com/topics/ehr-emr/janitorial-shredding-mix-causes-data-breach-impacting-13k

Attribution 2 Publication: Becker's ASC Review Author: Heather Linder Date Published: Article Title: Litton & Giddings Radiological Associates Announces HIPAA Breach of 13K Patient Records Article URL: http://www.beckersasc.com/asc-coding-billing-and-collections/litton-a-giddings-radiological-associates-announces-hip

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121016-05 University of Georgia GA Electronic Educational Yes - Published # 8,500

The University of Georgia is investigating a security breach involving at least 8500 current and former employees.

That's because a hacker may have stolen their personal information, including their social security number.

Attribution 1 Publication: WJBF.com Author: Dawn Wise Date Published: Article Title: UGA Security Breach Article URL: http://www2.wjbf.com/news/2012/oct/16/uga-security-breach-ar-4767176/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121016-04 GreenStone Homes OH Paper Data Business Yes - Unknown # 0

Residents living in a northeast Columbus neighborhood said that they are concerned after thousands of documents were dumped at the end of a driveway overnight.

Residents said that they were worried about identity theft after people's personal information was found in the pile in the driveway of a GreenStone Homes model home in the 3000 block of McCutcheon Crossing.

Attribution 1 Publication: Author: Date Published: Article Title: Neighbors Worried About Identity Theft After Thousands Of Documents Dumped On Driveway Article URL: http://www.10tv.com/content/stories/2012/10/05/columbus-neighbors-worried-about-identity-theft-after-document-dump

Police are urging customers of a business here to monitor their credit cards and bank accounts after documents were stolen from the business.

Owners of AutoCarry, a car transport business that has an office on 4250 West Side Avenue, reported that burglars broke into the office and stole the records of more than 100 customers Wednesday night, police said.

Attribution 1 Publication: NJ.com Author: Anthony J. Machcinsk Date Published: Article Title: Credit card info of more than 100 customers stolen from North Bergen business: cops Article URL: http://www.nj.com/hudson/index.ssf/2012/10/north_bergen_pd_asking_residen.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121016-02 Korn/Ferry US Electronic Business Yes - Unknown # 0

We are writing to inform you about a recent incident involving our data network. We recently learned that we were the victim of a sophisticated cyber attack. We deeply regret that this incident occurred and take very seriously the security of our network.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Korn/Ferry Article URL: http://oag.ca.gov/system/files/Notification%20Letter_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121016-01 City of Burlington, WA WA Electronic Government/Military Yes - Unknown # 0

It has come to the City’s attention that the City’s Utility Billing Automatic Withdrawal information (for sewer and storm drain charges) has been compromised. If you are enrolled in Autopay, you should assume that your name, bank, bank account number and routing number have been compromised.

Attribution 1 Publication: databreaches.net Author: Date Published: Article Title: More than $400,000 stolen from Burlington, Washington city bank account; other accounts compromised Article URL: http://www.databreaches.net/?p=25655

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121015-01 Northwest Florida State FL Electronic Educational Yes - Published # 279,000 College An attack on Northwest Florida State College computer systems resulted in a data breach that has affected nearly 300,000 people and led to reports of identity theft and fraud.

A data breach has turned scores of Northwest Florida State College (NWFSC) employees into victims of identity theft in the aftermath of a massive data breach affecting nearly 300,000 people, including current and former students.

Attribution 1 Publication: eWeek / school website Author: Brian Prince Date Published: Article Title: Data Breach Leads to Identity Theft at North West Florida State College Article URL: http://www.eweek.com/security/data-breach-leads-to-identity-theft-at-north-west-florida-state-college/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121009-12 Center 4 Health AZ Electronic Business Yes - Unknown # 0 Enlightenment Enrichment Buckeye resident Latricia Williams was sentenced to three years in prison Friday after pleading guilty in March 2012 as one of three individuals involved in an identity theft and tax credit scam.

Attribution 1 Publication: ABC15.com Author: Ashley Loose Date Published: Article Title: Center 4 Health Enlightenment Enrichment Empowerment Renewal Article URL: http://www.abc15.com/dpp/news/region_phoenix_metro/central_phoenix/latricia-williams-shelton-tanner-sentenced-in-i

How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121009-11 Medical Solutions NY Electronic Medical/Healthcare Yes - Published # 1,000 Management The owner of Medical Solutions Management, Inc. was convicted of wrongful disclosure of private patient information and Medicare fraud. The owner stole private patient information from nursing home in Long Island and used the information to submit fraudulent claims to Medicare over the course of four and a half years. Over 1,000 people were affected. She faces a sentence of up to 10 years per count and could be fined up to $250,000 for each conviction count.

Attribution 1 Publication: Privacy Rights Clearinghouse / PHIPriva Author: Date Published: Article Title: Medical Solutions Management Article URL: https://www.privacyrights.org/node/55048

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121009-10 University of Chicago IL Electronic Educational Yes - Published # 9,100

The Social Security numbers of about 9,100 University of Chicago employees were printed on a postcard mailed earlier this week to faculty and staff, the university disclosed today.

Attribution 1 Publication: Chicago Tribune Author: Date Published: Article Title: U. of C. mistake reveals employee Social Security numbers Article URL: http://www.chicagotribune.com/news/local/breaking/chi-u-of-c-mistake-reveals-employee-social-security-numbers-2012

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121009-09 Robeson County Board of NC Electronic Government/Military Yes - Published # 71,000 Elections Ali Rockett reports that 71,000 registered voters were notified by letter dated September 12 that five laptops containing their personal information were stolen from the Robeson County Board of Elections sometime between July 18 and September 4.

Attribution 1 Publication: databreaches.net Author: Date Published: Article Title: NC: Laptops stolen from Robeson elections board contained personal info of 71,000 voters Article URL: http://www.databreaches.net/?p=25500

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121009-08 Lincoln Financial Securities NH Electronic Business Yes - Published # 4,657 Corp. - Red Boat Advisor Lincoln Financial Securities Corporation reports that the virtual server of one of their independently-owned financial planning offices, Red Boat Advisor Resources, was accessed some time between January and early April of this year.

Attribution 1 Publication: databreaches.net / NH AG's office Author: Date Published: Article Title: Lincoln Financial Securities Corp. - Red Boat Advisor Resources Article URL: http://www.databreaches.net/?p=25323

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121009-07 Lana Medical Care FL 8/18/2012 Electronic Medical/Healthcare Yes - Published # 500

Lana Medical Care in Florida notified 500 patients after a laptop was stolen on August 18. I can find no web site for the practice, nor any substitute notices under that name or under the names of two physicians associated with the practice.

Attribution 1 Publication: PHIPrivacy.net / HHS Author: Date Published: Article Title: Lana Medical Care Article URL: http://www.phiprivacy.net/?cat=19&paged=2

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121009-05 Central States Southeast and IL 7/31/2012 Paper Data Medical/Healthcare Yes - Published # 754 Southwest Areas Health and Central States Southeast and Southwest Areas Health and Welfare Fund in Illinois notified 754 about an incident on July 31st involving “Unauthorized Access/Disclosure,Other” of paper records. There is no notice on their web site at this time and I can find no substitute notice or media coverage. They have not yet responded to a request for a statement explaining the breach.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: PHIPrivacy.net / HHS Author: Date Published: Article Title: Central States Southeast and Southwest Areas Health and Welfare Fund Article URL: http://www.phiprivacy.net/?cat=19&paged=2

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121009-04 Apex Laboratory NY Electronic Medical/Healthcare Yes - Unknown # 0

We are writing to let you know that on July 30, 2012, Apex Laboratory, Inc. was informed by law enforcement investigators that an unauthorized individual(s) recently gained access to one of our computer systems and viewed certain personal information about a number of our patients. At the request of law enforcement this notification was not immediately sent so as not to compromise their investigatory efforts. The system which was accessed contained names, addresses, phone numbers, dates of birth, gender, social security numbers, and insurance identification numbers. We do not believe that any information pertaining to any of our patients’ health conditions or treatments was viewed by anyone without proper authorization.

Attribution 1 Publication: PHIprivacy.net Author: Date Published: Article Title: Apex Laboratory Article URL: http://www.phiprivacy.net/?cat=19

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121009-03 Town Council of Chapel Hill NC Electronic Government/Military Yes - Unknown # 0

A licensed clinical social worked accidentally attached confidential client information to an email that was forwarded to town council colleagues. A copy of her and her husband's 2011 income tax returns was also in the email. The email automatically became available to the public and the error was noticed nearly a week later. Unfortunately, the email was also forwarded a second time to a public account. Consequently, the information was publicly available for a week.

Attribution 1 Publication: phiprivacy.net / privacy rights clearingho Author: Date Published: Article Title: Town Council of Chapel Hill Article URL: http://www.phiprivacy.net/?s=chapel+hill

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121009-02 Monterey Institute of CA Electronic Educational Yes - Unknown # 0 International Studies This notification is a follow-up to the previous letter and emails we sent to you regarding the recent theft of a laptop computer containing the personal information of a group of Monterey Institute students, including yours.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Monterey Institute of International Studies Article URL: https://oag.ca.gov/system/files/Sample%20Notification_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121009-01 TD Bank NJ Electronic Banking/Credit/Financial Yes - Published # 260,000

Important news about your personal information Some of your personal information was included on two data backup tapes that we shipped to another one of our locations in late March 2012. The tapes have been missing since then, and we have been unable to locate them despite diligent efforts. This isolated incident has been the subject of an internal investigation by our corporate security and information security teams. We have also notified law enforcement. Your personal information included on the tapes may have included your name or address, Social Security Number, and account, debit or credit card number. We are not currently aware of any misuse of the personal information. However, because we are unable to locate the tapes or to account for their disappearance, we want to provide you with advice on ways to protect yourself.

Attribution 1 Publication: CA AG's office / NH AG's office Author: Date Published: Article Title: TD Bank Article URL: https://oag.ca.gov/system/files/Customer%20Notification_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121008-01 Ohio State University College OH Electronic Educational Yes - Unknown # 0 of Dentristry The Ohio State University (OSU) College of Dentistry is among more than 50 universities worldwide recovering from a recent data breach.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: drbicuspid.com Author: Date Published: Article Title: Ohio dental school reveals data breach Article URL: http://www.drbicuspid.com/index.aspx?sec=nws&sub=rad&pag=dis&ItemID=311647

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20121005-01 Cabinet for Health and Family KY Electronic Government/Military Yes - Published # 2,500 Services The Cabinet for Health and Family Services is informing approximately 2,500 clients by letter of a possible employee email account breach that may have resulted in the unintentional release of information held by the Cabinet’s Department for Community Based Services (DCBS).

Attribution 1 Publication: Clinical Innovation + Technology Author: Date Published: Article Title: KY. data breach affects 2,500 Article URL: http://www.clinical-innovation.com/index.php?option=com_articles&view=article&id=35217:ky-data-breach-affects-2500

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120925-11 ERIC DC Electronic Business Yes - Unknown # 0

In early August we discovered that sensitive personally identifiable information appeared in some full text documents contained in the ERIC collection. Specifically, social security numbers and other highly sensitive information were found in multiple documents and in a way that could not easily be isolated. For that reason, we had to temporarily disable access to many full text documents.

Attribution 1 Publication: databreaches.net Author: Date Published: Article Title: ERIC attempts to purge research database of SSN and other PII Article URL: http://www.databreaches.net/?p=25295

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120925-10 Lucille Hendricks Elementart TX Paper Data Educational Yes - Published # 20

Students, parents and school officials want to know how folders containing students' personal information ended up in a dumpster.

Attribution 1 Publication: krgv.com / databreaches.net Author: Date Published: Article Title: Students' Personal Information Found in Dumpster Article URL: http://www.krgv.com/news/students-personal-information-found-in-dumpster/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120925-09 Wounded Warrior FL 7/25/2012 Electronic Business Yes - Unknown # 0

At least 33 laptop computers and iPads were stolen in late July from the Wounded Warrior Project’s third-floor office at 4899 Belfort Road in Jacksonville.

They may contain personal information on “some, but not all of our former employees,” according to a letter sent out Sept. 7 by Wounded Warrior Executive Director Steve Nardizzi. So he has offered victims free credit monitoring in case someone hacks into them.

Attribution 1 Publication: MD AG's office Author: Date Published: Article Title: Wounded Warrior Article URL: http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU%20218842.pdf

Attribution 2 Publication: jacksonville.com Author: Date Published: Article Title: 30-plus laptop computers stolen from Jacksonville's Wounded Warrior project HQ Article URL: http://m.jacksonville.com/news/crime/2012-09-13/story/30-plus-laptop-computers-stolen-jacksonvilles-wounded-warrior

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120925-08 Feinstein Institute for NY Electronic Medical/Healthcare Yes - Published # 13,000 Medical Research On or about September 2, 2012, a laptop computer containing research information, including personally identifiable health information about you, was stolen from the car of a computer programmer involved in organizing research data at the Feinstein Institute. Although both the computer and the health information contained on the laptop were password protected, we cannot rule out the possibility that such information could be accessed. The data may have included your name, social security number and one or more of the following: mailing address, date of birth or medical information relating to your potential participation in a research study.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: phiprivacy.net / VT AG's office Author: Date Published: Article Title: Feinstein Institute for Medical Research Article URL: http://www.phiprivacy.net/?paged=4

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120925-07 Quest Diagnostics NJ Electronic Medical/Healthcare Yes - Unknown # 0

On August 17, Quest notified the New Hampshire Attorney General’s Office that in late July, it became aware that an employee had forwarded certain e-mails to their home personal account. Included in the e-mails were patients’ names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account information, and insurance information.

Attribution 1 Publication: phiprivacy.net Author: Date Published: Article Title: Quest Diagnostics Article URL: http://www.phiprivacy.net/?paged=3

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120925-06 Tricounty Behavioral Clinic GA Electronic Medical/Healthcare Yes - Published # 4,000

An Acworth doctor had a laptop stolen from her office, according to a Cherokee County Sheriff’s Office report.

According to the report:

Someone broke into the office on Dr. Swarnalatha Inderjith, of 4661 Jefferson Township Lane, and stole a laptop that contained patient information on Aug. 27.

Attribution 1 Publication: phiprivacy.net Author: Date Published: Article Title: Tricounty Behavioral Health Clinic Article URL: http://romenews-tribune.com/view/full_story/20225184/article-Acworth-doctor’s-office-laptop--television-stolen?instanc

Attribution 2 Publication: PHIPrivacy.net / HHS Author: Date Published: Article Title: Tricounty Behavioral Clinic Article URL: http://www.phiprivacy.net/?cat=19&paged=2

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120925-05 Liberty Resources PA Electronic Medical/Healthcare Yes - Published # 3,183

Liberty Resources, Inc.” in Pennsylvania notified 3,183 of a laptop theft on August 4th. I cannot find any statement on their web site and I can find no media coverage or substitute notice. They have not yet responded to a request for a statement explaining the breach.

Attribution 1 Publication: PHIPrivacy.net Author: Date Published: Article Title: Liberty Resources Article URL: http://www.phiprivacy.net/wp-content/uploads/Press-Release-08-15-12.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120925-04 Office of Charolotte Clark- OR Electronic Medical/Healthcare Yes - Published # 942 Neitzel, MD The home office of Charlotte B. Clark-Neitzel, M. D. was broken into on July 24, 2012. In addition to other personal items, the thieves stole both her medical bags and a laptop. The laptop contained access to Dr. Clark-Neitzels electronic medical record (EMR) system which was used daily to manage patient information. The Olympia Police Department was notified and is conducting their investigations. All affected patient notification letters were mailed on September 7, 2012.

Attribution 1 Publication: PHIPrivacy.net / HHS Author: Date Published: Article Title: Charolotte Clark-Neitzel, MD Article URL: http://www.phiprivacy.net/?cat=19&paged=2

Attribution 2 Publication: NH AG's Office / phiprivacy.net Author: Date Published: Article Title: Charolotte Clark-Neitzel, MD Article URL: http://doj.nh.gov/consumer/security-breaches/documents/clark-neitzel-20120906.pdf

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Child & Elder Care Plan Article URL: https://oag.ca.gov/system/files/Final%20Notice%20%28C%26E%29_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120925-02 St. Therese Medical Group CA Electronic Medical/Healthcare Yes - Unknown # 0

St. Therese Medical Group takes our obligation to protect our patients' information seriously. Regrettably, we are writing to inform you about an incident involving some of that information.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: St. Therese Medical Group Article URL: https://oag.ca.gov/system/files/Sample%20Patient%20Notification_1.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120925-01 Transcend Capital TX Electronic Business Yes - Unknown # 0

I am writing to inform you of a data breach that affected 236 clients in your state that took place the week August 20, 2012. An unknown computer hacker breached a data server located in our Austin, Texas branch office. Transcend Capital takes the security of our client data extremely seriously, and as such has taken steps to mitigate any risk to clients concerning this breach of data.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Transcend Capital Article URL: https://oag.ca.gov/system/files/Security%20Breach%20Notice%20Transcend%20Capital%202012_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120911-04 Sully's Superette NH Electronic Business Yes - Unknown # 0

The store utilizes an NCR Advanced Checkout Solution system installed by CCR Data Systems at 128 Airport Road in Concord, NH. This system acceps credit/debit payments from a Verifone pinpad unit at each lane as part of the point of sale (POS) transaction and then hands payment information over to a WorldPay computer, installed in the store by C&S wholesale. The WorldPay computer communicates with the processor computers via a secure Internet connection to receive an approval and then communicates this back to the POS registers. With the last few months C&S staff was informed by Citi Fraud Services and the Secret Service that some suspicious activities were occurring regarding credit cards that had been swiped at the store. C&S informed CCR of the possibility of a breach of the system.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Sully's Superette Article URL: http://doj.nh.gov/consumer/security-breaches/documents/sullys-superette-20120725.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120911-03 Hertz Corporation NJ Electronic Business Yes - Unknown # 0

JP Morgan manages Order-to-Pay, a service which Hertz utilizes for accounts payable functions, such as purchase orders, invoicing and payments as well as for the payment of certain Hertz employee travel expenses. JP Morgan recently notified Hertz of unauthorized access to computer servers that housed cerain Order-to-Pay information, which information included the names, addresses, bank account numbers and social security numbers of certain suppliers, consultants, employees and former employees of Hertz.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Hertz Corporation Article URL: http://doj.nh.gov/consumer/security-breaches/documents/hertz-corporation-20120801.pdf

Two employees at the University of Miami Hospital have been terminated and remain under police investigation after confessing to accessing data from paper registration face sheets that may have been sold to a third party, the University of Miami Health System has announced.

Attribution 1 Publication: Health Data Management Author: Joseph Goedert Date Published: Article Title: Face Sheets Breached at U-Miami Hospital Article URL: http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-44962-1.html?ET=healthdatam

Attribution 2 Publication: phiprivacy.net / HHS Author: Date Published: Article Title: University of Miami Hospital Article URL: http://www.phiprivacy.net/?cat=19&paged=2

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120910-01 Cumberland County Sheriff's ME Electronic Government/Military Yes - Published # 180 Office The Cumberland County sheriff's office in Portland, Maine accidentally posted inmates' Social Security numbers to the department's Facebook page.

Attribution 1 Publication: Danielle Walker Author: Date Published: Article Title: First arrested, then exposed: Maine sheriff leaks inmate SSNs Article URL: http://www.scmagazine.com/first-arrested-then-exposed-maine-sheriff-leaks-inmate-ssns/article/258105/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120907-01 Harris County Hospital TX Electronic Medical/Healthcare Yes - Published # 3,000 District The Harris County Hospital District (“District”) wishes to urgently call your attention to the fact that certain information about you may have been improperly accessed, viewed, recorded and shared with others by a District employee. The employee has not been employed at the District since February 11, 2011. The information viewed and possibly shared with others may have included your name, address, phone number, date of birth, sex, Social Security (member) number, medical record number, emergency contact information, payer information, and information about the medical care you received at the District between April 14, 2008 and February 11, 2011.

Attribution 1 Publication: esecurityplanet.com - company website Author: Jeff Goldman Date Published: Article Title: Texas Hospital District Suffers Security Breach Article URL: http://www.esecurityplanet.com/network-security/texas-hospital-district-suffers-security-breach.html

Attribution 2 Publication: Becker's Hospital Review Author: Kathleen Roney Date Published: Article Title: Former Harris County Hospital District Employee Allegedly Sold Patient Information as Part of Medicare Kickback Scheme Article URL: http://www.beckershospitalreview.com/healthcare-information-technology/former-harris-county-hospital-district-emplo

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120904-03 California Correctional CA Paper Data Government/Military Yes - Unknown # 0 Health Care Services On June 11, 2012, a kiosk mail box located at the California Correctional Health Care Services (CCHCS) Regional Administration building in Fresno, California was discovered to have been broken into. Mail that may have been lost included prospective employment candidate responses to employment inquiries with personally identifiable information contained in California State Employment Application forms and applicable documents. This information may have included name, social security number, driver’s license number, residential address, date of birth, telephone number, e-mail address, and employment and education history of prospective candidates.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: California Correctional Health Care Services (CCHCS) Article URL: https://oag.ca.gov/system/files/Fresno%20Mail%20Theft%20Incident%20Breach%20Notice%20%28incident%2012-0510

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120904-02 Office of Peggy Garland- NC Paper Data Business Yes - Unknown # 0 Coleman, CPA A tax preparer who closed her business three years ago tossed several boxes of old records, some of which contained sensitive personal information.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: WSPA.com Author: Graeme Moore Date Published: Article Title: Tax Preparer Tosses Sensitive Records in Dumpster Article URL: http://www2.wspa.com/news/2012/aug/02/tax-preparer-tosses-sensitive-record-dumpster-ar-4263326/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120904-01 Temple Community Hospital CA Electronic Medical/Healthcare Yes - Published # 600

While the intent of a recent laptop theft at Temple Community Hospital in Los Angeles appears to be solely for the computer’s physical elements, the act still represents a yet another health data breach that gave a hospital a lot to think about. This isn’t the first or last breach, but is a good reminder of why hospitals need to analyze where and how they store data with a broad scope. CT scans of about 600 patients and their names, the reason for the scans and the patients’ hospital account numbers were among the pieces of data that were on the computer that was stolen on July 3 from a locked office in the hospital’s radiology department.

Attribution 1 Publication: ehrintelligence.com Author: Date Published: Article Title: Learning from a health data breach Article URL: http://ehrintelligence.com/2012/09/04/learning-from-a-health-data-breach/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120829-01 Del Mar College East Campus TX Paper Data Educational Yes - Published # 400

CORPUS CHRISTI (Kiii News) - Del Mar College's East Campus reported Tuesday that paper documents containing personal information, including Social Security numbers, were discovered in a recycling bin.

Attribution 1 Publication: kiiiTV.com Author: Date Published: Article Title: Possible Security Breach at Del Mar College East Campus Article URL: http://www.kiiitv.com/story/19400931/possible-security-breach-at-del-mar-college-east-campus

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120828-04 Cancer Care Group IN Electronic Medical/Healthcare Yes - Published # 55,000

The Cancer Care Group in Indianapolis said a laptop computer bag containing private information on as many as 55,000 patients has been stolen.

Attribution 1 Publication: Indianapolis Business Journal / phipriva Author: Date Published: Article Title: Records for 55,000 patients stolen from oncology group Article URL: http://www.ibj.com/records-for-55-000-patients-stolen-from-oncology-group/PARAMS/article/36339

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120828-03 John Stewart Company CA 8/7/2011 Electronic Business Yes - Unknown # 0

I am writing to inform you that the John Stewart Company (“JSCo”) recently inadvertently included your name, social security number and, in some cases, birth date, in e-mails that were sent to various JSCo employees on August 7, 2012 and August 13, 2012. We regret this inadvertent disclosure and have taken immediate steps to (a) delete the e-mail from every computer to which it was sent, (b) prevent any similar event from occurring in the future, and (c) provide you with assistance to both protect your credit and deal with any issues that may arise from this inadvertent disclosure. Although the type of information disclosed could be used to open credit account(s) or take other inappropriate actions in your name, at this time we have no indication that your information has been misused in this way or that any other suspicious activity has occurred.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: John Stewart Company Article URL: https://oag.ca.gov/system/files/AG%20Data%20Breach%20Notice%20Letter%2008%2023%2012_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120828-02 Austin Rare Coins, Inc. TX Electronic Business Yes - Unknown # 0

Jackson Walker LLP represents Austin Rare Coins, Inc., a Texas Corporation, in connection with a security breach incident that we believe to have taken place in March 2012 in which an unauthorized person illegally obtained access to the Company's secured data systems. While initially, we were assured that no personal information was obtained, we were notified in May 2012 that credit card and other personal information of some of the Company's current and past customers may have been compromised. With respect to each affected customer, the personal information that the unauthorized person may have acquired includes the following: name, credit card information, phone number and home address.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Austin Rare Coins, Inc. Article URL: http://doj.nh.gov/consumer/security-breaches/documents/austin-rare-coins-20120720.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120828-01 Colorado State University - CO Electronic Educational Yes - Published # 19,000 Pueblo Over 19,000 students and applicants at CSU-Pueblo receive a letter about a possible breach of information.

Attribution 1 Publication: Koaa.com / databreaches.net Author: Lacey Steele Date Published: Article Title: Thousands receive a letter about a possible information breach at CSU-Pueblo Article URL: http://www.koaa.com/news/thousands-receive-a-letter-about-a-possible-information-breach-at-csu-pueblo/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120827-01 University of Rhode Island RI Electronic Educational Yes - Published # 1,000

The University of Rhode Island is alerting 1,000 current and former faculty members and students that "certain personal information" that appeared on a computer server that was publicly shared at the College of Business Administration was accessed and viewed by unauthorized computer users.

Attribution 1 Publication: Providence Journal Author: Jennifer Jordan Date Published: Article Title: URI alerts campus to security breach on Business College server Article URL: http://news.providencejournal.com/breaking-news/2012/08/uri-security-br.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120821-02 General Motors MI Electronic Business Yes - Published # 883

General Motors Co. said Friday that 883 active and retired GM workers may have had their personal information exposed — including Social Security numbers — after a GM employee copied personal information just before retiring in May.

Attribution 1 Publication: The Detroit News / datalossdb.org Author: Melissa Burden Date Published: Article Title: GM notifying more than 800 workers of personal information breach Article URL: http://www.detroitnews.com/article/20120803/AUTO0103/208030418

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120821-01 University of South Carolina SC 6/6/2012 Electronic Educational Yes - Published # 34,000

The University of South Carolina said today that confidential information about 34,000 people could have been exposed in a hacker attack on the College of Education's web server.

Attribution 1 Publication: TheState.com / databreaches.net Author: Andrew Shain Date Published: Article Title: 4,000 exposed in USC data breach Read more here: http://www.thestate.com/2012/08/21/2408028/34000-exposed-in-usc-da Article URL: http://www.thestate.com/2012/08/21/2408028/34000-exposed-in-usc-data-breach.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120820-04 Wright-Patterson Medical OH Electronic Government/Military Yes - Published # 3,800 Center Wright-Patterson Medical Center has alerted 3,800 people of a possible personal data security breach when a notebook containing their names and Social Security numbers was temporarily misplaced after a blood drive, according to a base spokesman.

Attribution 1 Publication: Dayton Daily News Author: Barrie Barber Date Published: Article Title: Wright-Patt alerts of possible personal data breach Article URL: http://www.daytondailynews.com/news/news/wright-patt-alerts-3800-to-possible-personal-data-/nRDtm/

How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120820-03 University of Texas MD TX Electronic Medical/Healthcare Yes - Published # 2,200 Anderson Cancer Center The University of Texas MD Anderson Cancer Center in Houston, Texas, has experienced its third data breach this year, this time as a result of a wayward USB thumb drive.

Attribution 1 Publication: cmio.net Author: Date Published: Article Title: MD Anderson suffers third data breach this year, affecting 2,200 patients Article URL: http://www.cmio.net/index.php?option=com_articles&view=article&id=34889:md-anderson-suffers-third-data-breach-thi

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120820-02 Tennessee Tech University TN Electronic Educational Yes - Published # 42

Tennessee Tech University sent letters to 42 former and current employees yesterday informing them of a security breach related to personal identifying information.

Attribution 1 Publication: Herald-Citizen Author: Date Published: Article Title: Data breach of security reported at Tennessee Tech Article URL: http://www.herald-citizen.com/view/full_story/19845958/article-Data-breach-of-security-reported-at-Tennessee-Tech?ins

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120820-01 First Republic Bank CA Electronic Banking/Credit/Financial Yes - Unknown # 0

Specifically, on August 2, 2012, certain data were discarded in a way that did not adhere to our strict data disposal requirements. This data included client names, account types and numbers and tax payer identification/social security numbers. While we do not have any indication that your data, or any data, have been compromised in any way, we want to make you aware of this so that we can take steps together to ensure continued protection of your account(s). We have also enhanced our controls regarding the protection of client data.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: First Republic Bank Article URL: https://oag.ca.gov/system/files/Account%20Security%20Letter%20CA%20Upload_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120817-01 Kindred Healthcare KY Electronic Medical/Healthcare Yes - Published # 1,504

Sometime between June 1, 2012, and June 4, 2012, there was a break in at Kindred Transitional Care and Rehabilitation-Sellersburg’s business office. No one was hurt during the incident and patient care was not affected. On June 4, 2012, Kindred discovered that a safe was missing. Kindred contacted the police department on June 4, and an investigation was conducted by the police department. To date, the safe has not been located. Inside the safe were tapes used by Kindred to back up files containing data relating to past, present and prospective patients at several Kindred facilities.

Attribution 1 Publication: Kindred website / PHIprivacy.net Author: Date Published: Article Title: Kindred Healthcare Article URL: http://www.sellersburgrehab.com/our-center/in-the-news/?id=2147531586

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120816-01 Washington Metropolitan DC Electronic Business Yes - Unknown # 0 Area Transit Authority - Metro officials say that they're working diligently to fix a security breach on their website that potentially allowed a person to access the personal information of anyone who has applied for a job with WMATA.

Attribution 1 Publication: ABC 7 - WJLA.com Author: Date Published: Article Title: Metro website security breach made personal data accessible to public Article URL: http://www.wjla.com/articles/2012/08/metro-website-security-breach-made-personal-data-accessible-to-public-78897.ht

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120814-02 Bear Valley Community CA Electronic Medical/Healthcare Yes - Published # 102 Hospital Bear Valley Community Hospital contacted 102 patients to let them know their medical records had been breached.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Big Bear Grizzly.net Author: Judi Bowers Date Published: Article Title: Audit reveals records leak at local hospital Article URL: http://www.bigbeargrizzly.net/news/article_3389d5be-e108-11e1-86e3-001a4bcf887a.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120814-01 Apria Healthcare, Inc. CA Electronic Medical/Healthcare Yes - Published # 11,000

LAKE FOREST, CA…August 13, 2012…Apria Healthcare, Inc. (“Apria”) announced today that a company-owned employee laptop containing patient names, Social Security numbers and possibly other protected health information (PHI) was stolen from a locked vehicle in Phoenix, Arizona. Because the employee managed billing functions for the company, the laptop contained information pertaining to patients served by the company in a number of states, including California, Arizona, New Mexico and Nevada.

Attribution 1 Publication: Las Vegas Sun / Company website Author: Date Published: Article Title: Apria Healthcare, Inc. Article URL: http://www.lasvegassun.com/community/press-releases/927/

Attribution 2 Publication: Healthcareinfosecurity.com Author: Jeffrey Roman Date Published: Article Title: Laptop Theft Leads Breach Roundup Article URL: http://www.healthcareinfosecurity.com/laptop-theft-leads-breach-roundup-a-5040?rf=2012-08-16-eh&elq=6eea315a27b2

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120810-02 Blizzard Entertainment US Electronic Business Yes - Unknown # 0

This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.

Attribution 1 Publication: us.blizzard.com website Author: Date Published: Article Title: Blizzard Entertainment Article URL: http://us.blizzard.com/en-us/securityupdate.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120810-01 University of Arizona AZ Electronic Educational Yes - Published # 7,700

About 7,700 vendors, consultants, guest speakers, and University of Arizona students had their names and social security numbers compromised in a data breach that occurred in February and early March, a school official disclosed this week. The problem was uncovered when a University of Arizona student found her private information on a public computer server, Cathy Bates, the university’s information security officer, told the Arizona Daily Star.

Attribution 1 Publication: infosecurity-magazine.com Author: Date Published: Article Title: University of Arizona server exposes personal data on 7,700 individuals Article URL: http://www.infosecurity-magazine.com/view/27518/university-of-arizona-server-exposes-personal-data-on-7700-individu

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120809-01 City of Ocoee FL Electronic Government/Military Yes - Unknown # 0

Human error — and not hackers — gave the public temporary Internet access to restricted city of Ocoee documents that included employees' Social Security numbers and other confidential information, City Manager Robert Frank said.

Attribution 1 Publication: Orlando Sentinel Author: Stephen Hudak Date Published: Article Title: Human error responsible for Ocoee data breach, city manager says Article URL: http://articles.orlandosentinel.com/2012-08-09/news/os-ocoee-data-breach-20120808_1_data-breach-human-error-city-m

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120807-09 Surgeons of Lake County, IL Electronic Medical/Healthcare Yes - Unknown # 0 LLC The Surgeons of Lake County, LLC (“Surgeons”) announced today that an unauthorized user had gained access to – and encrypted – their server in an attempt to force payment from Surgeons in exchange for the password needed to regain access to the server.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: phiprivacy.net Author: Date Published: Article Title: Surgeons of Lake County, LLC Article URL: http://www.phiprivacy.net/?p=9907

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120807-08 Pamlico Medical Equipment NC Electronic Business Yes - Published # 2,917 LLC Pamlico Medical Equipment LLC in North Carolina reported that 2,917 were affected by the loss of an electronic device on May 16th. I was able to locate an undated notice on Vidant Beaufort Hospital’s web site:

Attribution 1 Publication: priprivacy.net Author: Date Published: Article Title: Pamlico Medical Equipment LLC Article URL: http://www.phiprivacy.net/?p=9907

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120807-07 Memorial Healthcare System FL Electronic Medical/Healthcare Yes - Published # 102,153

Memorial Healthcare System in Florida notified HHS that 102,153 patients were notified of a breach that occurred between January 1, 2011 and July 5, 2012. That figure is significantly higher and the breach more extensive than what was reported in April, and I see that there is now a new notice on their web site that explains that another breach was discovered in the process of investigating the breach they knew about:

Attribution 1 Publication: PHIprivacy.net / NH AG's office Author: Date Published: Article Title: Memorial Healthcare System Article URL: http://www.phiprivacy.net/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120807-06 NYU Langone Medical Center NY Electronic Medical/Healthcare Yes - Published # 8,400

A desktop computer storing personal health information for approximately 8,400 patients was stolen from NYU Langone Medical Center in New York City, according to an SC Magazine report.

The computer was stolen from the faculty group practice office of John Golfinos, MD, the chairman of the department of neurosurgery. According to the report, the patient information includes names, addresses, dates of birth, telephone numbers and insurance and clinical information. About 5,000 of the lost records contained Social Security numbers.

Attribution 1 Publication: Becker's Hospital Review Author: Kathleen Roney Date Published: Article Title: 8,400 Patient Records Are Vulnerable Following Theft at NYU Langone Medical Center Article URL: http://www.beckershospitalreview.com/healthcare-information-technology/8400-patient-records-are-vulnerable-followin

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120807-05 Palm Beach County Health FL Electronic Government/Military Yes - Published # 86 Department The Palm Beach County Health Department is issuing a public notice that some patients of its Health Centers may have had confidential information contained in their records disclosed to an unauthorized source. The breach occurred when an employee created a client list containing names and social security numbers from patients at the Clinics and attempted to mail the list. Law enforcement confiscated the list containing 86 names in May and advised they were likely being used for fraudulent activity.

Attribution 1 Publication: PBCHD website Author: Date Published: Article Title: PALM BEACH COUNTY HEALTH DEPARTMENT MEDICAL CLIENT BREACH Article URL: http://www.pbchd.com/press/2012/aug/augnews22012.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120807-04 Oregon Health & Science OR Electronic Medical/Healthcare Yes - Published # 14,500 University Hospital Oregon Health & Science University Hospital officials are sending letters to the families of 702 pediatric patients after a USB drive containing some of their patient information was stolen. In total, data for more than 14,000 patients was stored on the drive, along with information for about 200 OHSU employees.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: OHSU website / databreaches.net Author: Date Published: Article Title: OHSU contacts patients about data stolen during burglary Article URL: http://www.ohsu.edu/xd/about/news_events/news/2012/07-31-ohsu-contacts-patients-a.cfm

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120807-03 Madison County Circuit IL Paper Data Government/Military Yes - Unknown # 0 Clerk's Office Officials said they are changing how they dispose of public records after court documents were found in a recycling bin earlier this week behind the Madison County Wood River Facility.

Attribution 1 Publication: thetelegraph.com / databreaches.net Author: Cynthia M. Ellis Date Published: Article Title: Court documents left in plain view Article URL: http://www.thetelegraph.com/news/local/article_07cf12fa-db7b-11e1-95c0-001a4bcf6878.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120807-02 Tarleton State University TX Paper Data Educational Yes - Unknown # 0

Hundreds of Tarleton State University documents containing students' personal information were scattered across the intersection of Washington and Lillian streets Tuesday afternoon breaching a federal law that is supposed to protect student records.

Attribution 1 Publication: yourstephenvilletx.com / databreaches.n Author: Micah Moore Date Published: Article Title: Tarleton officials investigate privacy breach Article URL: http://www.yourstephenvilletx.com/news/local/article_f992b4a4-dbf6-11e1-9e61-001a4bcf887a.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120807-01 Eaton Group LA Paper Data Business Yes - Unknown # 0

Below the interstate at Dalrymple and along the sidewalk, there are documents strewn about with personal information – names, account numbers and addresses just lying around for anyone to pick up.

Attribution 1 Publication: WAFB.com / databreaches.net Author: Date Published: Article Title: Documents with personal information found around LSU Lakes Article URL: http://www.wafb.com/story/15895902/documents-with-personal-information-found-around-lsu-lakes

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120806-01 Stanford Hospitals & Clinics - CA 7/15/2012 Electronic Medical/Healthcare Yes - Published # 2,500 School of Medicine Stanford Hospitals & Clinics and the School of Medicine are notifying 2,500 patients of a breach of protected health information following the theft of a computer from the locked office of a physician.

Attribution 1 Publication: HealthDataManagement.com Author: Joseph Goedert Date Published: Article Title: Stanford PHI Breach Affects 2,500 Article URL: http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-44829-1.html?ET=healthdatam

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120803-02 Wisconsin Department of WI Electronic Government/Military Yes - Published # 110,000 Revenue Personal, confidential information from more than 110,000 people who sold homes in 2011 was hidden inside a Wisconsin Department of Revenue report used by real estate and appraisal organizations.

The DOR has ask those organizations to destroy and replace the report, which was posted online for download from April 5 to July 23. The department said that while the information was in the file, it was not visible when the report was opened. However, someone who opened the specific file would have had access to the information, the DOR said.

Attribution 1 Publication: Greendale.patch.com Author: Janine Anderson Date Published: Article Title: State Inadvertently Posts Home Sellers' Social Security Numbers Online Article URL: http://greendale.patch.com/articles/state-inadvertently-posts-home-sellers-social-security-numbers-online

How is this report produced? What are the rules? See last page of report for details.

Attribution 2 Publication: databreaches.net Author: Janine Anderson Date Published: Article Title: Wisconsin Department of Revenue Inadvertently Posts Home Sellers’ Social Security Numbers Online Article URL: http://www.databreaches.net/?p=24959

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120803-01 General Motors MI Electronic Business Yes - Published # 883

General Motors said 883 active and retired employees may have had personal information exposed in a security breach, and is working to rectify the situation.

The company said a former employee copied spreadsheets containing names and Social Security numbers.

It has notified potential affected employees and retirees, advising them to place fraud alerts on credit reports, as well as to notify the Michigan Attorney General's Office of any suspicious activity, The Detroit News reported Friday.

Attribution 1 Publication: Detroit Free Press Author: Nathan Bomey Date Published: Article Title: GM warns 883 employees, retirees of possible identity theft risk Article URL: http://www.freep.com/article/20120803/BUSINESS0101/120803054/GM-warns-883-employees-retirees-possible-identity-t

Attribution 2 Publication: www.equities.com/news Author: Date Published: Article Title: General Motors Article URL: http://www.equities.com/news/news-headline-story?dt=2012-08-03&val=343812&d=1&cat=headline

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120802-03 Hartford Hospital - VNA CT 6/26/2012 Electronic Medical/Healthcare Yes - Published # 9,558 HealthCare Connecticut Attorney General George Jepsen has requested information from Hartford Hospital about why the unencrypted personal health information of approximately 9,000 patients was located on a laptop stolen from a third-party vendor.

Attribution 1 Publication: Health Data Management Author: Joseph Goedert Date Published: Article Title: Hartford Breach Affecting 9,558 Includes Social Security Numbers Article URL: http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-44816-1.html

Attribution 2 Publication: Legalnewsline.com Author: Bryan Cohen Date Published: Article Title: Conn. AG has questions about hospital security breach Article URL: http://www.legalnewsline.com/news/236901-conn.-ag-has-questions-about-hospital-security-breach

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120802-02 Boston Water and Sewer MA Electronic Government/Military Yes - Unknown # 0 Commission A hard drive containing customer data has gone missing at the Boston Water and Sewer Commission, officials report. Officials said it's unlikely the missing data would lead to any misuse of personal information.

Attribution 1 Publication: Boston Business Journal Author: Galen Moore Date Published: Article Title: Boston Water and Sewer warns of customer data breach Article URL: http://www.bizjournals.com/boston/blog/mass_roundup/2012/08/boston-water-and-sewer-data-breach.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120802-01 Environmental Protection DC Electronic Government/Military Yes - Published # 8,000 Agency A computer security breach at the Environmental Protection Agency exposed the Social Security numbers and banking information of nearly 8,000 people, most of them current employees, the EPA confirmed.

Attribution 1 Publication: Washington Business Journal Author: Jill R. Aitoro Date Published: Article Title: EPA security breach exposes personal information of 8,000 people Article URL: http://www.bizjournals.com/washington/news/2012/08/02/epa-security-breach-exposes-personal.html

How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120731-02 Lutheran Community WA Electronic Medical/Healthcare Yes - Published # 756 Services Northwest On March 30, 2012, we became aware that there had been a break-in at our Bremerton office. Computers and electronic devices were taken, some of which contained sensitive information. A police report was immediately filed and every effort made to recover the information.

Attribution 1 Publication: HHS.gov / phiprivacy.net Author: Date Published: Article Title: Lutheran Community Services Northwest Article URL: http://www.phiprivacy.net/?paged=3

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120731-01 Mass Mutual Financial Group MA Electronic Business Yes - Unknown # 0

Massachusetts Mutual Life Insurance Company and its subsidiaries (“MassMutual”) understand the importance of protecting the privacy and security of information about our customers, and take seriously our obligations to protect this information. This letter is to inform you that on July 13, 2012 MassMutual inadvertently sent via secure email a report containing your personal information to the Plan Sponsor of another retirement plan administered by MassMutual. We have conducted an investigation into the incident to determine the extent and its impact on our customers and have determined that the information involved in this incident included your name, Social Security number, and your 401(k) balance information.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Mass Mutual Financial Group Article URL: https://oag.ca.gov/system/files/Earthbound%20Farm%20-%20Notification%20Letter%20%28California%29_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120730-03 Hamner Square Dental CA Electronic Medical/Healthcare Yes - Published # 1,112

We are writing to inform you of the following incident and the steps we have taken and are taking to respond to it. On May 10, 2012, in the course, of upgrading to a new imaging and management software called Eaglesoft to better serve you, a representative of one of our dental practice’s business partners, Patterson Dental, visited our offices and, without our knowledge or consent in violation of our policies and procedures in exporting your data for the new systems conversion process had placed an unencrypted USB memory chip containing data from our practice into a sealed envelope and deposited it at a local post office to be sent through the U.S. mail to their technical headquarters.

Attribution 1 Publication: CA AG's Office / PHI Privacy Net Author: Date Published: Article Title: Hamner Square Dental Article URL: https://oag.ca.gov/system/files/Eastvale%20Notification%20Letter%20Attorney%20General_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120730-02 River Arch Dental CA Electronic Medical/Healthcare Yes - Published # 2,533

Attribution 1 Publication: CA AG's office / PHI Privacy Net Author: Date Published: Article Title: River Arch Dental Article URL: https://oag.ca.gov/system/files/River%20Arch%20Notification%20Attorney%20General_3.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120730-01 Upper Valley Medical Center OH Electronic Medical/Healthcare Yes - Published # 15,000

An 18-month data breach involving 15,000 patients at Upper Valley Medical Center in Troy allowed unauthorized access to patients’ names, address, hospital account number and balanced owed. No clinical information was accessible.

Attribution 1 Publication: Dayton Daily News Author: Mark Gokavi Date Published: Article Title: Data breach involved 15,000 patients Article URL: http://www.daytondailynews.com/news/news/local/data-breach-involved-15000-patients/nP5S9/

We are writing to you because of a recent security incident which may have resulted in unauthorized access of your personal information. On or about June 29, 2012 we received word from one of our customers that several of their employees had reported unauthorized charges on their credit cards.

Attribution 1 Publication: CA AG's Office / VT and NH Author: Date Published: Article Title: Mission Linen Supply Article URL: https://oag.ca.gov/system/files/Customer%20Notice%20Letter%20word%207%2020%2012_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120727-03 Petco Animal Supplies, Inc. MN 7/3/2012 Electronic Business Yes - Unknown # 0

We are writing to inform you of an information security incident that could potentially affect you, arid to share with you the steps that Petco is taking to address it. On Tuesday, July 3, 2012, the outside auditor of Petco’s 401(k) Plan (the ‘Plan”) informed us that five laptop computers had been stolen from their offices during the weekend of May 18-20, 2012. We are seeking an explanation from the outside auditor’s office for the lapse of time in informing Petco of this incident. In the meantime. we are writing to you because the outside auditor also informed us that the stolen laptops may have contained certain personal information, including name and Social Security number, of all associates who were issued a Petco paycheck in 2010 as well as associates who had a 401(k) account and received a distribution, or had a fee deducted from their account, in 2011.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Petco Animal Supplies, Inc. Article URL: https://oag.ca.gov/system/files/Experian%20Final%20Proof%20-%20Base%20Version_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120727-02 Miami Northwestern Senior FL Paper Data Educational Yes - Unknown # 0 High School Manila folders containing student records with Social Security numbers and health information found in dumpsters

Attribution 1 Publication: datalossdb.org Author: Date Published: Article Title: Miami Northwestern Senior High School Article URL: http://datalossdb.org/incidents/6909-manila-folders-containing-student-records-with-social-security-numbers-and-healt

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120727-01 Northwestern Memorial IL Electronic Medical/Healthcare Yes - Unknown # 0 Hospital Now comes word out of Chicago of a patient health information breach at the hospice offices of Northwestern Memorial Hospital (NMH). According to the hospital, the offices at 676 N. St. Clair Street were robbed of six laptops and tablets on June 11, 2012. By June 15, after reporting the event to the Chicago Police Department and undergoing an internal investigation, the hospital discovered that the devices were in the midst of a software upgrade that left them especially vulnerable to becoming compromised because typical security features were shut off as part of the process.

Attribution 1 Publication: HealthDataManagement.com Author: Joseph Goedert Date Published: Article Title: Northwestern Memorial Hospital Tight-Lipped on Hospice Data Breach Article URL: http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-44807-1.html?ET=healthdatam

Attribution 2 Publication: EHR Intelligence Author: Kyle Murphy Phd Date Published: Article Title: Northwestern Memorial announces theft and health data breach Article URL: http://ehrintelligence.com/2012/07/27/northwestern-memorial-announces-theft-and-health-data-breach/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-23 Hillsborough County Health FL 2/15/2012 Electronic Government/Military Yes - Published # 311 Department The Hillsborough County Health Department is informing the public about a breach of client information where information was stolen, affecting up to 311 people.

Health officials say an employee intentionally printed documents that included client data and removed them from the facility on, or about February 15, 2012.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: BayNews9.com Author: Date Published: Article Title: Hillsborough County Health Department Article URL: http://www.baynews9.com/content/news/baynews9/news/article.html/content/news/articles/bn9/2012/7/25/hillsborough_

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-22 Alliant Health Plans, Inc. GA 1/1/2012 Electronic Medical/Healthcare Yes - Published # 632

unauthorized access/disclosure - other

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: Alliant Health Plans, Inc. Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-21 Robley Rex VA Medical KY 1/9/2012 Paper Data Medical/Healthcare Yes - Published # 1,182 Center theft/loss paper

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: Robley Rex VA Medical Center Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-20 William F. DeLuca Jr., M.D. NY 1/16/2012 Electronic Medical/Healthcare Yes - Published # 577

theft - laptop

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: William F. DeLuca Jr., M.D. Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-19 Tufts Associated Health MA 1/17/2012 Paper Data Medical/Healthcare Yes - Published # 3,482 Maintenance Organization, other - paper

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: Tufts Associated Health Maintenance Organization, Inc. and Tufts Insurance Company Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-18 Baylor Heart and Vascular TX 1/26/2012 Electronic Medical/Healthcare Yes - Published # 1,972 Center, LLP theft - other portable electronic device

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: Baylor Heart and Vascular Center, LLP Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-17 Advanced Clinical Research CA 1/26/2012 Paper Data Medical/Healthcare Yes - Published # 875 Institute theft - paper

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: Advanced Clinical Research Institute Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-16 Neighborhood Christian AZ 2/7/2012 Electronic Medical/Healthcare Yes - Published # 9,565 Clinic loss - other portable electronic device

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: Neighborhood Christian Clinic Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-15 DRD Knoxville Medical TX Paper Data Medical/Healthcare Yes - Published # 1,000 Clinic - Central improper disposal

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: DRD Knoxville Medical Clinic - Central Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-14 Rex Smith, DPB Podiatry OR 2/19/2012 Electronic Medical/Healthcare Yes - Published # 20,915

theft - desktop computer

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: Rex Smith, DPB Podiatry Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-13 Roy E. Gondo, M.D. WA Electronic Medical/Healthcare Yes - Published # 2,100

theft - desktop computer, electronic medical records

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: Roy E. Gondo, M.D. Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-12 SHIELDS for Families CA 2/27/2012 Electronic Medical/Healthcare Yes - Published # 961

theft - network server

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: SHIELDS for Families Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-11 Stephen Haggard, DPM WA 3/4/2012 Electronic Medical/Healthcare Yes - Published # 1,597 Podiatry theft - network server

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: Stephen Haggard, DPM Podiatry Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-10 Seton Health Plan TX 3/9/2012 Paper Data Medical/Healthcare Yes - Published # 555

Unauthorized Access/Disclosure

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: Seton Health Plan Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-09 Luz Colon, DPM Podiatry FL Electronic Medical/Healthcare Yes - Published # 1,137

theft/loss of laptop

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: Luz Colon, DPM Podiatry Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-08 Ameritas Life Insurance Corp. NE Electronic Medical/Healthcare Yes - Published # 3,000

theft - laptop

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: Ameritas Life Insurance Corp. Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-07 Titus Regional Medical Center TX Electronic Medical/Healthcare Yes - Published # 500

Theft - other

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: Titus Regional Medical Center Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-06 Hogan Services Inc. Health MO Electronic Medical/Healthcare Yes - Published # 1,134 Care Premium Plan Unauthorized Access/Disclosure

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: Hogan Services Inc. Health Care Premium Plan Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-05 IU Medical Group IN 4/11/2012 Paper Data Medical/Healthcare Yes - Published # 1,000

Improper Disposal

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: IU Medical Group Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-04 Desert AIDS Project CA Electronic Medical/Healthcare Yes - Published # 4,400

theft - Desktop Computer

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: Desert AIDS Project Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-03 St. Mary Medical Center CA 5/7/2012 Electronic Medical/Healthcare Yes - Published # 3,900

Other Portable Electronic Device

Attribution 1 Publication: HHS.gove Author: Date Published: Article Title: St. Mary Medical Center Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-02 Safe Ride Services, Inc. AZ Electronic Medical/Healthcare Yes - Published # 42,000

Unauthorized Access/Disclosure, Hacking/IT incident

Attribution 1 Publication: HHS.gov Author: Date Published: Article Title: Safe Ride Services, Inc. Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120726-01 ITWallStreet.com NY Electronic Business Yes - Unknown # 0

A hacker today claimed to have broken into ITWallStreet.com, a website for IT professionals who are seeking Wall Street jobs or working with Wall Street firms, and exposed highly detailed data belonging to tens of thousands of job applicants.

Attribution 1 Publication: Computerworld Author: Jaijumar Vijayan Date Published: Article Title: Hacker claims breach of 50,000 accounts from Wall Street IT recruiting firm Article URL: http://www.computerworld.com/s/article/9229336/Hacker_claims_breach_of_50_000_accounts_from_Wall_Street_IT_re

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120725-02 Oregon State University OR Electronic Educational Yes - Published # 21,000

Oregon State Police currently are investigating a security breach by a vendor who, while under contract to Oregon State University, copied information from a check register data base without permission. The action could have compromised the private information of 21,000 students and employees who were associated with OSU between 1996 and 2009.

Attribution 1 Publication: Corvallis Gazette-Times Author: Joce DeWitt Date Published: Article Title: OSU notifying individuals of data security breach Article URL: http://www.gazettetimes.com/news/local/education/osu-notifying-individuals-of-data-security-breach/article_ed46267e-

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120725-01 Department of Revenue WI Electronic Government/Military Yes - Published # 110,795

The state Department of Revenue acknowledged Tuesday posting online by mistake the tax numbers of tens of thousands of businesses and consumers - at least the fourth time in six years the state has released confidential information and raised the fear of identity fraud.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Jsonline.com Author: Jason Stein / Patrick Date Published: Article Title: State mistake puts thousands at risk of identity theft Article URL: http://www.jsonline.com/news/statepolitics/state-mistake-puts-thousands-at-risk-of-identity-theft-7v685kv-163625236.ht

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120723-03 Brigham Young University UT Electronic Educational Yes - Published # 800

righam Young University is warning several hundred present and former students about a data breach that may have compromised students' personal information. The data breach originally occurred on June 10 when a server at BYU was accessed by an unauthorized source.

Attribution 1 Publication: Daily Herald Author: Paige Fieldsted Date Published: Article Title: Small data breach at BYU put student information at risk Article URL: http://www.heraldextra.com/news/local/central/provo/small-data-breach-at-byu-put-student-information-at-risk/article_6

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120723-02 Gamingo US Electronic Business Yes - Unknown # 0

Call it a slow leak. Four months after the gaming site Gamigo warned users about a hacker intrusion that accessed some portions of its users’ credentials, more than 8 million usernames, emails and and encrypted passwords from the site have been published on the Web, according to the data breach alert service PwnedList. The half-gigabyte collection of stolen user data was posted to a password-cracking forum Inside Pro earlier this month, where it remained online until late last week.

Attribution 1 Publication: Forbes Author: Andy Greenberg Date Published: Article Title: Eight Million Email Addresses And Passwords Spilled From Gaming Site Gamigo Months After Hacker Breach Article URL: http://www.forbes.com/sites/andygreenberg/2012/07/23/eight-million-passwords-spilled-from-gaming-site-gamigo-mont

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120723-01 Beth Israel Deaconess MA 5/22/2012 Electronic Medical/Healthcare Yes - Published # 3,900 Medical Center About 3,900 Beth Israel Deaconess Medical Center patients will be getting letters alerting them that some of their personal health information may have been breached after a physician's personal laptop computer was stolen from a hospital office.

Attribution 1 Publication: Boston.com Author: Date Published: Article Title: Laptop theft may affect 3,900 Beth Israel patients Article URL: http://articles.boston.com/2012-07-21/business/32760508_1_social-security-numbers-patient-names-financial-data

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120713-01 Yahoo CA Electronic Business Yes - Unknown # 0

A Yahoo security breach that exposed 450,000 usernames and passwords from a site on the huge web portal indicates that the company failed to take even basic precautions to protect the data.

Attribution 1 Publication: PC World Author: Antone Gonsale Date Published: Article Title: Yahoo Security Breach Shocks Experts Article URL: http://www.pcworld.com/businesscenter/article/259191/yahoo_security_breach_shocks_experts.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120711-01 Puerta Grande Restaurant KY Electronic Business Yes - Unknown # 0

Central Kentucky residents who recently ate at Puerta Grande restaurant in Winchester are urged to check their bank and credit card statements because of a major data breach.

Attribution 1 Publication: Lexington Herald-Leader Author: Josh Kegley Date Published: Article Title: Hackers Steal Financial Data From Diners at Winchester Restaurant Article URL: http://www.loansafe.org/hackers-steal-financial-data-from-diners-at-winchester-restaurant

How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120710-03 Restart Behavioral Health NC Paper Data Medical/Healthcare Yes - Unknown # 0 Care 9 On Your Side is investigating a case of medical records privacy.

A viewer told us about documents with personal, medical information dropped in a dumpster. It's sensitive information you wouldn't want out in the open.

HIPPA laws say disposing of medical records this way is simply not allowed.

Attribution 1 Publication: WNCT-On Your Side / PHIPrivacy.net Author: Jonathan Rodriguez Date Published: Article Title: Private, Medical Information Left Out in a Dumpster Article URL: http://www2.wnct.com/news/2012/jun/29/private-medical-information-left-out-dumpster-ar-2397574/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120710-02 Woodrow Wilson National NJ Electronic Business Yes - Unknown # 0 Fellowship Foundation In May 2012, the Foundation became aware that some fellowship applicants' personal information may have become publicly accessible during an update f the Foundation's website. Due to an I/T oversight, certain information was inadvertently placed outside the Foundation's internet firewall, resulting in potential temporary public exposure. Specifically, this application information may have included names, mailing addresses, email addresses, SSNs and other application information such as grades and letters of recommendation.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Woodrow Wilson National Fellowship Foundation Article URL: http://doj.nh.gov/consumer/security-breaches/documents/woodrow-wilson-fellowship-20120607.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120710-01 Three Rivers District Health NE Electronic Government/Military Yes - Published # 1,100 Department The director of Three Rivers District Health Department said her agency thinks “there’s very little chance” personal information accessed by an unauthorized person within the department could be used harmfully, and additional precautions are being put in place to protect sensitive data.

Three Rivers announced in a prepared statement Monday that since approximately December 2010, “someone internally was accessing certain documents belonging to Three Rivers Health Department that contained personal data.”

Attribution 1 Publication: Fremont Tribune Author: Date Published: Article Title: Three Rivers takes steps after information breach Article URL: http://fremonttribune.com/news/local/three-rivers-takes-steps-after-information-breach/article_3a4d6882-caa3-11e1-8cb

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120702-01 University of Florida FL Electronic Educational Yes - Published # 220

University of Florida officials are notifying 220 former law school students and applicants who had sought a roommate online in the early 2000s through the Levin College of Law that their Social Security numbers were accessible on the Web.

Attribution 1 Publication: University of Florida website Author: Date Published: Article Title: UF notifies former law students about privacy breach Article URL: http://news.ufl.edu/2012/06/26/law-school-privacy/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120629-05 University of Texas MD TX 4/30/2012 Electronic Medical/Healthcare Yes - Published # 30,000 Anderson Cancer Center MD Anderson Cancer Center in Houston is notifying about 30,000 patients of a breach of protected health information that includes some Social Security numbers.

Attribution 1 Publication: Health Data Management Author: Joseph Goedert Date Published: Article Title: Breach at MD Anderson Includes Social Security Numbers Article URL: http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-44691-1.html?ET=healthdatam

How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120629-04 Owner-Operator Services MO Electronic Business Yes - Unknown # 0 Incorporated The Owner-Operator Independent Drivers Association and its affiliate company Owner-Operator Services Incorporated has recently been made aware of a security breach affecting some of our members/customers that occurred between January 15, 2012 and May 8, 2012. This breachmay have allowed access to certain personal information including customers' full name, credit and/or debit card numbers, credit and/or debit card expiration dates, telephone numbers, e-mail addresses, date of birth and credit and/or debit card service codes.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Owner-Operator Services Incorporated Article URL: http://doj.nh.gov/consumer/security-breaches/documents/owner-operator-independent-drivers-20120619.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120629-03 ThePartsBin.com CA Electronic Business Yes - Unknown # 0

I am writing to let you know of a security incident occurring between April 9, 2012, and June 12, 2012, involving our website, www.ThePartsBin.com. Due to this incident, we have reason to believe that your name and credit card information may have been accessed without authorization.

Attribution 1 Publication: CA AG's office / NH AG's Office Author: Date Published: Article Title: ThePartsBin.com Article URL: https://oag.ca.gov/system/files/Parts%20Bin%20Notice_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120629-02 University of Southern CA Electronic Educational Yes - Unknown # 0 California The university recently identified a security breach affecting credit card purchases made at food outlets on the USC University Park and Health Sciences campuses.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: University of Southern California Article URL: https://oag.ca.gov/system/files/USC%20NOTICE%20FINAL%2006.28.12_2.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120629-01 AT&T US Electronic Business Yes - Unknown # 0

There is a lot of confusion surrounding Wednesday's news of a security breach at an AT&T Web site that exposed data of more than 100,000 iPad users.

Attribution 1 Publication: C/Net Author: Elinor Mills Date Published: Article Title: What the AT&T breach means for iPad users (FAQ) Article URL: http://news.cnet.com/8301-27080_3-20007417-245.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120626-04 Proctor & Gamble OH Electronic Business Yes - Unknown # 0

P&G recently became aware of a data security incident involving certain personal information of some P&G shareholders. On Sunday, 4/8/12, SunGard Systems, the third-party provider of P&G's Shareholder Services Account Online Access website, experienced a technical issue during a routine server upgrade. During a confined window of 24 hours, a limited amount of account information was incorrectly displayed to the wrong accountholder if he/she logged into the site during this period and performed certain tasks.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Proctor & Gamble Article URL: tp://doj.nh.gov/consumer/security-breaches/documents/procter-gamble-05152012.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120626-03 Delta Dental of Illinois IL Paper Data Medical/Healthcare Yes - Published # 650

Delta Dental of Illinois has notified hundreds of people about an incident that could result in the exposure of their personal information.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: phiprivacy.net Author: Date Published: Article Title: Some Delta Dental records lost during shipping Article URL: http://www.phiprivacy.net/?p=9647

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120626-02 Commodity Futures Trading DC Electronic Government/Military Yes - Unknown # 0 Commission The U.S. Commodity Futures Trading Commission suffered a data breach in May, putting at risk Social Security numbers and personal information of employees of the country’s top derivatives regulator.

Attribution 1 Publication: Bloomberg Author: Silla Brush Date Published: Article Title: CFTC Data Breach Risks Employees’ Social Security Numbers Article URL: http://www.bloomberg.com/news/2012-06-25/cftc-data-breach-risks-employees-social-security-numbers.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120626-01 Cunard Cruise Line US Electronic Business Yes - Unknown # 0

Cunard has been forced to shut down its online booking system for guests after accidentally sending the personal information of more than 1,200 passengers to an undisclosed number of people registered on the system.

Attribution 1 Publication: Overheadbin on MSNBC Author: Dori Saltzman Date Published: Article Title: Cruise line data breach exposes 1,200-plus passengers Article URL: http://overheadbin.msnbc.msn.com/_news/2012/06/26/12415586-cruise-line-data-breach-exposes-1200-plus-passengers

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120622-01 Gotickets, Inc. NC Electronic Business Yes - Unknown # 0

Pending the final results of our investigation, it appears that an unknown, outside group or individual improperly accessed www.gotickets.com’s database possibly exposing some of our customers’ sensitive information, including shipping, billing and credit card data related to purchases made through www.gotickets.com. We believe this improper access occurred on or around May 22 and May 30, 2012. Although we are not certain that your sensitive information was affected, as a precaution, we are advising you to keep a close eye on this account’s activity.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: www.gotickets.com Article URL: https://oag.ca.gov/system/files/GoTickets%20Customer%20Notification%20Template_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120620-01 Principal Life Insurance IA 3/20/2012 Electronic Business Yes - Unknown # 0 Company On March 20, 2012, Principal Life Insurance Company inadvertently provided contract owner information to a distribution partner for contracts sold by a different distribution partner. This event occurred when fulfilling a request for contract owner information from the selling distributor. Although the data was transferred securely, the information disclosed contract owner's first and last names, addresses and SSNs for individuals that were not associated with the requesting distribution partner.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Principal Life Insurance Company Article URL: http://doj.nh.gov/consumer/security-breaches/documents/principal-life-insurance-20120608.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120619-03 Acumentrics Corporation MA 5/7/2012 Electronic Business Yes - Unknown # 0

An unknown person or persons gained access to the company's payroll system, exposin the employee profiles used by that system. These records contain the following information: names, addresses, SSNs, dates of birth and, for direct depositers, bank routing and account information.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Acumentrics Corporation Article URL: http://doj.nh.gov/consumer/security-breaches/documents/acumentrics-20120611.pdf

How is this report produced? What are the rules? See last page of report for details.

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120619-02 Robert Witham M.D., FACP OR 4/16/2012 Electronic Government/Military Yes - Published # 11,136

The medical office of Dr. Robert Witham, M.D., F.A.C.P. was burglarized on April 16, 2012. Two computers containing patient information, office and medical equipment and various personal belongings of Dr. Witham were stolen. Port Angeles Police were notified and are conducting their investigations. An independent investigation has concluded that unauthorized use of patient and billing data is unlikely. All affected patient notification letters were mailed on June 7, 2012.

Attribution 1 Publication: VT AG's office / phiprivacy.net Author: Date Published: Article Title: Robert Witham M.D., FACP Article URL: http://www.atg.state.vt.us/issues/consumer-protection/privacy-and-Data-Security/Vermont-Security-Breaches.php

Attribution 2 Publication: HHS.gov Author: Date Published: Article Title: Robert Witham M.D., FACP Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120619-01 Public Employees Retirement NM Electronic Business Yes - Published # 100,000 Association New Mexico's public pension agency spent most of Friday notifying about 100,000 active and retired government workers to guard against possible fraud following the theft of a computer that might have contained their personal information.

Attribution 1 Publication: Santa Fe New Mexican.com Author: Trip Jennings Date Published: Article Title: PERA warns members of possible data breach Article URL: http://www.santafenewmexican.com/Local%20News/PERA-warns-members-of-possible-data-breach

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120618-01 Memorial Sloan-Kettering NY Electronic Medical/Healthcare Yes - Published # 880 Breach New York City-based Memorial Sloan-Kettering Cancer Center had clinical data and private information, in some cases Social Security numbers, mistakenly leaked onto two medical professional organizations' websites earlier this year, according to a Long Island Press report.

Attribution 1 Publication: esecurityplanet.com Author: Jeff Goldman Date Published: Article Title: Memorial Sloan-Kettering Cancer Center Suffers Security Breach Article URL: http://www.esecurityplanet.com/network-security/memorial-sloan-kettering-cancer-center-suffers-security-breach.html

Attribution 2 Publication: Long Island Press Author: Christopher Twarows Date Published: Article Title: Memorial Sloan-Kettering Patient Data Leak Undetected for 6 Years Article URL: http://www.longislandpress.com/2012/06/14/memorial-sloan-kettering-patient-data-leak-undetected-for-six-years/

Attribution 3 Publication: Becker's Spine Review Author: Kathleen Roney Date Published: Article Title: Print E-mail Memorial Sloan-Kettering Cancer Center Leaks Patient Information Article URL: http://beckersorthopedicandspine.com/hitmeaningful-useemr/item/12258-memorial-sloan-kettering-cancer-center-leaks

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120614-02 Primex NH 12/31/2011 Electronic Business Yes - Published # 14,000

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Primex Article URL: http://doj.nh.gov/consumer/security-breaches/documents/primex-20120529.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120614-01 Fleetwood School District PA Electronic Educational Yes - Published # 2,700

The personal information of all students in the Fleetwood School District was stolen and posted online, district officials and Fleetwood police said Wednesday.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: ReadingEagle.com Author: Jason A. Kahl Date Published: Article Title: Security breach exposes student data Article URL: http://readingeagle.com/article.aspx?id=392801

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120613-07 Clarksville-Montgomery TN Electronic Educational Yes - Published # 14,500 County Schools A hitherto unknown hacking group claimed responsibility for a hacking attack on a county school system in Tennessee that may have exposed the names, Social Security numbers and other personal data belonging to about 110,000 people. The group, which called itself Spex Security, later posted 14,500 of the compromised records online and has threatened to post more. Those affected by the breach include an unknown number of former and current students and employees of the Clarksville-Montgomery County School System (CMCSS).

Attribution 1 Publication: Computerworld Author: Jaikumar Vijayan Date Published: Article Title: Hackers claim to steal 110,000 SSNs from Tenn. school system Article URL: http://www.computerworld.com/s/article/9228069/Hackers_claim_to_steal_110_000_SSNs_from_Tenn._school_system

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120613-06 Emblem Health NY Electronic Medical/Healthcare Yes - Unknown # 0

On March 29, 2012 we discovered that on 9/27/11, shortly before his departure from Emblem, a former employee emailed a copy of Emblem's Broker Master File (the "file") to an email account owned by his wife. A copy of the email was also sent to an individual who worked at another company that the former employee was about to join. The file contained names and SSNs, as well as other demographic information, such as addresses, telephone numbers, dates of birth and broker license numbers.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Emblem Health Article URL: http://doj.nh.gov/consumer/security-breaches/documents/emblem-health-20120529.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120613-05 Countrywide Home Loans TN Paper Data Banking/Credit/Financial Yes - Unknown # 0

You shred your personal papers and do as much as you can at home to protect your identity, but once you give your information out, you can only hope the person you give it to is careful. A Sevier County business owner says she's lucky she was the one that found papers with personal information in a dumpster in Sevierville. She called us, someone else could have stolen several people's identities.

Attribution 1 Publication: WVLT / databreaches.net Author: Date Published: Article Title: Personal Records Found in Dumpster Article URL: http://www.local8now.com/news/headlines/4414137.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120613-04 Bethpage Federal Credit NY Electronic Banking/Credit/Financial Yes - Published # 86,000 Union Bethpage Federal Credit Union on Tuesday said personal information of 86,000 consumer VISA debit card accounts had been exposed on the Internet.

Attribution 1 Publication: LIBN.com Author: Claude Solnik Date Published: Article Title: Bethpage Federal Credit Union details data breach Article URL: http://libn.com/2012/06/12/bethpage-federal-credit-union-details-data-breach/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120613-03 Tilted Kilt TX Electronic Business Yes - Unknown # 0

Anyone who has recently grabbed a drink or two at the Tiled Kilt off Loop 1604 might want to check their bank statement.

That's because a sophisticated theft ring hacked into their computer system and is shopping on the East coast with the stolen information.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: KENS5.com / databreaches.net Author: Karen Grace Date Published: Article Title: Tilted Kilt pub hit by credit-card hackers . Article URL: http://www.kens5.com/home/related/Hackers-steal-credit-card-information-from-local-pub-Management-spreading-the-

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120613-02 Eugene School District OR Electronic Educational Yes - Unknown # 0

Confidential student information — names, dates of birth, addresses, phone numbers and in some cases, Social Security numbers — for all Eugene School District students has been grabbed electronically by an unknown person, district employees discovered over the weekend. The same information from 2007 also was accessed.

Attribution 1 Publication: The Register-Guard Author: Susan Palmer Date Published: Article Title: Student files breached, Eugene schools reveal Article URL: http://www.registerguard.com/web/updates/28217263-55/district-student-breach-security-accessed.html.csp

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120613-01 Gessler Clinic FL Paper Data Medical/Healthcare Yes - Published # 1,400

Documents containing personal information from about 1,400 patients were stolen from Gessler Clinic in May, the clinic announced Tuesday.

Attribution 1 Publication: TheLedger.com Author: Ryan E. Little Date Published: Article Title: Personal Information of Gessler Clinic Patients Stolen Article URL: http://www.theledger.com/article/20120612/NEWS/120619807?p=2&tc=pg

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120611-01 University of North Florida FL Electronic Educational Yes - Published # 23,245

University of North Florida students who submitted housing contracts from 1997 to spring 2011 may be vulnerable to a data breach, according to a release on the school's website.

Attribution 1 Publication: First Coast News.com Author: Date Published: Article Title: UNF housing server data breach may affect 23,246 individuals Article URL: http://www.firstcoastnews.com/news/local/article/259692/3/UNF-housing-server-data-breach-may-affect-23246-individua

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120608-02 Next Day Flyers (Postcard CA Electronic Business Yes - Unknown # 0 Press) On April 2, 2012 we discovered an electronic file on our system that was storing transaction information, including the name, address, email address and credit card information for customers who placed orders through our website between 3/23/12 and 4/2/12.

Attribution 1 Publication: CA AG's office / NH AG's office Author: Date Published: Article Title: Next Day Flyers (Postcard Press) Article URL: https://oag.ca.gov/system/files/Individual%20Notification%20Letter_1.PDF?

Attribution 2 Publication: CA AG's office Author: Date Published: Article Title: Next Day Flyers Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-23338

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120607-01 eHarmony CA Electronic Business Yes - Unknown # 0

eHarmony has confirmed that its security has been breached and more than 1.5 million user names and passwords leaked online.

Attribution 1 Publication: digital spy.com Author: Mark Langshaw Date Published: Article Title: eHarmony confirms security breach, user data leaked online Article URL: http://www.digitalspy.com/tech/news/a385940/eharmony-confirms-security-breach-user-data-leaked-online.html

Roughly 300 transcripts, some containing complete Social Security numbers, were accessible through a University of Virginia website on Tuesday morning due to an as-yet unspecified human error, university officials have confirmed.

Attribution 1 Publication: The Daily Progress.com / databreaches. Author: Ted Strong Date Published: Article Title: UVa error put transcripts, and Social Security numbers, up on the web Article URL: http://www2.dailyprogress.com/news/2012/jun/05/uva-error-put-transcripts-and-social-security-numb-ar-1968283/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120606-02 LinkedIn CA Electronic Business Yes - Unknown # 0

The social networking website LinkedIn is investigating claims that more than 6 million passwords were stolen and uploaded to a Russian- language web forum today.

Attribution 1 Publication: ABCNews.go.com Author: Colleen Curry Date Published: Article Title: 6.4 Million Passwords Reportedly Stolen From LinkedIn Website Article URL: http://abcnews.go.com/US/linkedin-hacked-64-million-user-passwords-reportedly-leaked/story?id=16508728

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120606-01 Paper Street Media, LLC FL Electronic Business Yes - Unknown # 0

SUMMARY 6,209 user names and passwords as well as 169 emails dumped on the Internet

Attribution 1 Publication: datalossdb.org Author: Date Published: Article Title: Paper Street Media, LLC Article URL: http://datalossdb.org/incidents/6798-6-209-user-names-and-passwords-as-well-as-169-emails-dumped-on-the-internet

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120605-02 Investacorp, Inc. FL Electronic Business Yes - Unknown # 0

A vendor of the broker-dealer, National Financial Services (NFS), used by Investacorp was involved in a data security breach. On or around March 12, 2012, Investacorp learned that an NFS vendor had inadvertently shared electronic files with another federally regulated broker- dealer that also uses NFS's services. The incident occurred on November 29, 2011 and was first noticed on February 13, 2012. The information included client names, Social Security numbers, and certain types of account data. Five Investacorp clients from California may have been affected, but the total number of affected individuals nationwide was not reported. The vendor responsible for the mistake worked with the other broker-dealer to delete the client files from their system. Investacorp then received an executed affidavit from the broker-dealer certifying the destruction of the electronic files.

Attribution 1 Publication: CA AG's office / NH AG's office / privacy Author: Date Published: Article Title: Investacorp, Inc. Article URL: https://oag.ca.gov/system/files/California%20Security%20Breach_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120605-01 Mount Sinai Hospital FL Paper Data Medical/Healthcare Yes - Published # 340

An employee of Mount Sinai Hospital has been arrested on identity-theft charges accusing her of stealing hundreds of patients’ Social Security numbers and other personal information, federal authorities said Thursday

Attribution 1 Publication: Miami Herald Author: Jay Weaver Date Published: Article Title: Hospital specimen clerk in Miami Beach charged with theft of patients’ IDs Read more here: http://www.miamiherald.com/201 Article URL: http://www.miamiherald.com/2012/05/31/2826486/mount-sinai-hospital-employee.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120601-07 Charlie Norwood VA Medical GA Electronic Medical/Healthcare Yes - Published # 824 Center The personal information of more than 800 veterans was contained in a laptop that was stolen two months ago, the Charlie Norwood VA Medical Center said Friday.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Augusta Chronicle Author: Date Published: Article Title: Stolen laptop contained veterans' information, VA says Article URL: http://chronicle.augusta.com/latest-news/2012-06-01/stolen-laptop-contained-veteran-information-va-says

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120601-06 Crowne Plaza OH Electronic Business Yes - Unknown # 0

We are writing to inform you of a data security incident at the Crowne Plaza, Columbus, Ohio (the “Hotel”). The data security incident includes credit card information, meaning, among other things, the name, address, credit card number and expiration date of certain credit cards used at the Hotel.

Attribution 1 Publication: VT AG's office Author: Date Published: Article Title: Crowne Plaza Article URL: http://www.atg.state.vt.us/issues/consumer-protection/privacy-and-Data-Security/Vermont-Security-Breaches.php

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120601-05 ECS Tuning Inc. OH Electronic Business Yes - Unknown # 0

We value the relationship with you and we look forward to serving your future needs. Regrettably, we must inform you that between May 6th and May 10th 2012, unauthorized access by an unknown third party concerning customers' personal information associated with pending and recently shipped orders occurred. This personal information included your name, address, email address, phone number, ECS account password, debit or credit card number, credit or debit card expiration date, and debit or credit card security code or access code. We have taken prompt action to secure the system to prevent any further compromises.

Attribution 1 Publication: VT AG's office / CA AG's office Author: Date Published: Article Title: ECS Tuning Inc. Article URL: http://www.atg.state.vt.us/issues/consumer-protection/privacy-and-Data-Security/Vermont-Security-Breaches.php

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120601-04 Altrec, Inc. OR Electronic Business Yes - Unknown # 0

On May 7, 2012, Altrec, Inc. (“Altrec”) discovered a potential information security incident involving personal information related to the American Express credit card you used while shopping at altrec.com (“Website”). We deeply value our relationship with you and the trust you place in us, and we have promptly addressed certain information vulnerabilities in our system. We sincerely apologize for any inconvenience or concern this may cause you. As a precaution we are writing to notify you and cal your attention to some steps you may take to help protect yourself.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Altrec, Inc. Article URL: https://oag.ca.gov/system/files/Altrec%20CA%20Notice%20Letter%20Sample_0.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120601-03 American Pharmacist DC Electronic Medical/Healthcare Yes - Unknown # 0 Association Anonymous hacktivists break into the American Pharmacist Association Site(Pharmacist.com) as a form of protest against the United States government.

Attribution 1 Publication: E Hacking News / datalossdb.org Author: Date Published: Article Title: Anonymous hackers breached American Pharmacist Association Site(Pharmacist.com) Article URL: http://www.ehackingnews.com/2012/05/anonymous-hackers-breached-american.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120601-02 Penn Station, Inc. PA Electronic Business Yes - Unknown # 0

Penn Station, Inc. and some of its franchisees have announced that they have learned of unauthorized access to credit and debit card information in certain franchisee-owned Penn Station East Coast Subs restaurants. Less than 20 percent of Penn Station’s more than 235 restaurants have been identified as potentially affected to date.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Penn Station Inc. website / databreache Author: Date Published: Article Title: Penn Station, Inc. and its Franchisees Alert Customers of Credit/Debit Card Security Issues Article URL: http://www.databreaches.net/?p=24393

Attribution 2 Publication: BankInfoSecurity.com Author: Tracy Kitten Date Published: Article Title: Method of Attack, Which Affected 43 Sites, Is Unclear Article URL: http://www.bankinfosecurity.com/restaurant-chain-reports-card-breach-a-4826/op-1

Attribution 3 Publication: Fastcasual.com Author: Date Published: Article Title: Penn Station franchisees victims of data breach Article URL: http://www.fastcasual.com/article_print/195347/Penn-Station-franchisees-victims-of-data-breach

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120601-01 Five Guys NY Electronic Business Yes - Unknown # 0

Five Guys burger joints failed to safeguard their data, giving hackers access to the accounts of debit-card-paying customers, a bank claims in court. Trustco Bank says the hackers racked up more than $89,800 in charges on the accounts of clients who visited Five Guys restaurants in Albany, Schenectady, Warren and Saratoga counties.

Attribution 1 Publication: Courthouse News Service Author: Marlene Kennedy Date Published: Article Title: A Six-Figure Credit Breach at Five Guys Article URL: http://www.courthousenews.com/2012/06/01/47017.htm

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120529-02 Massachusetts Eye and Ear MA 3/5/2012 Electronic Medical/Healthcare Yes - Published # 3,600

On March 5, 2012, the Quincy, Massachusetts, Police Department informed Mass. Eye and Ear that they were investigating a Mass. Eye and Ear employee for inappropriately using the names, Social Security numbers and dates of birth of certain individuals, some of whom were believed to be Mass. Eye and Ear patients.

Attribution 1 Publication: Massachusetts Eye and Ear website Author: Date Published: Article Title: Mass. Eye and Ear Alerts Patients to Data Breach Article URL: http://www.masseyeandear.org/news/press_releases/recent/data_breach_2012/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120529-01 University of Nebraska NE Electronic Educational Yes - Published # 654,000

Experts are drawing closer to determining who hacked into a University of Nebraska database that contained personal data on students, alumni, parents and university employees. (Nebraska State College System - NSCS)

Attribution 1 Publication: KearneyHub.com Author: Date Published: Article Title: University of Nebraska closer to learning hacker’s identity Article URL: http://www.kearneyhub.com/news/local/university-of-nebraska-closer-to-learning-hacker-s-identity/article_2842ab60-a8

Attribution 2 Publication: The Republic Author: Date Published: Article Title: Official says experts closer to determining who hacked into University of Nebraska database Article URL: http://www.therepublic.com/view/story/3b0c199392994ca3ab1543c72b18ba8b/NE--Nebraska-Security-Breach/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120525-02 Thrift Savings Plan US Electronic Banking/Credit/Financial Yes - Published # 123,201

The personal information of roughly 123,000 federal employees -- including at least 25 members of Congress -- may have been exposed after a cyber attack last year on the Thrift Savings Plan (TSP), FOX News Channel confirmed Friday

Attribution 1 Publication: Computerworld Author: John Ribeiro Date Published: 5/28/2012 Article Title: Information of U.S. federal employees exposed Article URL: https://www.computerworld.com/s/article/9227519/Information_of_U.S._federal_employees_exposed

How is this report produced? What are the rules? See last page of report for details.

Attribution 2 Publication: Stars and Stripes Author: Eric Yoder Date Published: 5/26/2012 Article Title: Hackers access federal workers personal data Article URL: http://www.stripes.com/news/us/hackers-access-federal-workers-personal-data-1.178617

Attribution 3 Publication: Fox Business Author: Date Published: Article Title: Cyber Attack Exposes Personal Data of Federal Employees Article URL: http://www.foxbusiness.com/government/2012/05/25/cyber-attack-exposes-personal-data-federal-employees/

Attribution 4 Publication: Author: Date Published: Article Title: Article URL:

Attribution 5 Publication: Author: Date Published: Article Title: Article URL:

Attribution 6 Publication: Author: Date Published: Article Title: Article URL:

Attribution 7 Publication: Author: Date Published: Article Title: Article URL:

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120525-01 Children's Hospital - Boston MA Electronic Medical/Healthcare Yes - Published # 2,100

The personal information of more than 2,100 Boston Children's Hospital patients has been jeopardized after a hospital employee lost a laptop containing unencrypted health data while at a conference in Buenos Aires, the Boston Globe reported. The data included names, birth dates, diagnoses and treatment information but no financial data or Social Security numbers.

Attribution 1 Publication: Fierce Health Care Author: Alicia Caramenico Date Published: Article Title: Stolen laptop risks data of 2,100 Boston Children's patients Article URL: http://www.fiercehealthcare.com/story/stolen-laptop-risks-data-2100-boston-childrens-patients/2012-05-25

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120521-04 Our Lady of the Lake LA 3/16/2012 Electronic Medical/Healthcare Yes - Published # 17,339 Regional Medical Center Our Lady of the Lake Regional Medical Center has determined that a laptop computer containing limited health information for former Intensive Care Unit patients was discovered to be missing from a local physician office sometime between March 16 and 20, 2012. An extensive search was initiated as soon as the incident was discovered. Investigation of the incident continues and we have reported this occurrence to law enforcement. We will continue to share updated information. We are sorry this incident occurred and assure our patients and the community that we are committed to protecting patients' personal information.

Attribution 1 Publication: Our Lady of the Lake Website / HHS.go Author: Date Published: Article Title: Our Lady of the Lake Regional Medical Center Article URL: http://www.ololrmc.com/body.cfm?id=778&action=detail&ref=1915

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120521-03 University of Connecticut CT Electronic Educational Yes - Unknown # 0

Please accept this letter as notification of a data breach that occurred when an employee at the University of Connecticut inadvertently responded to a phishing email during the week of April 16, 2012. In doing so, the University employee provided access to a file that contained payroll-related information for individuals who were employed with the University's Dining Services department during 2011.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: University of Connecticut Article URL: http://doj.nh.gov/consumer/security-breaches/documents/university-of-connecticut-20120508.pdf

How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120521-02 L-3 Communications CA Electronic Business Yes - Unknown # 0 Corporation On or about April 16, 2012, we learned that a thumb drive containing information about a small number of Company employees, former employees and/or applicants was misplaced from the workstation of one of the Company's employees. Unfortunately, the drive had on it several files, which, we believe may have contained certain personal informationm, including names and SSNs.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: L-3 Communications Corporation Article URL: http://doj.nh.gov/consumer/security-breaches/documents/l-3-communications-20120515.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120521-01 Bimbo Bakeries USA PA 4/14/2012 Electronic Business Yes - Unknown # 0

I am writing to notify you that a computer assigned to one of our associates was stoled from the trunk of his car. After investigating the incident, we believe the computer contained a spreadsheet whose content included personal information including the names and SSNs of current or former associates.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Bimbo Bakeries USA Article URL: http://doj.nh.gov/consumer/security-breaches/documents/bimbo-bakeries-20120502.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120514-02 Warren County Department IA Paper Data Government/Military Yes - Published # 3,000 of Human Services Some 3,000 Warren County residents were notified Friday that their personal information may have been scattered by the wind in the aftermath of a December fire at a human services office.

Attribution 1 Publication: Des Moines Register Author: Date Published: Article Title: Warren-County-residents-warned-records-breach Article URL: http://www.desmoinesregister.com/article/20120512/NEWS/305120035/-1/JUICE07/Warren-County-residents-warned-rec

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120514-01 California Department of CA Electronic Government/Military Yes - Published # 701,000 Social Services - In-Home On Friday, state officials said that personal information about more than 700,000 individuals who provide or receive home care under California's In-Home Supportive Services program might have been compromised while being transported in the mail, the Los Angeles Times reports (Megerian, Los Angeles Times, 5/12).

Attribution 1 Publication: California HealthLine Author: Date Published: Article Title: Personal IHSS Data Missing From Mailed Shipment, Officials Say Article URL: http://www.californiahealthline.org/articles/2012/5/14/personal-ihss-data-missing-from-mailed-shipment-officials-say.as

Attribution 2 Publication: Healthcareinfosecurity.com Author: Jeffrey Roman Date Published: Article Title: 700,000 Affected in Home Care Breach Article URL: http://www.healthcareinfosecurity.com/700000-affected-in-home-care-breach-a-4765?rf=2012-05-16-eh&elq=db0b371928

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120511-03 York County SC Electronic Government/Military Yes - Published # 16,981

York County Government officials today announced they have detected possible intrusion into a web application server.

Attribution 1 Publication: York County Website Author: Date Published: Article Title: York County Article URL: http://www.yorkcountygov.com/Departments/DepartmentsFP/MIS/Notification.aspx

Attribution 2 Publication: Charlotte Observer Author: Jamie Self Date Published: Article Title: Security Breach on York county web server Article URL: http://www.charlotteobserver.com/2012/05/14/3239381/security-breach-on-york-county.html

The University of Maine said a computer server has been breached by hackers, potentially exposing personal information of people who made purchases through campus-based computer stores at UMaine and the University of Arkansas.

Attribution 1 Publication: WMTW.com News 8 Author: Date Published: Article Title: University of Arkansas Article URL: http://www.wmtw.com/UMaine-has-security-breach/-/8792672/13067796/-/11yy6oiz/-/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120511-01 University of Maine ME Electronic Educational Yes - Published # 1,610

Attribution 1 Publication: Bangor Daily News Author: Nick McCrea Date Published: Article Title: University of Maine server hacked, data may have been stolen Article URL: http://bangordailynews.com/2012/05/10/education/university-of-maine-server-hacked-data-may-have-been-stolen/

Attribution 2 Publication: WMTW.com News 8 Author: Date Published: Article Title: UMaine has security breach Article URL: http://www.wmtw.com/UMaine-has-security-breach/-/8792672/13067796/-/11yy6oiz/-/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120509-01 Twitter US Electronic Business Yes - Unknown # 0

A massive breach has led to more than 55,000 Twitter accounts being published on the Web. But it appears the hackers may have targeted spammers over ordinary users.

Twitter is investigating after 55,000 account details — including username and password combinations — were published online.

Attribution 1 Publication: ZDNet Author: Date Published: Article Title: Hackers target Twitter spammers in massive account data breach Article URL: http://www.zdnet.com/blog/btl/hackers-target-twitter-spammers-in-massive-account-data-breach/76482

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120508-05 Office of the Texas Attorney TX Electronic Government/Military Yes - Unknown # 0 General A legal brief filed by opponents of the Texas Voter Photo ID law reveals that Attorney General Greg Abbott exposed millions of Texas voters’ full Social Security numbers to possible theft and abuse.

Attribution 1 Publication: Lone Star Project Author: Date Published: Article Title: Abbott Exposes Millions of Texans’ Social Security Numbers Article URL: http://www.lonestarproject.net/Permalink/2012-04-25.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120508-03 IntraCare North Hospital TX Electronic Medical/Healthcare Yes - Published # 741

A hospital in northwest Harris County is warning 741 patients that their personal health information was compromised by a former employee.

Attribution 1 Publication: My Fox Houston Author: John Perera Date Published: Article Title: Ex-Hospital Employee Blamed in Security Breach Article URL: http://www.myfoxhouston.com/dpp/news/local/120508-ex-hospital-employee-blamed-in-security-breach

Claire's recently discovered that a CD-ROM disk with IRS W-2 information for a number of Claire's employees is missing.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Claire's Stores Article URL: http://doj.nh.gov/consumer/security-breaches/documents/claires-20120426.pdf

Attribution 2 Publication: NH AG's office Author: Date Published: Article Title: Claire's Stores Article URL: http://doj.nh.gov/consumer/security-breaches/documents/claires-20120426.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120508-01 First Data Corporation GA Electronic Business Yes - Unknown # 0

We are writing to inform you of a recent administrative oversight involving the personal information of approximately 15,399 California residents. On April 25, 2012, the Privacy Office at First Data Corporation (“First Data”) learned that certain limited personal information about approximately 108,500 merchants who currently process with First Data or who applied for processing services had been shared outside of the company.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: First Data Corporation Article URL: https://oag.ca.gov/system/files/Letter%20to%20CA%20AG_1.pdf?

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120504-02 Department of Children and FL Electronic Government/Military Yes - Published # 100,000 Families The Department of Children and Families sent out letters to 100,000 child care workers statewide about a possible breach in security.

Attribution 1 Publication: WFTV.com Author: Date Published: Article Title: DCF warns child care workers of possible computer security breach Article URL: http://www.wftv.com/news/news/local/dcf-warns-child-care-workers-possible-computer-sec/nNPrz/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120504-01 Incorporating Services, Ltd. TX 4/2/2012 Electronic Business Yes - Unknown # 0

The privacy and confidentiality of our clients' personal information is of the utmost importance to Incorporating Services, Ltd. ("ISL"). Regrettably, we write to inform you of an incident related to some of your personal information provided to us in connection with our services. On April 2, 2012, our internet hosting vendor informed us that one of our servers was compromised by a maiware attack. We recently completed an extensive investigation of this incident in order to determine the scope of the attack and the individuals potentially affected.

Attribution 1 Publication: CA AG's office / NH AG's office Author: Date Published: Article Title: Incorporating Services, Ltd. Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-23127

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120503-01 Volunteer State Community TN Electronic Educational Yes - Published # 14,000 College About 14,000 students, former students and faculty at Volunteer State Community College in Gallatin had personal information placed on a web server that was not secure.

Attribution 1 Publication: The Tennessean Author: Jeff Goldman Date Published: Article Title: Vol State: Personal information found vulnerable for 14,000 students, faculty Article URL: http://www.tennessean.com/article/20120430/NEWS01/120430010/Vol-State-Personal-information-found-vulnerable-for-

The 82nd Medical Group at Sheppard Air Force Base has determined that 721 patients at the Sheppard Air Force Base clinic may have had their privacy breached after a man returned several medical documents dating from 2003 until 2007 to the base last week.

Attribution 1 Publication: TimesRecordNews Author: Date Published: Article Title: Medical records breach possible Article URL: http://www.timesrecordnews.com/news/2012/apr/25/medical-records-breach-possible/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120501-07 Oregon State Hospital OR Paper Data Medical/Healthcare Yes - Published # 618

Printed documents containing protected patient information stolen from chief of psychiatry's car

Attribution 1 Publication: datalossdb.org Author: Date Published: Article Title: Oregon State Hospital Article URL: http://datalossdb.org/incidents/6335-printed-documents-containing-protected-patient-information-stolen-from-chief-of-

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120501-06 University of Alabama AL Electronic Educational Yes - Unknown # 0

Personal information of some former students -- including Social Security numbers and some academic records exposed on the Internet

Attribution 1 Publication: datalossdb.org Author: Date Published: Article Title: University of Alabama Article URL: http://datalossdb.org/incidents/6364-personal-information-of-some-former-students-including-social-security-numbers-

Attribution 2 Publication: UAB Website Author: Date Published: Article Title: University of Alabama Article URL: http://media.al.com/spotnews/other/UAB%20Student%20Info%20Leak.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120501-05 North East School of the Arts TX Electronic Educational Yes - Published # 1,253

External hard drive containing sensitive information and Social Security numbers from more than 1,200 student applicants was stolen from a teacher's car

Attribution 1 Publication: datalossdb.org Author: Date Published: Article Title: North East School of the Arts Article URL: http://datalossdb.org/incidents/6368-external-hard-drive-containing-sensitive-information-and-social-security-numbers-

Attribution 2 Publication: KENS5 San Antonio Author: Date Published: Article Title: NESA: 1,200 sensitive letters stolen during car burglary . Article URL: http://www.kens5.com/news/NESA-1200-sensative-letters-stolen-during-car-burglary-149099275.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120501-04 Minnesota Department of MN Electronic Government/Military Yes - Published # 3,700 Public Safety Driver and SUMMARY Personal information of 3,700 Minnesota drivers leaked when employee gave login to friend who worked for car repossession firm

Attribution 1 Publication: datalossdb.org Author: Date Published: Article Title: Minnesota Department of Public Safety Driver and Vehicle Services Article URL: http://datalossdb.org/incidents/6373-personal-information-of-3-700-minnesota-drivers-leaked-when-employee-gave-logi

How is this report produced? What are the rules? See last page of report for details.

Attribution 2 Publication: KARE 11 Author: Date Published: Article Title: Personal information of 3,700 Minnesota drivers leaked Article URL: http://www.kare11.com/news/article/974638/391/Personal-information-of-3700-Minnesota-drivers-leaked

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120501-03 Columbia University NY 4/16/2012 Electronic Educational Yes - Published # 3,500

A Columbia University Information Technology programmer inadvertently and erroneously saved a file on a University web server that could be accessed from outside Columbia. Unfortunately, that file contained personal information of some individuals who received direct deposit reimbursement from Columbia.

Attribution 1 Publication: NH AG's website Author: Date Published: Article Title: Columbia University Article URL: http://doj.nh.gov/consumer/security-breaches/documents/columbia-university-20120423.pdf

Attribution 2 Publication: CUIT website Author: Date Published: Article Title: Columbia University Article URL: http://cuit.columbia.edu/FAQ-4-21-2012

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120501-02 Accurate Accounting and Tax CA Paper Data Business Yes - Unknown # 0 Service Canvas bag full of payroll files found in yard behind firm's business

Attribution 1 Publication: High Desert Daily Press Author: Beatriz E Valenzuela Date Published: Article Title: Tossed tax files found Article URL: http://www.vvdailypress.com/news/tossed-34195-files-hesperia.html

Attribution 2 Publication: datalossdb.org Author: Beatriz E. Valenzuela Date Published: Article Title: Accurate Accounting and Tax Service Article URL: http://datalossdb.org/incidents/6390-canvas-bag-full-of-payroll-files-found-in-yard-behind-firm-s-business

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120501-01 Choice Hotels International MD 12/25/2011 Paper Data Business Yes - Unknown # 0

SUMMARY Information that should have been encrypted was not for some guests' reservations info, and may have been printed on mailing envelopes sent to guests by hotels or marketing agents

Attribution 1 Publication: datalossdb.org / NH AG's office Author: Date Published: Article Title: Choice Hotels International Article URL: http://datalossdb.org/incidents/6371-information-that-should-have-been-encrypted-was-not-for-some-guests-reservatio

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120430-03 Massachusetts Mutual Life MA Electronic Business Yes - Unknown # 0 Insurance Company MassMutual has an established business relationship with Fidelity to provide clearing services to our affiliated broker/dealer, MML Invest Services (MMLIS). On March 14, 2012, Fidelity informed us of an incident that involved a misdirected electronic file resulting in the personal information of MMLIS clients being disclosed to another client of Fidelity. (NATIONAL FINANCIAL SERVIVCES AND FIDELITY INVESTMENTS)

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Massachusetts Mutual Life Insurance Company Article URL: http://doj.nh.gov/consumer/security-breaches/documents/national-financial-20120413.pdf

Home Depot USA learned that one of its employees accessed certain HR information for unauthorized purposes, namely in what appear to have been failed attempts to misuse the information to obtain fraudulent credit. The information included name, contact information, SSN, driver's license number, and in some instances, financial account information.

Attribution 1 Publication: NH AG's Office Author: Date Published: Article Title: Home Depot Article URL: http://doj.nh.gov/consumer/security-breaches/documents/home-depot-20120416.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120430-01 Cisco Systems, Inc. CA 3/28/2012 Electronic Business Yes - Unknown # 0

On March 28, 2012 Cisco Systems, Inc. was informed that certain personal information of a limited number of current and former Cisco employees, as as some parties associated with recent Cisco acquisitions may have been compromised. A laptop belonging to one of Cisco's service providers, Ernst & Young LLP, was stolen from an EY employee's home on 3/26/2012. The laptop contained personal information including names, addresses, SSNs and in some cases, stock administration information.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Cisco Systems, Inc. Article URL: http://doj.nh.gov/consumer/security-breaches/documents/cisco-20120409.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120427-01 Texas Attorney General's TX Electronic Government/Military None - Encrypted Data 0 Office The office of Texas Attorney General Greg Abbott earlier in April unintentionally revealed the Social Security numbers of millions of state voters to opposing lawyers in a voter ID case. The Social Security numbers were never made public.

Attribution 1 Publication: GovInfoSecurity.com Author: Date Published: Article Title: Millions of SSNs Exposed by Texas AG Article URL: http://www.govinfosecurity.com/articles.php?art_id=4712&rf=2012-04-27-eg&elq=9d292e7ac8714fb39825f5f5c878b2d8&

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120424-07 University of Houston TX Electronic Medical/Healthcare Yes - Unknown # 0 College of Optometry On February 23, 2012, staff at La Nueva Casa de Amigos Eye Clinic, an affiliated clinic of the University of Houston College of Optometry, became aware that a clinic computer had been wrongfully accessed and information in the Clinic’s patient records database had been deleted. The patient records were from January 2006 to February 23, 2012, and contained health information, contact information and other personal information, but did not include social security, credit card or driver’s license numbers.

Attribution 1 Publication: phiprivacy.net Author: Date Published: Article Title: University of Houston College of Optometry Clinic Posts Breach Alert Article URL: http://www.phiprivacy.net/?p=9322

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120424-06 Office of Dr. Gloria Traje- CA Electronic Medical/Healthcare Yes - Unknown # 0 Quitoriano A Fresno doctor is offering a $500 reward for the safe return of a stolen computer.

Attribution 1 Publication: KMPH Fox 26 / datalossdb.org Author: Erik Rosales Date Published: Article Title: Doctor's Computer Stolen; Patients Alerted Article URL: http://www.kmph.com/story/17647629/doctors-computer-stolen-patients-alerted

We are contacting you about a recent burglary in our office that may result in an identity theft problem. The theft involved computer equipment that contained patient insurance information that may be compromised. We are actively working with the Riverside Police Department to fasciliate their investigation and to resolve this incident as soon as possible.

Attribution 1 Publication: phiprivacy.net Author: Date Published: Article Title: Perry Dental Article URL: http://www.phiprivacy.net/?paged=2

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120424-04 Office of Dr. Rex Smith OR Electronic Medical/Healthcare Yes - Unknown # 0

Patients of a Eugene medical clinic are worried about protecting their identities after a security breach.

Attribution 1 Publication: KVAL / PHIprivacy.net Author: Ty Steele Date Published: Article Title: Stolen computer jeopardizes medical records Article URL: http://www.phiprivacy.net/?p=9295

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120424-03 Bullmarket.com (Indie US Electronic Business Yes - Unknown # 0 Research LLC) Bullmarket.com has recently learned that certain electronically-stored information has been accessed by unapproved third-parties. Our investigation to-date reveals that as a result, certain users' names, credit card information, email addresses, billing addresses, and/or login information were likely compromised.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Bullmarket.com Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-23040

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120424-02 Kelly Services MI 12/11/2012 Electronic Business Yes - Unknown # 0

On December 11, 2011 Kelly Services received notification that a former employee had improperly, and against company policies, retained information related to Kelly Services temporary employees. The PI included full names and Social Security numbers.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Kelly Services Article URL: http://doj.nh.gov/consumer/security-breaches/documents/kelly-20120309.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120424-01 Thomas Jefferson University PA Paper Data Medical/Healthcare Yes - Published # 600 Hospitals Thomas Jefferson University Hospitals (TJUH) has notified approximately 600 patients that there was a theft of radiology registration documents containing personal information for services provided between February 4 and March 22, 2005. Affected patients have been sent a letter detailing the extensive identity protection resources being made available to them.

Attribution 1 Publication: Jefferson University Hospitals website Author: Date Published: Article Title: Thomas Jefferson University Hospitals Notify Patients of Security Breach, Affected Patients Offered Extensive Identity Protectio Article URL: http://www.jeffersonhospital.org/Home/News/2012/April/thomas-jefferson-university-hospitals-notify-patients-of-securit

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120423-02 Under Armour OH 4/12/2012 Electronic Business Yes - Unknown # 0

The names, Social Security numbers and salary information of an unknown number of Under Armour employees might have been exposed when a thumb drive containing payroll information was lost in the U.S. mail, according to a published report in Ohio.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Baltimore Sun Author: Date Published: Article Title: Newspaper report: Under Armour payroll data lost in mail Article URL: http://www.baltimoresun.com/news/breaking/bs-md-underarmour-20120422,0,4880808.story

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120423-01 University of Arkansas for AR Electronic Medical/Healthcare Yes - (Password) Publish 7,121 Medical Sciences A physician at the University of Arkansas for Medical Sciences sent financial data to an outside individual for analysis, resulting in a breach of protected health information affecting about 7,000 patients.

Attribution 1 Publication: Health Data Management Author: Joeseph Goedert Date Published: Article Title: Toll of Breach at U-Arkansas at 7,000 Article URL: http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-ocr-44348-1.html?ET=healthda

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120420-01 South Carolina Dept. of SC 4/10/2012 Electronic Medical/Healthcare Yes - Published # 228,435 Health & Human Services The South Carolina Department of Health and Human Services is notifying 228,435 Medicaid beneficiaries following a major breach of protected health information.

Attribution 1 Publication: Health Data Management Author: Joseph Goedert Date Published: Article Title: Big Medicaid Data Breach in South Carolina Article URL: http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-ocr-44343-1.html?ET=healthda

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120419-01 Emory Healthcare, Inc. GA Electronic Medical/Healthcare Yes - Published # 315,000

Emory Healthcare Inc. on Wednesday announced it lost 10 computer disks containing information, including patient Social Security numbers, about 315,000 surgical patients.

Attribution 1 Publication: Healthcare Info Security Author: Howard Anderson Date Published: 6/12/2012 Article Title: Emory Faces Breach Lawsuit Article URL: http://www.healthcareinfosecurity.com/emory-faces-breach-lawsuit-a-4848?rf=2012-06-12-eh&elq=6690c9cb2ccd434785

Attribution 2 Publication: Atlanta Business Chronicle - CA AG's of Author: Urvaksh Karkaria Date Published: Article Title: Data loss at Emory Healthcare exposes 315K patients Article URL: http://www.bizjournals.com/atlanta/news/2012/04/18/data-loss-at-emory-healthcare-exposes.html?s=print

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120418-06 North Shore-Long Island NY Electronic Medical/Healthcare Yes - Published # 1,000 Jewish Health System North Shore-Long Island Jewish Health System in Great Neck, N.Y., has announced an identity theft ring victimized approximately 100 patients from North Shore University Hospital in Manhasset, N.Y.

According to authorities, the identify theft ring may have affected nearly 1,000 people throughout the Northeast. North Shore-LIJ is cooperating with the New York State Police and the Nassau County District Attorney's Office to investigate the theft ring.

Letters have been sent to all patients identified as victims.

Attribution 1 Publication: Becker's Hospital Review Author: Kathleen Roney Date Published: Article Title: 100 North Shore–LIJ Patients Victimized by Identity Theft Ring Article URL: http://www.beckershospitalreview.com/healthcare-information-technology/100-north-shorelij-patients-victimized-by-ide

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120418-05 X-Rite GA Electronic Business Yes - Unknown # 0

X-Rite learned that one of its database servers was attacked by a malicious third party. This server contained personal information including the name, contact information and credit card information of a number of X-Rite's customers who made purchases on X-Rites pantone.com website, including some customers who were residents of California.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: X-Rite Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-22965

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120418-04 Associated Surveyors OK Paper Data Business Yes - Unknown # 0

Cartons of financial and tax documents found in an abandoned storage unit

Attribution 1 Publication: datalossDB.org Author: Date Published: Article Title: Associated Surveyors Article URL: http://datalossdb.org/incidents/6289-cartons-of-financial-and-tax-documents-found-in-an-abandoned-storage-unit

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120418-03 Ruby's Diner PA 12/1/2011 Electronic Business Yes - Unknown # 0

Malware inserted on system exfiltrated customers' credit and debit card numbers

Attribution 1 Publication: datalossdb.org Author: Date Published: Article Title: Ruby's Diner Article URL: http://datalossdb.org/incidents/6292-malware-inserted-on-system-exfiltrated-customers-credit-and-debit-card-numbers

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120418-02 Washington University IL Electronic Educational Yes - Unknown # 0

Discovered that a University employee was copying electronic files onto an external hard drive. While the employee was authorized to see the data in these files, he was not authorized to copy files on an external hard drive that he brought into the office. The information on the hard drive included names, SSNs, addresses and dates of birth.

Attribution 1 Publication: NH AG's Office Author: Date Published: Article Title: Washington University in St. Louis Article URL: http://doj.nh.gov/consumer/security-breaches/documents/washington-university-20120315.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120418-01 WorldPass CA 3/5/2012 Electronic Business Yes - Unknown # 0

Victim of cyber-attacks by someone who gained unauthorized access to parts of our internal network and data systems. The database unlawfully accessed, in part, contained client booking information including user name, email addresses, billing addresses and payment information.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: WorldPass Article URL: http://doj.nh.gov/consumer/security-breaches/documents/worldpass-20120327.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120417-10 Case Western Reserve OH Electronic Educational Yes - Published # 600 University Earlier today, a breach report was submitted to DataLossDB.org involving Case Western Reserve University in Ohio. The April 4th notice, submitted by one of those affected, indicated that 600 people had names and Social Security numbers on two laptops that had been stolen.

Attribution 1 Publication: databreaches.net Author: Date Published: Article Title: Case Western Reserve notifies 600 alumni of data breach involving Social Security numbers Article URL: http://www.databreaches.net/?p=23942

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120417-09 SiriusXM Radio (Stream) DC 3/19/2012 Electronic Business Yes - Published # 234

Call center employees suspended after they were caught recording customers' credit card numbers via prohibited means

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: SiriusXM Radio Article URL: http://doj.nh.gov/consumer/security-breaches/documents/sirius-xm-radio-20120406.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120417-08 Sailboat Owners, Inc. WA 3/22/2012 Electronic Business Yes - Published # 2,485

Investigation indicated that an attack from Hanoi, Vietname uploaded malware to the e-commerce webserver and that database tables containing unencrypted cardholder data were accessed. The intrusion did not affect a much larger database in which encrypted records are stored.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Sailboat Owners, Inc. Article URL: http://doj.nh.gov/consumer/security-breaches/documents/sailboat-owners-20120320.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120417-07 StandardAero AZ Electronic Business Yes - Unknown # 0

SUMMARY Stolen computer contained customers' registration forms for events, which included their credit card numbers

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: StandardAero Article URL: http://doj.nh.gov/consumer/security-breaches/documents/standardaero-20120403.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120417-06 Suddenlink Communications MO Electronic Business Yes - Unknown # 0

Firm notified by law enforcement that former employee had obtained and had been misusing information on those employed in May - July 2006

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Suddenlink Communications Article URL: http://doj.nh.gov/consumer/security-breaches/documents/suddenlink-20120323.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120417-05 reuseit.com IL Electronic Business Yes - Published # 1,000

1,000 customers may have had their login, password, and credit card number acquired by hack of e-commerce site

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: reuseit.com Article URL: http://doj.nh.gov/consumer/security-breaches/documents/reuseit-20120329.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120417-04 Ocean Reef Community - FL Electronic Business Yes - Unknown # 0 Forte Interactive On January 30, 2012 a software development consultant working for the Ocean Reef Community was running security checks on confidential community databases being used by Ocean Reef's software vendor, Forte Interactive. Our consultant discovered that the data on the vendor's server did not have the proper protection and was exposed on the Internet. The information contained on the server included names, DOBs, SSNs and driver's license numbers of some of our members and employees.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Ocean Reef Community - Forte Interactive Article URL: http://doj.nh.gov/consumer/security-breaches/documents/ocean-reef-20120314.pdf

How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120417-03 Children's Services Council - FL Electronic Business Yes - Unknown # 0 Forte Interactive Children's Services Council of Palm Beach County "CSC" discovered that information Forte inadvertently copied from the web portal while performing a system upgrade had become publicly accessible through the Internet and the Google search engine.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Children's Services Council - Forte Interactive Article URL: http://doj.nh.gov/consumer/security-breaches/documents/forte-20120314.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120417-02 Dartmouth College NH Electronic Educational Yes - Unknown # 0

A Dartmouth laptop, belonging a member of the coaching staff of the women's soccer team, was stolen on February 18, 2012. The laptop was located in the coach's locked vehicle which was parked in a location in Montreal, Canada and subsequently broken into. The laptop was password protected pursuant to Dartmouth privacy policies. The stolen laptop stored information related to financial aid applications that included a tax return and T-1form, which contained personal informaiton, including full names and Social Security/Social insurance numbers.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Dartmouth College Article URL: http://doj.nh.gov/consumer/security-breaches/documents/dartmouth-20120314.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120417-01 BJ's Warehouse MA Electronic Business Yes - Unknown # 0

Members' names, addresses, membership numbers, and Social Security number or driver's license number were accessed by someone who created false profiles for fraudulent purchases

Attribution 1 Publication: NH AG's office / Datalossdb.org Author: Date Published: Article Title: BJ's Warehouse Article URL: http://doj.nh.gov/consumer/security-breaches/documents/bjs-20120402.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120416-02 Texas A&M TX Electronic Educational Yes - Published # 4,000

Texas A&M's registrar's office spent Friday preparing letters to notify thousands of alumni that their personal information, including Social Security numbers, was inadvertently made public.

Attribution 1 Publication: chron.com Author: Vimal Patel Date Published: Article Title: Texas A&M: Thousands affected in data breach Article URL: http://www.chron.com/news/houston-texas/article/Texas-A-M-Thousands-affected-in-data-breach-3482116.php

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120416-01 Memorial Healthcare System FL 1/27/2012 Electronic Medical/Healthcare Yes - Published # 9,500

Memorial Healthcare System in Hollywood, Fla., is notifying about 9,500 patients that two fired employees may have inappropriately accessed their personal information with the intent to process fraudulent tax returns.

Attribution 1 Publication: Healthcare Info Security / NH AG's offic Author: Date Published: Article Title: 9,500 Notified of Potential ID Theft Article URL: http://www.healthcareinfosecurity.com/articles.php?art_id=4677&rf=2012-04-16-eh&elq=ec73e42c177041b6b30b5b7faec

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120413-02 Housatonic Community CT Electronic Educational Yes - Published # 87,667 College Housatonic Community College posted notice on its website that two computers had been infected by malware which may have exposed identities of 87,000 members of the campus community. The college’s president said someone at the school opened an email that carried a virus.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: CBS Connecticut - WTIC Author: Date Published: Article Title: Data Breach At Community College Article URL: http://connecticut.cbslocal.com/2012/04/12/data-breach-at-community-college/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120413-01 Desmond Hotel NY Electronic Business Yes - Unknown # 0

COLONIE — The Desmond hotel says a "serious data security breach" compromised guests' credit card information spanning 10 months between May 2011 and last month.

Attribution 1 Publication: Author: Jordan Carleo-Evang Date Published: Article Title: Desmond reports serious credit card security breach Article URL: http://www.timesunion.com/local/article/Desmond-reports-serious-credit-card-security-3479978.php

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120406-03 Applegate Valley Family OR 12/1/2011 Electronic Medical/Healthcare Yes - Published # 2,300 Medicine Stolen laptop contained 2,300 patients' information

Attribution 1 Publication: datalossdb.org Author: Date Published: Article Title: Applegate Valley Family Medicine Article URL: http://datalossdb.org/incidents/5997-stolen-laptop-contained-2-300-patients-information

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120406-02 Massachusetts Registry of MA Paper Data Government/Military Yes - Unknown # 0 Motor Vehicles Thieves stole bags of documents containing registration transactions, duplicate titles, crash reports, citation payments, rebate requests and municipal parking and excise releases from state courier truck

Attribution 1 Publication: datalossdb.org Author: Date Published: Article Title: Massachusetts Registry of Motor Vehicles Article URL: http://datalossdb.org/incidents/6043-thieves-stole-bags-of-documents-containing-registration-transactions-duplicate-tit

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120406-01 Union Bank CA 1/31/2012 Electronic Banking/Credit/Financial Yes - Unknown # 0

On February 15, 2012, Union Bank® discovered that a former contractor kept proprietary bank data in his possession upon his departure from the Bank on January 31, 2012. This data contained some of your customer information such as your name, account number, home address, phone number, and email address.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Union Bank Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-22924

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120405-02 State Farm Insurance CA Electronic Business Yes - Unknown # 0 Companies This incident involved an employee who formerly worked in my office. While employed, and contrary to the business practices of my office, the employee allegedly used customer information inappropriately. This information may have included names, addresses, credit card numbers and social security numbers. We have been unable to confirm which customers’ information was allegedly misused by this person.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: State Farm Insurance Companies Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-22878

How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120405-01 Utah Department of UT Electronic Medical/Healthcare Yes - Published # 780,000 Technology Services The state’s Department of Technology Services notified DOH the evening of April 2 of the breach of a server on March 30 that houses Medicaid claims. “DTS had recently moved the claims records to a new server, and hackers believed to be operating out of Eastern Europe were able to circumvent the server’s multi-layered security system,” according to a DOH statement.

Attribution 1 Publication: eweek.com Author: Date Published: Article Title: Utah Health Care Data Breach Exposed About 780,000 Patient Files Article URL: http://www.eweek.com/c/a/Health-Care-IT/Utah-Health-Care-Data-Breach-Exposed-About-780000-Patient-Files-189084/

Attribution 2 Publication: Health Data Management Author: Date Published: Article Title: Utah Medicaid Hacked Article URL: http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-ocr-44295-1.html?ET=healthda

Attribution 3 Publication: The Salt Lake Tribune Author: Patty Henetz Date Published: Article Title: Official: Utah Medicaid data breach caused by ‘a mistake’ Article URL: http://www.sltrib.com/sltrib/news/53862397-78/security-medicaid-department-health.html.csp

Attribution 4 Publication: Deseret News Author: Wendy Leonard Date Published: Article Title: Medicaid data breach widens to include more than 181K individuals, 25K Social Security numbers Article URL: http://www.deseretnews.com/article/865553611/Medicaid-data-breach-widens-to-include-more-than-181K-individuals-25

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120403-08 Georgia Health Sciences GA 1/18/2012 Electronic Medical/Healthcare Yes - Published # 513 University The Augusta, Ga.-based Georgia Health Sciences University has announced a breach in its research medical school that affects 513 patients. The breach occurred when there was a theft of a laptop computer that may have contained some of the patients’ personal information.

Attribution 1 Publication: Healthcare Informatics Author: Date Published: Article Title: Georgia Health Sciences University Reports Data Breach Article URL: http://www.healthcare-informatics.com/news-item/georgia-health-sciences-university-reports-data-breach

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120403-07 Public Broadcasting System US Electronic Business Yes - Unknown # 0

1,598 press usernames, plain-text passwords, and email addresses + 36 admin names, usernames, e-mail addresses + passwords and 237 names, emails, passwords & usernames dumped on the Internet

Attribution 1 Publication: datalossdb.com Author: Date Published: Article Title: Public Broadcasting System Article URL: http://datalossdb.org/incidents/5968-1-598-press-usernames-plain-text-passwords-and-email-addresses-36-admin-nam

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120403-06 UnitedHealthCare MN Electronic Medical/Healthcare Yes - Unknown # 0

I am writing to let you know about a privacy issue involving some of your personal information. On January 30, 2012, UnitedHealthcare discovered employee access to information in a database that we since have learned appears to be unauthorized. We believe the unauthorized access occurred from June 28 – December 12, 2011. The information that may have been accessed includes your name, Social Security Number, telephone number, date of birth, address and Medicare Healthcare Insurance Number.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: UnitedHealthCare Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-22860

On February 2, 2012, we discovered that a storeroom window had been broken at the HealthCare Clinical Laboratory (HCCL) Patient Service Center, and that two storage boxes containing HCCL lab requisition forms were missing from the center. We were able to determine that the missing lab requisition forms related to certain laboratory services provided between December 13, 2011, and January 5, 2012, and also between January 17, 2012, and January 31, 2012. The police were notified of the break-in and resulting missing boxes and a police report has been filed. During our ongoing investigation it was determined on March 16, 2012 that your information was also missing for services received between October 24, 2011 and November 18, 2011.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: St. Joseph's Medical Center Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-22853

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120403-04 San Francisco Head Start, CA Electronic Educational Yes - Unknown # 0 SFSU We at San Francisco Head Start/Early Head Start take our responsibility to protect your personal data very seriously. For this reason, we are writing to inform you that between August and November 2011, there was a compromise of security in the San Francisco Head Start/Early Head Start database and unauthorized person(s) accessed personal information contained in this database. The personal records accessed contained names, address and contact information, birth dates, Social Security numbers, health data, and other personal information relevant to the Head Start program.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: San Francisco Head Start, SFSU Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-22854

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120403-03 Sacramento Area Fire CA Paper Data Business Yes - Unknown # 0 Fighters, Local 522 Between March 5-6, 2012, a spreadsheet containing names and contact information for active and retired Local 522 members was sent by a Local 522 employee to the Sacramento Central Labor Council ("CLC"). The spreadsheet containing this information also contained Local 522 members’ social security numbers. This spreadsheet was sent to provide mailing addresses for mailing CLC publications to Local 522 members. It is believed that CLC then forwarded some or all of this information to Capitol Mailing, Inc., who used the information to print mailing labels for the CLC’s Sacramento Valley Union Labor Bulletin,

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Sacramento Area Fire Fighters, Local 522 Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-22848

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120403-02 Opening Ceremony Online, US Electronic Business Yes - Unknown # 0 LLC Due to an inadvertent breach of security that occurred during the period from February 16, 2012 to March [__], 2012, some or all of your personal information inputted by you during your purchase from our website [______] during such period may have been acquired by an unauthorized person, including without limitation your name, address, credit card number, credit card expiration date and credit card security code. Opening Ceremony recommends that you contact your bank, your credit card companies, and the credit reporting agencies to ensure the safety of your accounts.

Attribution 1 Publication: BankInfoSecurity Author: Tracy Kitten Date Published: Article Title: Online Retailer Breached Article URL: http://www.bankinfosecurity.com/online-retailer-breached-a-4756

Attribution 2 Publication: CA AG's office Author: Date Published: Article Title: Opening Ceremony Online, LLC Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-22861

With the help of data security experts, we are currently conducting a thorough investigation of the breach, which occurred and was identified on Sunday, March 25. We are also working with law enforcement as part of this investigation. At this time, we have determined that an unauthorized third party (a "hacker") temporarily penetrated our system and, during the incursion, had access to the following personal information in your account: name, mailing address, email address, birth date, username, password, phone number, and credit card details for the following card(s) in your account:

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Manhattan Prep Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-22876

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120330-03 Howard University Hospital DC Electronic Medical/Healthcare Yes - Published # 66,601

A personal laptop of a former contractor for Howard University Hospital in Washington, D.C., was stolen and contained protected health information on 34,503 patients.

Attribution 1 Publication: phiprivacy.net / HHS Author: Date Published: Article Title: Howard University Hospital Article URL: http://www.phiprivacy.net/?cat=19&paged=2

Attribution 2 Publication: Health Data Management Author: Date Published: Article Title: Howard University Laptop Theft Affects 34,000+ Article URL: http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-ocr-44263-1.html?ET=healthda

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120330-02 California Department of CA 3/12/2012 Electronic Government/Military Yes - Published # 800,000 Child Support Services Four computer storage devices containing personal information for about 800,000 adults and children in California's child support system – including their names and Social Security numbers – were lost by IBM and Iron Mountain Inc., officials announced Thursday.

Attribution 1 Publication: Huffington Post Author: Date Published: Article Title: California Department of Child Support Services Article URL: http://www.huffingtonpost.com/2012/03/30/lost-data-cartridges_n_1390258.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120330-01 Global Payments US Electronic Business Yes - Published # 1,500,000

MasterCard is investigating a possible breach of cardholder account data involving a U.S.-based payment processor, the company said Friday.

Attribution 1 Publication: Krebs on Security / CA AG's office Author: Date Published: Article Title: Global Payments Breach Window Expands Article URL: http://krebsonsecurity.com/2012/05/global-payments-breach-window-expands/

Attribution 2 Publication: Fox News Author: Date Published: Article Title: MasterCard warns of possible security breach, Visa also reportedly affected Article URL: http://www.foxnews.com/us/2012/03/30/visa-mastercard-warn-massive-security-breach-report-says/

Attribution 3 Publication: CA AG's office Author: Date Published: Article Title: Global Payments Article URL: https://oag.ca.gov/system/files/GLOBAL_CA_0.PDF?

Attribution 4 Publication: KrebsonSecurity Author: Brian Krebs Date Published: Article Title: Global Payments Breach Window Expands Article URL: http://krebsonsecurity.com/2012/05/global-payments-breach-window-expands/

Elga Credit Union is still trying to sort out the details after someone gained access to information from hundreds of debit and credit cards.

Attribution 1 Publication: WNEM.com Author: Date Published: Article Title: Local credit union alerts members to possible security breach Article URL: http://www.wnem.com/story/17268933/local-credit-union-alert

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120327-06 Waters, Kraus & Paul CA Electronic Business Yes - Published # 178

Databases, 178 client files, settlement documents and confidential patient information, including medical records and Social Security numbers allegedly copied/stolen by employee who went to a competitor's law firm (lawsuit allegations, not confirmed)

Attribution 1 Publication: datalossdb.org Author: Date Published: Article Title: Waters, Kraus & Paul Article URL: http://datalossdb.org/incidents/5924-databases-178-client-files-settlement-documents-and-confidential-patient-informat

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120327-05 CardioNet PA 11/10/2011 Electronic Medical/Healthcare Yes - Published # 1,300

theft of laptop

Attribution 1 Publication: phiprivacy.net Author: Date Published: Article Title: CardioNet Article URL: http://www.phiprivacy.net/?s=cardionet

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120327-04 militarysingles.com US Electronic Business Yes - Unknown # 0

The hack was announced on Twitter earlier today by Operation Digiturk and a database of 163,792 names, usernames, e-mail addresses, IP addresses, and passwords has been dumped on the Internet. The tweet was accompanied by the hashtags #anonymous #antisec #infosec

Attribution 1 Publication: databreaches.net Author: Date Published: Article Title: militarysingles.com Article URL: http://www.databreaches.net/?p=23736

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120327-03 CardioNet, Inc. PA 12/29/2011 Electronic Medical/Healthcare Yes - Published # 728

theft of laptop

Attribution 1 Publication: hhs.gov Author: Date Published: Article Title: CardioNet, Inc. Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120327-02 Flex Physical Therapy WA 12/30/2011 Electronic Medical/Healthcare Yes - Published # 3,100

Computer theft - three computers stolen, one of which contained patient data

Attribution 1 Publication: phiprivacy.net Author: Date Published: Article Title: Flex Physical Therapy Article URL: http://www.phiprivacy.net/?p=9036

Desktop computer was stolen - as a result, your personal information, including name, SSN, and financial information may have been exposed. Broker-dealer for Community Memorial Health System's 403(b) and 457 plans.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: LPL - Sean Patrick Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-22542

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120326-01 Indiana Internal Medicine IN Electronic Medical/Healthcare Yes - Published # 20,000 Consultants The February 11, 2012 theft of a laptop

Attribution 1 Publication: HHS.gov via PHI Privacy Net Author: Date Published: Article Title: Indiana Internal Medicine Consultants Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120320-07 RJL Insurance Services CA Electronic Business Yes - Unknown # 0

RJL Insurance services, a consultant of [Client], recently became aware of a vulnerability in its computer network that may have resulted in the exposure of some electronic files. RJL has taken steps to secure the information and believes that it is no longer in any danger of exposure. Computer forensic experts were retained to assist in investigating the event and to provide guidance on notification obligations under state and federal laws. Their investigation has confirmed that one of RJL's servers was compromised when unauthorized electronic access was enabled. The result is that some RJL files were accessible for a period of two weeks in late September and early October.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: RJL Insurance Services Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-22449

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120320-06 IndyMac Resources Inc. CA Electronic Banking/Credit/Financial Yes - Unknown # 0

The purpose of this letter is to notify you that your personally identifiable information (PII) was recently found in a little-known location on a public web server along with data for a group of employees of the failed IndyMac Bank, F.S.B. (in receivership since July 11, 2008), and its subsidiary, IndyMac Resources, Inc.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: IndyMac Resources Inc. Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-22262

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120320-05 Kaiser Foundation Health CA Electronic Medical/Healthcare Yes - Unknown # 0 Plan The data, which was found on a non‐Kaiser Permanente external hard drive that was purchased second‐hand, included your name, Social Security Number, Date of Birth and address. None of your personal health information was involved. The most recent employee data found on the hard drive was from 2009 and we have no evidence at this point to indicate that this information has been or will be used for illegal purposes.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Kaiser Foundation Health Plan Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-22724

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120320-04 Arizona Sports Fans NJ Electronic Business Yes - Unknown # 0

8,855 e-mail addresses with password:salt and usernames dumped on the Internet

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: datalossdb.org Author: Date Published: Article Title: Arizona Sports Fans Article URL: http://datalossdb.org/incidents/5875-8-855-e-mail-addresses-with-password-salt-and-usernames-dumped-on-the-intern

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120320-03 Adult Insider Network TX Electronic Business Yes - Unknown # 0

10,704 e-mail addresses, password:salt, and usernames dumped on the Internet

Attribution 1 Publication: datalossdb.org Author: Date Published: Article Title: Adult Insider Network Article URL: http://datalossdb.org/incidents/5876-10-704-e-mail-addresses-password-salt-and-usernames-dumped-on-the-internet

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120320-02 Edmund Optics America NJ 2/26/2012 Electronic Business Yes - Unknown # 0

On Sunday, February 26, 2012 EO identified suspicious activity on its website. EO immediately shut down access to its website from the IP address generating the suspicious activity. However, during the time hackers had access to the website, customer personal information, including name and credit card information, was accessed without authorization. Per datalossdb.org = Hacker able to access customers' credit card information by exploiting vulnerability in Cold Fusion 8

Attribution 1 Publication: EO website / databreaches.net Author: Date Published: Article Title: Edmund Optics hacked; customer credit card information acquired Article URL: http://www.databreaches.net/?p=23616

Attribution 2 Publication: NH AG's office Author: Date Published: Article Title: Edmund Optics America Article URL: http://doj.nh.gov/consumer/security-breaches/documents/edmund-optics-20120313.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120320-01 Citibank, N.A. US Electronic Banking/Credit/Financial Yes - Unknown # 0

WE are writing to inform you that we believe an unauthorized third party used information illegally obtained from a source other than Citi to access information maintained by Citi.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Citibank, N.A. Article URL: http://doj.nh.gov/consumer/security-breaches/documents/citibank-20120313.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120319-02 Kennedy Space Center FL 3/5/2012 Electronic Business Yes - Published # 2,300 (NASA) Laptop stolen from employee's car contained Social Security numbers and other details of 2,300 employees and student co-ops, including names, race, national origin, gender, date of birth, contact information, college affiliation and grade-point average

Attribution 1 Publication: datalossdb.org Author: Date Published: Article Title: Kennedy Space Center (NASA) Article URL: http://datalossdb.org/incidents/5851-laptop-stolen-from-employee-s-car-contained-social-security-numbers-and-other-d

Attribution 2 Publication: Spaceref.com Author: Allard J. Beutel Date Published: Article Title: NASA KSC Response to Employee Laptop Theft Article URL: http://www.spaceref.com/news/viewsr.html?pid=40347

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120319-01 Rubio's CA Electronic Business Yes - Unknown # 0

Personal information may have been obtained by unauthorized third parties. On February 5, 2012, a CD-ROM containing a list of certain people who owned equity shares in Rubio's Restaurants, Inc. was taken offsite by a third-party vendor, BDO USA, LLP. A BDO employee removed the CD-ROM from site, where they believe it was stolen from her vehicle.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: Rubio's Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-22725

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120316-02 Medical College of Georgia GA Electronic Medical/Healthcare Yes - Published # 513

The records of more than 500 patients at Medical College of Georgia Hospital and Clinics were on a laptop stolen during a burglary this year, the school announced Thursday.

Attribution 1 Publication: Augusta Chronicle Author: Tom Corwin Date Published: Article Title: Stolen laptop had patient records from MCG Hospital clinic Article URL: http://m.chronicle.augusta.com/latest-news/2012-03-15/security-breach-513-mcg-hospital-clinic-identity-theft-risk-low-of

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120316-01 University of Tampa FL Electronic Educational Yes - Published # 36,818

Files containing the names, student ID numbers, Social Security numbers and birthdates of thousands of University of Tampa students was publicly accessible on Google after a server error, the university learned Tuesday.

Attribution 1 Publication: Tampa Bay Online.com Author: Date Published: Article Title: University of Tampa reports data breach Article URL: http://www2.tbo.com/news/breaking-news/2012/mar/16/university-of-tampa-reports-data-breach-ar-381617/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120313-06 Digital Playground CA Electronic Business Yes - Published # 40,000

A group of hackers calling themselves The Consortium is claiming to have accessed user data of over 70,000 users of the pornography website Digital Playground, according to Adult Video News.

Attribution 1 Publication: Huffington Post Tech Author: Date Published: Article Title: Digital Playground Hacked: 'The Consortium' Attacks Porn Site, Credit Card Info Allegedly Accessed Article URL: http://www.huffingtonpost.com/2012/03/12/digital-playground-hacked-manwin_n_1340285.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120313-05 Women, Infants and Children AZ Paper Data Government/Military Yes - Published # 1,000 (WIC) The women's hunt for savings recently turned up thousands of sensitive documents exposing the personal information of hundreds of Arizonans; confidential material a thief could use to steal your identity sitting at the bottom of a recycling bin.

Attribution 1 Publication: abc15.com Author: Date Published: Article Title: WIC - sensitive documents in dumpster Article URL: http://www.abc15.com/dpp/news/region_northern_az/payson/state-agency-leaves-arizonans-sensitive-documents-in-du

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120313-04 Office of Dr. David Turner OR Electronic Medical/Healthcare Yes - Published # 480

A Northwest Portland psychiatrist is putting out public notice that personal information of 480 current and former patients on a laptop was stolen from his office.

Attribution 1 Publication: phiprivacy.net Author: Date Published: Article Title: Portland psychiatrist alerting patients personal information stolen Article URL: http://www.phiprivacy.net/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120313-03 McDonald's OK Electronic Business Yes - Published # 282

Employee was part of ring that skimmed 282 customers' credit card numbers

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Datalossdb.org Author: Date Published: Article Title: McDonald's Article URL: http://datalossdb.org/incidents/5808-employee-was-part-of-ring-that-skimmed-282-customers-credit-card-numbers

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120313-02 Pacific Gas & Electric CA Paper Data Business Yes - Published # 6,000 Company 6,000 customers notified after payments box was stolen; approximately 100 may have had payments stolen

Attribution 1 Publication: Datalossdb.org Author: Date Published: Article Title: Pacific Gas & Electric Company Article URL: http://datalossdb.org/incidents/5803-6-000-customers-notified-after-payments-box-was-stolen-approximately-100-may-h

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120313-01 LifeSize TX Electronic Business Yes - Unknown # 0

We write to inform you about a theft of a computer from LifeSize that occurred on January 26, 2012. The stolen computer may have contained some of your personal information, including name, SSN, and other information LifeSize maintains in connection with employment and related business purposes.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: LifeSize Article URL: http://doj.nh.gov/consumer/security-breaches/documents/lifesize-20120309.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120306-04 Office of Jeremiah J. TX 12/31/2011 Electronic Medical/Healthcare None - Encrypted Data 0 Twomey, MD The office building and office suite of Jeremiah J. Twomey M.D., was vandalized during the weekend of December 31, 2011, at which time an external drive containing personal and confidential health information of individuals was stolen from Dr. Twomey’s office. Unauthorized use of this data is unlikely. Any individuals who believe they may have been affected by this incident are asked to please contact the response team of ID Experts at 1-877-283-6561.

Attribution 1 Publication: phiprivacy.net Author: Date Published: Article Title: Houston doctor’s office vandalized, patient data on stolen hard drive Article URL: http://www.phiprivacy.net/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120306-03 Kern Medical Center CA Paper Data Medical/Healthcare Yes - Published # 1,500

Kern Medical Center is sending out letters to 1,500 patients notifying them their medical records were stolen.

Attribution 1 Publication: KERO 23 ABC news / HHS.gov Author: Christine Dinh Date Published: Article Title: Kern Medical Center Resident Physician Loses 1,500 Patient Records Article URL: http://www.turnto23.com/news/30615023/detail.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120306-02 City of Plainfield IN Electronic Government/Military Yes - Unknown # 0

Admin usernames with plaintext passwords as well as 250 e-mail addresses of town and state employees and contacts (some with postal addresses, phone numbers and/or plaintext passwords) dumped on the Internet

Attribution 1 Publication: Datalossdb.org Author: Date Published: Article Title: City of Plainfield. Article URL: http://datalossdb.org/incidents/5789-admin-usernames-with-plaintext-passwords-as-well-as-250-e-mail-addresses-of-to

We recently learned that on 1/3/2012 someone outside of our company used our credentials to make an unauthorized $1.00 charge to a number of customer payment cards that had previously been used by customers to make an authorized purchase through one or more of our affiliated websites.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Accucom Corporation Article URL: http://doj.nh.gov/consumer/security-breaches/documents/accucom-20120222.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120302-05 Hackensack University NJ Paper Data Medical/Healthcare Yes - Published # 445 Medical Center University Medical Center officials said a former employee stole information from the records of 445 patients and the hospital has been notifying those patients they could be the victims of identity theft.

Attribution 1 Publication: NorthJersey.com Author: Mary Jo Layton Date Published: Article Title: Information stolen from records of 445 Hackensack University Medical patients Article URL: http://www.northjersey.com/news/bergen/030212_Information_stolen_from_records_of_445_Hackensack_University_M

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120302-04 Impairment Resources CA 12/31/2012 Electronic Business Yes - Unknown # 0

During the overnight hours of 12/31/11, our office was accessed illegally and electronic equipment was stolen, including computer hardware that backed up some of our computer systems. We regret to advise you that the stolen data may include some personal information associated with New Hampshire claims sent to us for services. The personal information may include the party's name, SSN, date of birth, or medical information.

Attribution 1 Publication: NH AG's office / VT AG / CA AG Author: Date Published: Article Title: Impairment Resources Article URL: http://doj.nh.gov/consumer/security-breaches/documents/impairment-resources-20120213.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120302-03 Hagerty Insurance Agency, MI Electronic Business Yes - Unknown # 0 LLC A recent change to our website may have unintentionally permitted temporary, read only access to a limited amount of New Hamshire consumers' personal information. The information potentially viewed included the consumer's name, address, driver's license number, policy number, email address, phone number and date of birth.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Hagerty Insurance Agency, LLC Article URL: http://doj.nh.gov/consumer/security-breaches/documents/hagerty-insurance-20120221.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120302-02 Cord Blood Registry MN Electronic Business Yes - Unknown # 0

Our company recently discovered that computer backup tapes containing information about approximately 600 of our customers who are residents of New Hampshire were stolen from a CBR employee's locked automobile.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Cord Blood Registry Article URL: http://doj.nh.gov/consumer/security-breaches/documents/cord-blood-registry.-20110225pdf.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120302-01 Coca-Cola Company Family GA 12/21/2011 Electronic Banking/Credit/Financial Yes - Unknown # 0 Federal Credit Union Two laptops owned by Credit Union Resources, Inc. and containing TCCCFFCU information were stolen on 12/21/2011. Credit Resources Inc. had been engaged by TCCCFFCU to perform an audit.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Coca-Cola Company Family Federal Credit Union Article URL: http://doj.nh.gov/consumer/security-breaches/documents/coca-cola-credit-union-20120222.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120228-03 Wallace Community College AL Electronic Educational Yes - Unknown # 0

The Virtual SEPO blog reports that Wallace Community College in Alabama was hacked. Included in the data dump/proof of hack were 8 usernames, e-mail addresses, and passwords and a second table with 276 usernames, passwords, and full names. The passwords appear to be MD5 and were easily cracked using an online tool.

The college was notified of the breach by this blog, who responded to the notification. Publication was delayed to give them time to secure their site.

Attribution 1 Publication: databreaches.net Author: Date Published: Article Title: Wallace Community College hacked Article URL: http://www.databreaches.net/?p=23351

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120228-02 Fun Publications US Electronic Business Yes - Unknown # 0

Fun Publications has sent out a message to all Transformers Club members this weekend notifying the members that there was indeed a security breach related to their e-commerce database.

Attribution 1 Publication: databreaches.net Author: Date Published: Article Title: Fun Publications Admits To Security Breach, Apologizes for Inconvenience Article URL: http://www.databreaches.net/?p=23453

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120228-01 City of Springfield MO Electronic Government/Military Yes - Published # 2,100

Springfield officials say the personal information of about 2,100 citizens may have been obtained by hackers when the city’s website was “compromised” Feb. 17, a Friday.

Attribution 1 Publication: KTTS 94.7.com Author: Joe Rios Date Published: Article Title: City Website Now Fully Functional After Breach Article URL: http://www.ktts.com/news/143726426.html

Attribution 2 Publication: News-Leader.com Author: Date Published: Article Title: City of Springfield Article URL: http://www.news-leader.com/article/20120228/NEWS06/302280028/springfield-city-website-hacked-data-break-citizens-i

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120227-03 Akliz, Inc. MA 12/27/2011 Electronic Business Yes - Unknown # 0

It appears that an attacker was able to gain access to one of the internal servers that hosts our billing system. That system contains information you provided when you created an account with us, such as your name, phone number, email address, user name and password. If you paid online with a credit card, your credit card information was stored on our system as well.

Attribution 1 Publication: VT AG's office Author: Date Published: Article Title: Akliz, Inc. Article URL: http://www.atg.state.vt.us/assets/files/Akliz%20Notice.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120227-02 Robley Rex VA Medical KY Electronic Medical/Healthcare Yes - Published # 1,182 Center Personal information of almost 1,200 veterans was discovered unattended last month at the Robley Rex VA Medical Center in Louisville.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: WLKY.com Author: Date Published: Article Title: Vets' Info Breached At VA Hospital Article URL: http://www.wlky.com/news/30550126/detail.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120227-01 University of Florida FL Electronic Educational Yes - Published # 719

University of Florida officials are notifying 719 individuals who were owed a check or refund by the university that their Social Security numbers were exposed on Florida’s Unclaimed Property website.

Attribution 1 Publication: UF website Author: Date Published: Article Title: UF notifies 719 individuals about privacy breach Article URL: http://news.ufl.edu/2012/02/22/privacy-breach-2/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120221-07 Doshi Diagnostic Center NY Paper Data Medical/Healthcare Yes - Unknown # 0

As some members of the ARC XVI Fort Washington Heights Senior Center made their way to the center this past Thurs., Feb. 9th for breakfast, they walked past a patch of sidewalk covered in white.

But the previous night's snowfall was not the culprit.

Instead, confidential patient records from the Doshi Diagnostic Center on 175th Street and Broadway were. Trash bags just outside the center had opened, and hundreds of documents with sensitive information printed on them had been scattered all along the sidewalk.

Attribution 1 Publication: Manhattan Times Author: Sandra E, Garcia Date Published: Article Title: Confidential patient records found in the open Article URL: http://manhattantimesnews.com/February-15-2012/the-art-of-qnexos-relationship-association-union-linkq.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120221-06 Ochsner Medical Center LA Electronic Medical/Healthcare Yes - Unknown # 0

Staff at Ochsner Medical Center say an external hard drive containing patients' personal and medical information is missing from the West Bank campus.

Attribution 1 Publication: Fox8news Author: Date Published: Article Title: Ochsner reports hard drive, patient records missing Article URL: http://www.fox8live.com/news/local/story/Ochsner-reports-hard-drive-patient-records-missing/Wa5_8vFJ3kqT8Pevq9ug

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120221-05 University of North Carolina - NC Electronic Educational Yes - Published # 350,000 Charlotte School officials say an online security breach has hit a Charlotte college campus and they are still trying to figure out how much information was potentially risked.

Attribution 1 Publication: wbtv.com Author: Chris Dyches Date Published: Article Title: Online security breach hits Charlotte college campus, officials warn Article URL: http://www.wbtv.com/story/16945564/internet-security-breach-hits-charlotte-university-officials-warn

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120221-04 Central Connecticut State CT Electronic Educational Yes - Published # 18,275 University Central Connecticut State University officials have announced that a security breach in a CCSU Business Office computer exposed the Social Security Numbers of current and former faculty, staff, and student workers to potential misuse.

Attribution 1 Publication: Farmington Patch Author: Kaitlin McCallum Date Published: Article Title: Security Breach At CCSU Exposes Social Security Numbers Article URL: http://farmington.patch.com/articles/security-breach-at-ccsu-exposes-social-security-numbers

How is this report produced? What are the rules? See last page of report for details.

Attribution 2 Publication: databreaches.net Author: Date Published: Article Title: Central Connecticut State University server infected with Z-Bot; over 18,000 notified of incident Article URL: http://www.databreaches.net/?p=23365

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120221-03 Mo' Money Taxes TN Paper Data Business Yes - Unknown # 0

Memphis police are investigating thousands of documents containing personal information in dumpsters at a Whitehaven area Mo' Money Taxes business. Now the tax preparation business is the focus of a federal investigation by the IRS for identity theft.

Attribution 1 Publication: ABC24 Author: Shelley Orman Date Published: Article Title: Personal Information Found Dumped Behind Mo' Money Taxes Article URL: http://www.abc24.com/news/local/story/Personal-Information-Found-Dumped-Behind-Mo-Money/jLsP5acBpkirlMxPHLV

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120221-02 DHI Mortgage Loan CA 2/10/2012 Electronic Business Yes - Unknown # 0 Prequalification Website DHI Mortgage became aware that a software security breach by unknown external sources occurred in its Internet Loan Prequalification System.

Attribution 1 Publication: CA AG's office Author: Date Published: Article Title: DHI Mortgage Loan Prequalification Website Article URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-22431

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120221-01 Patriot Self Storage MA Paper Data Business Yes - Unknown # 0

Patriot Self Storage recently discovered that certain files containing customer lease documents are missing. Lease documents likely contained the names, addresses and potentially dirver's license numbers of Patriot Self Storage customrs. In addition, certain lease documents may have contained social security numbers of the customer, although PSS has not been able to confirm that.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Patriot Self Storage Article URL: http://doj.nh.gov/consumer/security-breaches/documents/patriot-20120203.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120216-02 University of North Carolina - NC Electronic Educational Yes - Published # 350,000 Charlotte School officials say an online security breach has hit a Charlotte college campus and they are still trying to figure out how much information was potentially risked.

Attribution 1 Publication: The Republic / NH AG's office Author: Date Published: 5/10/2012 Article Title: Personal information on North Carolina Charlotte students and faculty exposed Article URL: http://www.therepublic.com/view/story/3eb77ef4ab304284984b1b9b23226eb7/NC--UNCC-Data-Exposed/

Attribution 2 Publication: Charlotte Observer Author: Meghan Cooke Date Published: Article Title: Online security breach hits Charlotte college campus, officials warn Article URL: http://www.wbtv.com/story/16945564/internet-security-breach-hits-charlotte-university-officials-warn

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120216-01 St. Joseph Health System CA Electronic Medical/Healthcare Yes - Published # 31,800

St. Joseph Health System has alerted more than 10,000 patients in Santa Rosa, Petaluma and Napa that their personal health information records may have been searchable on the Internet - includes Mission Hospital, Queen of the Valley Medical Center, Santa Rosa Memorial Hospital and Petaluma Hospital.

Attribution 1 Publication: North Bay Business Journal Author: Dan Verel Date Published: Article Title: St. Joseph Health reports potential data breach Article URL: http://www.northbaybusinessjournal.com/48980/st-joseph-health-reports-potential-data-breach/

Hundreds of western Wisconsin patients are warned their medical and personal information may have been compromised.

Attribution 1 Publication: WQOW.com Author: Keith Edwards Date Published: Article Title: Computer stolen from western Wis. medical center Article URL: http://www.wqow.com/story/16910490/computer-stolen-from-western-wis-medical-center

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120214-03 Cardinal Fitness IN Paper Data Business Yes - Unknown # 0

Deputy Attorney General Chuck Taylor launched an investigation after a Dumpster containing credit card numbers and receipts was found sitting outside a closed Indianapolis fitness center.

Attribution 1 Publication: rtv 6 - ABC Author: Date Published: Article Title: AG Investigates Cardinal Fitness Dumped Documents Article URL: http://www.theindychannel.com/news/30412647/detail.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120214-01 Oldendorf Medical Services NY 1/18/2012 Electronic Medical/Healthcare Yes - Published # 640

Two laptop computers were recently stolen from Oldendorf Medical Services on Washington Avenue in Albany.

Attribution 1 Publication: timesunion.com Author: Cathleen F. Crowley Date Published: 1/27/2012 Article Title: Laptops stolen from Albany doctor's office Article URL: http://www.timesunion.com/local/article/Laptops-stolen-from-Albany-doctor-s-office-2753512.php

Attribution 2 Publication: WNYT News Author: Date Published: Article Title: Laptops stolen from Oldendorf Medical Services Article URL: http://albany.wnyt.com/news/news/108863-laptops-stolen-oldendorf-medical-services

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120213-05 St. Elizabeth's Medical Center MA Paper Data Medical/Healthcare Yes - Published # 6,831

St. Elizabeth's Medical Center says it is investigating how files containing patient information turned up on the ground outside its Brighton, Mass., campus.

Attribution 1 Publication: UPI.com Author: Date Published: Article Title: Hospital data breach under investigation Article URL: http://www.upi.com/Top_News/US/2012/02/09/Hospital-data-breach-under-investigation/UPI-51151328813745/

Attribution 2 Publication: boston.com Author: Robert Weisman Date Published: Article Title: St. Elizabeth’s Medical Center notifies patients of billing data breach in Charlestown incident Article URL: http://www.boston.com/Boston/businessupdates/2012/04/elizabeth-medical-center-notifies-patients-billing-data-breach-

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120213-04 C.D. Peacock IL Electronic Business Yes - (Password) Unkno 0

Chicago jeweler C.D. Peacock has sued a suburban information-technology consulting firm, alleging that the company's negligence allowed hackers to access confidential customer financial data.

Attribution 1 Publication: Chicago Tribune Author: Date Published: 2/10/2012 Article Title: C.D. Peacock sues IT firm over network breach Article URL: http://www.chicagotribune.com/business/breaking/chi-cd-peacock-sues-it-firm-over-network-breach-20120209,0,592646

How is this report produced? What are the rules? See last page of report for details.

Attribution 2 Publication: Chicago Tribune Author: Date Published: Article Title: C.D. Peacock sues IT firm over network breach Article URL: http://articles.chicagotribune.com/2012-02-09/business/chi-cd-peacock-sues-it-firm-over-network-breach-20120209_1_s

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120213-03 Unknown Merchant - Bank of NY Electronic Business Yes - Unknown # 0 America Bank of America last week blamed a suspected breach of credit card data on an unidentified third party, which the bank later revealed to be a merchant. The incident illustrates security risks institutions increasingly face, whether because of a merchant breach or relying too heavily on partners and suppliers.

Attribution 1 Publication: American Banker Author: Sean Sposito Date Published: 2/9/2012 Article Title: Bank of America Reissues Some Cards After Third-Party Breach Article URL: http://www.americanbanker.com/issues/177_28/bank-of-america-data-breach-utility-credit-debit-cards-1046546-1.html

Attribution 2 Publication: databreachtoday.com Author: Date Published: Article Title: Bank of America Responds to Breach Article URL: http://www.databreachtoday.com/articles.php?art_id=4487

Attribution 3 Publication: BankInfoSecurity Author: Tracy Kitten Date Published: Article Title: Bank of America Clarifies Breach Article URL: http://www.bankinfosecurity.com/articles.php?art_id=4513&rf=2012-02-16-eb

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120213-02 Valencia College FL Electronic Educational Yes - Unknown # 0

Valencia College is apologizing after a mistake allowed the personal information of 9,000 current and prospective students to be posted online.

Attribution 1 Publication: wftv.com Author: Date Published: Article Title: Valencia College apologizes after student personal information posted online Article URL: http://www.wftv.com/news/news/local/mistake-put-personal-information-valencia-college-/nHWdn/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120213-01 Department of Child Services IN 2/4/2012 Electronic Government/Military None - Encrypted Data 0

Laptops loaded with classified and personal information were swiped over the weekend from the Department of Child Services in Hendricks County. The initial concern was identity theft. But DCS put safeguards in place - safeguards you can put on your computer to ensure security.

Attribution 1 Publication: WISHTV.com Author: Daniel Miller Date Published: Article Title: Computers Stolen from Government Office Article URL: http://www.wishtv.com/dpp/news/crime/computers-stolen-from-government-office

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120209-01 Metro Community Provider CO Electronic Medical/Healthcare Yes - Published # 3,200 Network Hackers may have accessed the personal health data belonging to patients of Denver area-based Metro Community Provider Network, a nonprofit health care provider for low-income individuals and families. UPDATE: 3/19/12 ON HHS.GOV 3,200 individuals affected

Attribution 1 Publication: SC Magazine Author: Dan Kaplan Date Published: Article Title: Phishing email leads to Denver area health care breach Article URL: http://www.scmagazine.com/the-data-breach-blog/section/1263/

The VeriSign breach is an example of how no one is too secure or too big to be attacked. Security experts said targeted attacks on "high value" companies will continue. Companies get breached. That's the lesson of 2011. Large or small, no organization is immune to attacks. The VeriSign breach was just another day of business as usual for the bad guys.

Attribution 1 Publication: eweek Author: Date Published: Article Title: VeriSign Breach Not A Surprise, Attackers Target Everyone Article URL: http://www.eweek.com/c/a/Security/VeriSign-Breach-Not-a-Surprise-Attackers-Target-Everyone-452680/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120206-08 Concentra Health MA Electronic Medical/Healthcare Yes - Published # 870

During a recent burglary at the Concentra Medical Center in Springfield (1308 N. Glenstone Ave.), an unencrypted laptop computer was stolen from the facility. The computer contained the names, Social Security Numbers and pre-employment work-fitness test results of approximately 900 Concentra patients from the Springfield area.

Attribution 1 Publication: http://www.phiprivacy.net/ Author: Date Published: Article Title: Concentra Health Article URL: http://www.phiprivacy.net/?p=8928

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120206-07 Robert S. Smith, MD, Inc. GA Electronic Medical/Healthcare Yes - Published # 17,000

On October 17, 2011, there was a “smash-and-grab” break-in at the offices of Robert S. Smith, M.D., Inc. (the “Lab”), and a laptop was stolen. The laptop contained limited information for some patients of the Lab that included name, date of birth, physician and diagnosis. There was no financial information or other sensitive information such as Social Security number included on the laptop.

Attribution 1 Publication: phiprivacy.net Author: Date Published: Article Title: Robert S. Smith, MD, Inc. Article URL: http://www.phiprivacy.net/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120206-06 University of Miami Miller FL Electronic Medical/Healthcare Yes - Published # 1,219 School of Medicine A thief broke into a doctor's car and stole a briefcase containing a flash drive that held personal data on patients of the University of Miami (UM) Miller School of Medicine.

Attribution 1 Publication: SC Magazine Author: Greg Masters Date Published: Article Title: Patient data at U of M hospital breached Article URL: http://www.miamiherald.com/2012/01/30/2615588/um-patient-data-stolen.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120206-05 BMW Motorcycles Owners of MO Electronic Business Yes - Unknown # 0 America 2,061 usernames, encrypted passwords (some plain-text) and e-mail addresses dumped on Internet

Attribution 1 Publication: datalossdb Author: Date Published: Article Title: BMW Motorcycles Owners of America Article URL: http://datalossdb.org/incidents/5585-2-061-usernames-encrypted-passwords-some-plain-text-and-e-mail-addresses-du

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120206-04 East Baton Rouge LA Paper Data Educational Yes - Published # 187 Acceleration Academy The Baton Rouge Police Department is conducting an identity theft investigation involving at least 187 potential victims, all students at a Baton Rouge high school, and the suspect in the case is a 17-year-old student from the school.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: WAFB.com Author: Amber Stegall Date Published: Article Title: http://www.whiotv.com/news/news/local/greene-co-website-hacked-users-warned/nHRQH/ Article URL: http://www.wafb.com/story/16641742/nearly-200-high-school-students-fall-victim-to-identity-theft

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120206-03 Greene County Website OH Electronic Government/Military Yes - Unknown # 0

Greene County residents who have used an email address, user name and password on any Greene County website may want to change that information in other applications because the county’s web server was hacked into Monday night.

Attribution 1 Publication: whiotv.com Author: Mark Gokavi Date Published: Article Title: Greene County Website Article URL: http://www.whiotv.com/news/news/local/greene-co-website-hacked-users-warned/nHRQH/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120202-02 Indiana University Health IN Electronic Medical/Healthcare Yes - Published # 12,374 Goshen Hospital Life-threatening diseases, ailments, and illnesses – doctors at IU Health Goshen Hospital treat it all. But a different kind of virus has the hospital on alert and the personal information of 12,000 people at risk.

Attribution 1 Publication: Techworld Author: Date Published: Article Title: US hospital hit by data-stealing malware Article URL: http://news.techworld.com/security/3335408/us-hospital-hit-by-data-stealing-malware/

Attribution 2 Publication: WSBT-TV Author: John Paul Date Published: Article Title: Goshen Hospital Article URL: http://www.southbendtribune.com/news/sbt-goshen-hospital-data-breach-exposes-personal-information-20120201,0,26

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120202-01 Salt Lake City Police UT Electronic Government/Military Yes - Unknown # 0 Department A hacking collective known as Anonymous broke into the Salt lake City Police Department website Tuesday evening, and was apparently able to access the personal information of those who had registered with the site.

Attribution 1 Publication: KSL.com Author: Dave Newlin Date Published: Article Title: Personal information accessed in hack of SLCPD website Article URL: http://www.ksl.com/?nid=148&sid=19088873

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120131-02 Regions Financial Corp. - AL Electronic Business Yes - Unknown # 0 Ernst & Young Personal information about Regions Financial Corp. current and former employees was lost in November when a flash drive with the data came up missing after being mailed by outside auditor Ernst & Young in the same envelope as the decryption code.

Attribution 1 Publication: al.com Author: Date Published: Article Title: http://blog.al.com/businessnews/2012/01/regions_says_employee_401k_dat.html Article URL: http://blog.al.com/businessnews/2012/01/regions_says_employee_401k_dat.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120131-01 Lexington Clinic KY 12/7/2011 Electronic Medical/Healthcare Yes - Published # 1,018

Following the Dec. 7 theft of an unencrypted laptop, Lexington Clinic in Kentucky is notifying 1,018 patients who received services in the neurology department.

Attribution 1 Publication: Health Data Management Author: Date Published: Article Title: Laptop Loaded with PHI Stolen from Lexington Clinic Article URL: http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-43956-1.html?ET=healthdatam

How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120127-04 University System of MD Electronic Educational Yes - Published # 8,000 Maryland The University System of Maryland until recently had been storing information, including Social Security and some credit card numbers, of thousands of prospective students on a server that the public can access, according to a state audit this week.

Attribution 1 Publication: Gazette.net Author: Andrew Ujifusa Date Published: Article Title: Social Security, some credit card numbers were stored on public USM server Article URL: http://www.gazette.net/article/20120127/NEWS/701279589/1034/social-security-some-credit-card-numbers-were-stored-

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120127-03 Sequoia Hospital CA Electronic Medical/Healthcare Yes - Published # 391

A contractor working for Sequoia Hospital inadvertently posted the names and Social Security numbers of 391 current and former hospital employees on a public website, where it stayed for four years.

Attribution 1 Publication: San Mateo County Times Author: Aaron Kinney Date Published: Article Title: Sequoia Hospital vendor posted hospital employees' personal information online Article URL: http://www.mercurynews.com/san-mateo-county-times/ci_19829283

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120127-02 Indiana University IN Electronic Educational Yes - Unknown # 0

Last semester the President’s Challenge website tracked IU employees’ nutrition and exercise progress throughout their participation in the Healthy IU fitness competition.

On Jan. 19, those same IU employees received an email from President’s Challenge officials delivering some alarming news.

“We are writing to inform you about a security issue involving the President’s Challenge website,” the email began. “Hackers recently accessed our database.”

Attribution 1 Publication: Indiana Daily Student Author: Kirsten Clark Date Published: Article Title: IU Information Security responds to hacking of President's Challenge website Article URL: http://www.idsnews.com/news/story.aspx?id=85147

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120127-01 Bamastuff.com AL Electronic Business Yes - Unknown # 0

Officials with an online company that sells Crimson Tide gear says some customers have seen multiple fraudulent charges on their bank accounts after a security breach on the website.

Attribution 1 Publication: The Gadsden Times / AP Author: Date Published: Article Title: Company warns Ala. customers of security breach Article URL: http://www.gadsdentimes.com/article/20120125/APN/1201251368

Attribution 2 Publication: al.com Author: Yvonne T. Betowt Date Published: Article Title: Tide fans ordering from Bamastuff.com may have had credit card information stolen Article URL: http://blog.al.com/breaking/2012/01/tide_fans_ordering_from_bamast.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120124-08 Pure Med Spa NV Paper Data Medical/Healthcare Yes - Unknown # 0

A Las Vegas woman got quite a surprise as she drove around looking for empty boxes to store her holiday decorations. She found some near a dumpster but they weren't empty. To her surprise they were packed with medical records. So she emailed Action News wondering how they got there.

Attribution 1 Publication: ktnv.com Author: Date Published: Article Title: Medical records found near dumpster near Buffalo & Washington Article URL: http://www.ktnv.com/news/local/136761898.html

Members of an Indiana non-profit health care program were alerted on Wednesday about a possible privacy leak within the organization’s records.

MDwise officials said the personal records of 2,700 Hoosiers covered by the Healthy Indiana Plan, Care Select and Hoosier Healthwise health programs were possibly leaked to the Internet.

Attribution 1 Publication: indychannel.com Author: Date Published: Article Title: Health Care Company Alerts Hoosiers About Privacy Leak Article URL: Health Care Company Alerts Hoosiers About Privacy Leak

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120124-06 Ayuda Medical Case TX Paper Data Medical/Healthcare Yes - Unknown # 0 Management Boxes full of personal medical records were recovered in a Castroville trash can, exposing thousands of patients to the threat of identity theft and more.

Attribution 1 Publication: KSAT.com Author: Brian Mylar Date Published: Article Title: Personal documents found in trash can Article URL: http://www.ksat.com/news/Personal-documents-found-in-trash-can/-/478452/8282132/-/59y7ox/-/index.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120124-05 Family Chiropractic Center IN Paper Data Medical/Healthcare Yes - Unknown # 0

Kokomo police are investigating the reported theft of hundreds of medical records from a local chiropractic clinic, Capt. Brian Seldon confirmed Friday.

Attribution 1 Publication: Kokomo Tribune Author: Scott Smith Date Published: Article Title: Thieves swipe medical records Article URL: http://kokomotribune.com/local/x2019121991/Thieves-swipe-medical-records/print

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120124-04 Vermont Department of Taxes VT Electronic Government/Military Yes - Published # 1,332

The last party was identified a day after the tax department said three parties were able to access the numbers. The website displayed the Social Security numbers of 1,332 individuals and the federal ID numbers of 245 businesses for two hours, according to the state.

Attribution 1 Publication: BurlingtonFreePress.com Author: Date Published: Article Title: Vermont tax department says risk of ID theft is minimal after social security numbers posted Article URL: http://www.burlingtonfreepress.com/article/20120111/NEWS03/120111016/Vermont-tax-department-says-risk-ID-theft-mi

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120124-03 City of Point Pleasant WV Electronic Government/Military Yes - Unknown # 0

According to a press release from Mayor Brian Billings on Friday morning, the City of Point Pleasant was notified from an outside agency of a potential security breach of its computer system. Billings’ statement said the apparent breach was originated from an outside source.

Attribution 1 Publication: Point Pleasant Register Author: Beth Sergent Date Published: Article Title: City computers possibly hacked Article URL: http://www.mydailyregister.com/view/full_story/17244934/article-City-computers-possibly-hacked

We recently became aware of a criminal intrusion into our ActiveStore Web-based storefront application that processes purchases of digital games made by customers on our partners' web sites. We believe the intruders may have been able to intercept and obtain cardholder names, credit card account numbers, expiration dates, security codes, postal addresses, email addresses and passwords to optional user accounts on ActiveStore storefronts from a portion of transactions flowing through the ActiveStore application between November 4, 2011 and December 2, 2011.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Trymedia Article URL: http://doj.nh.gov/consumer/security-breaches/documents/tm-acquisition-trymedia-20120113.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120124-01 Department of Veterans US Electronic Government/Military Yes - Published # 4,000 Affairs The Department of Veterans Affairs has notified more than 2,200 veterans and is offering them one year of credit monitoring services after protected information including Social Security numbers were posted on the Ancestry.com Web site.

Attribution 1 Publication: Federal Times Author: Nicole Blake Johnson Date Published: Article Title: More than 4,000 vets potentially affected by VA data breach Article URL: http://www.federaltimes.com/article/20120125/DEPARTMENTS04/201250304/

Attribution 2 Publication: Health Data Management Author: Date Published: Article Title: Department of Veterans Affairs Article URL: http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-43902-1.html?ET=healthdatam

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120123-02 New York State Electric & NY Electronic Business Yes - Published # 1,800,000 Gas (NYSEG) The state Public Service Commission is investigating a security breach that allowed unauthorized access to NYSEG customer data containing Social Security numbers, dates of birth and bank account numbers.

Attribution 1 Publication: State of NY Public Service Commission Author: Date Published: Article Title: PSC Investigates Consumer Data Breach at NYSEG, RG&E Article URL: http://www3.dps.ny.gov/pscweb/WebFileRoom.nsf/Web/1986D5ECA1917A8A8525798E005F81DD/$File/pr12007.pdf?Ope

Attribution 2 Publication: recordonline.com Author: Date Published: Article Title: NYSEG customer data accessed in security breach Article URL: http://www.recordonline.com/apps/pbcs.dll/article?AID=/20120123/BIZ/120129894

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120123-01 Kansas Department on Aging KS 1/12/2012 Paper Data Government/Military Yes - Published # 7,757

The Department of Aging warns customers their personal information may be in jeopardy. Last week, a laptop computer, flash drive and paper files were stolen out of a locked vehicle used by an employee in Wichita.

Attribution 1 Publication: HHS.Gov Author: Date Published: Article Title: Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

Attribution 2 Publication: Topeka Capital Journal Author: Kim Hynes Date Published: Article Title: 100 social security numbers stolen from Dept. of Aging Article URL: http://www.kwch.com/kwch-news-kah-personal-information-stolen-from-ks-department-of-aging-20120119,0,7125622.st

Attribution 3 Publication: wibw.com Author: Date Published: Article Title: KS Dept. On Aging Warns Of Information Breach Article URL: http://www.wibw.com/home/headlines/KS_Dept_On_Aging_Warns_Of_Information_Breach_137707608.html

How is this report produced? What are the rules? See last page of report for details.

Attribution 4 Publication: HHS.GOV Author: Date Published: Article Title: Kansas Department on Aging Article URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120119-01 Arizona State University AZ Electronic Educational Yes - Unknown # 0

Arizona State University plans to have its online computer system back up by 7 p.m. Thursday at the latest, following a security breach that forced a shutdown.

Attribution 1 Publication: TusconCitizen.com Author: Anne Ryman Date Published: Article Title: ASU shuts down online access after security breach Article URL: http://tucsoncitizen.com/arizona-news/2012/01/19/asu-shuts-down-online-access-after-security-breach/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120117-01 Summit Sports MI Electronic Business Yes - Unknown # 0

Incident involved a website development database that had stored encrypted credit card information. We believe that the encrypted credit cards may have been "read" by a hacker who also may have had access to the encryption key.

Attribution 1 Publication: NH AG's office Author: Date Published: Article Title: Summit Sports Article URL: http://doj.nh.gov/consumer/security-breaches/documents/summit-sports-20111221.pdf

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120116-02 Zappos - 6pm US Electronic Business Yes - Unknown # 0

Zappos is urging its customers to change their passwords after an intruder gained unauthorized access to the online shoe retailer's servers.

Attribution 1 Publication: news.cnet.com Author: Date Published: Article Title: Zappos customer data accessed in security breach Article URL: http://news.cnet.com/8301-1009_3-57359536-83/zappos-customer-data-accessed-in-security-breach/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120116-01 City College of San Francisco CA Electronic Educational Yes - Published # 100,000

The computer networks of a San Francisco community college have been infected with software viruses that illegally transmitted personal data from students and employees overseas, school officials said Friday.

Attribution 1 Publication: msnbc.msn,com Author: AP Date Published: Article Title: Data Breach could affect 100,000 students Article URL: http://www.msnbc.msn.com/id/45993411/ns/technology_and_science-security/

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120111-01 Ohio State University Medical OH Electronic Medical/Healthcare Yes - Published # 180 Center Ohio State University Medical Center is offering one year of credit protection services to 180 former patients following a breach of protected health information.

Attribution 1 Publication: Health Data Management Author: Date Published: Article Title: OSU Offers Credit Protection Following Data Breach Article URL: http://www.healthdatamanagement.com/news/hipaa-privacy-security-breach-notification-rule-43860-1.html?ET=healthd

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120110-03 Isaac Miller Elementary CA Paper Data Educational Yes - Unknown # 0 School Dozens of federally-funded books and documents containing families' personal information were thrown in a dumpster at a elementary school and have been cleared out by school officials.

How is this report produced? What are the rules? See last page of report for details.

Attribution 1 Publication: Central Coast News Author: Date Published: Article Title: School Accidentally Throws Out Books and Student Information Article URL: http://www.kionrightnow.com/story/16481347/books-student-personal-documents-thrown-in-dumpsters-at-school

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120110-02 Staffing Solutions GA Paper Data Business Yes - Unknown # 0

But a little more than a week ago, CBS Atlanta started asking Tough Questions about one of Employ Bridge's companies after thousands of documents containing personal information were found in a Gwinnett County recycling dumpster.

Attribution 1 Publication: cbsatlanta.com Author: Bernard Watson Date Published: Article Title: Tough Questions for staffing agency about discarded documents Article URL: http://www.cbsatlanta.com/story/16478506/tough-questions-for

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120110-01 Hydrogen Software MO Electronic Business Yes - Unknown # 0

201 usernames and hashed passwords acquired and dumped by hacker

Attribution 1 Publication: datalossdb.org Author: Date Published: Article Title: Hydrogen Software Article URL: http://datalossdb.org/incidents/5422-201-usernames-and-hashed-passwords-acquired-and-dumped-by-hacker

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120106-01 Spotsylvania County Schools DC 12/23/2011 Electronic Educational Yes - Published # 4,300

A Spotsylvania school employee went online recently to find a W2 form. The employee's W2 form was viewable, all right -- through a simple Google search.

Attribution 1 Publication: fredericksburg.com Author: Pamela Gould Date Published: Article Title: Spotsy Schools respond to online breach Article URL: http://blogs.fredericksburg.com/newsdesk/2012/01/06/spotsy-schools-respond-to-online-breach/

Attribution 2 Publication: fredericksburg.com Author: Pamela Gould Date Published: Article Title: Spotsy schools respond to online breach Article URL: http://blogs.fredericksburg.com/newsdesk/2012/01/06/spotsy-schools-respond-to-online-breach/

Attribution 3 Publication: fredericksburg.com Author: Date Published: Article Title: Spotsylvania School Article URL: http://blogs.fredericksburg.com/gettingschooled/2012/01/06/employees-start-receiving-letter-regarding-security-breach/

Attribution 4 Publication: NBC Washington Author: Date Published: Article Title: Spotsylvania School Schools Article URL: http://www.nbcwashington.com/news/local/Spotsy-136810348.html

ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120105-01 Wells Fargo CT Paper Data Banking/Credit/Financial Yes - Unknown # 0

Connecticut's attorney general is investigating a possible data breach in which Wells Fargo & Co may have disclosed customer Social Security numbers as part of a fraud investigation.

Attribution 1 Publication: Chicago Tribune Author: Date Published: Article Title: Possible data breach by Wells Fargo investigated Article URL: http://www.chicagotribune.com/business/sns-rt-us-wellsfargo-breachtre804024-20120104,0,2305175.story

How is this report produced? What are the rules? See last page of report for details. ITRC Breach ID Company or Agency State Est. Date Breach Type Breach Category Records Exposed? # Records Rptd ITRC20120102-01 California Statewide Law CA Electronic Business Yes - Published # 2,500 Enforcement Association SACRAMENTO, CA - A day after Anonymous hacked into California Statewide Law Enforcement Association's website, CSLEA members are still learning about the security breach.

Attribution 1 Publication: news10.net Author: Date Published: Article Title: Police Group members react to Anonymous Hacking Article URL: http://www.news10.net/news/article/171017/2/CSLEA-members-react-to-Anonymous-hacking

2012 Breaches Identified by the ITRC as of: 1/4/2013 Total Breaches: 470 Records Exposed: 17,491,690

The ITRC Breach database is updated on a daily basis, and published to our website on each Tuesday. Unless noted otherwise, each report includes breachs that occurred in the year of the report name (such as "2009 Breach List"), or became public in the report name year, but were not public in the previous year. Each item must be previously published by a credible source, such as Attorney General's website, TV, radio, press, etc. The item will not be included at all if ITRC is not certain that the source is real and credible. We include in each item a link or source of the article, and the information presented by that article. Many times, we have attributions from a multitude of media sources and media outlets. ITRC sticks to the facts as reported, and does not add or subtract from the previously published information. When the number of exposed records is not reported, we note that fact. When records are encrypted, we state that we do not (at this time) consider that to be a data exposure. However, we do not consider password protection as adequate, and we do consider those events to be a data exposure.

What is a breach? A breach is defined as an event in which an individual’s name plus Social Security Number (SSN), driver’s license number, medical record, or a financial record/credit/debit card is potentially put at risk – either in electronic or paper format.

The ITRC Breach Report presents individual information about data exposure events and running totals for the year. The ITRC Breach Stats Report develops some statistics based upon the type of entity involved in the data exposure.

This project was supported by Grant No. 2007-VF-GX-K038 awarded by the Office for Victims of Crime, Office of Justice Programs, U.S. Department of Justice. Points of view in this document are those of the ITRC and do not necessarily represent the official position or policies of the U.S. Department of Justice.