2019 Breaches
Jira Visibility Controls allows for Breach of PII at NASA
Who: NASA What was affected: Employee usernames, names, email addresses, and project names. When it happened: September 2018 How it happened: The reason for the leak was Jira's visibility controls, which a NASA system admin appears to have mixed up. Outcome: NASA and...
Stolen Hard Drive Exposes Diagnostic Images from Texas Orthopaedic Firm
Who: All-Star Orthopaedics What was affected: The stolen hard drive includes x-rays and other diagnostic images. If opened, the image files contain patient names and birthdates. No additional information is stored on the pictures on the hard drive. When it happened:...
Canadian Hospital Breach Exposes Hundreds of Patient Records
Who: Belleville General Hospital # of Accounts Breached: Hundreds of patient records What was affected: Patient records. The accessed information could include names, addresses, birth dates, health card numbers, and other health information. When it happened:...
Targeted Data Breach Exposes Victorian Government Employees
Who: Victorian Government, Australia # of Accounts Breached: 30,000 Victorian public servants What was affected: Work emails, job titles and work phone numbers. When it happened: December 22, 2018 How it happened: The work details of 30,000 Victorian public servants...
Data Breach Game Maker Exposes Data of 7.6 Million Users
Who: Town of Salem - BlankMediaGames # of Accounts Breached: 7.6 Million What was affected: Usernames, Email addresses, Passwords in the (phpass), MD5(WordPress), MD5(phpBB3)) format, IP addresses, Game & forum activity, Purchased game premium features, but...
Singapore Airline Hack Exposes Travel Details
Who: Singapore Airlines # of Accounts Breached: 284 KrisFlyer members What was affected: Their names, flight history, recent miles transactions and rewards were disclosed to other members. Furthermore, seven of the total cases may have had their passports numbers...
Kitchen Utensil Manufacturer E-commerce Website Hacked
Who: OXO International What was affected: Customer data: customer and payment information When it happened: Between June 9, 2017 – November 28, 2017, June 8, 2018 – June 9, 2018, and July 20, 2018 – October 16, 2018 How it happened: OXO International has stated that...
7 years of FBI Investigation Data leaked on Unprotected Oklahoma Server
Who: Oklahoma Securities Commission What was affected: The FBI files contained “all sorts of archive enforcement actions” dating back seven years (the earliest file creation date was 2012). The documents included spreadsheets with agent-filled timelines of interviews...
Targeted Phishing Attack Against Employees of Kent County Mental Health
Who: Kent County Community Mental Health Authority # of Accounts # of Accounts Breached: 2,284 What was affected: Personally Identifiable Information, Names of Medical Providers, Medical #'s, Schools, Ethnicity, Relatives. When it happened: October 28, 2018 How it...
FBI investigates Nigerian Fraud against School System
Who: Caddo Parish School System What was affected: This phishing scheme targeted funds designated for Charter Schools USA, which operates Magnolia School of Excellence. When it happened: Summer 2018 How it happened: Caddo Schools makes monthly payments to the charter...
Wisconsin Police Department Hacked, Information Stolen
Who: Kewaskum PD Computer # of Accounts Breached: 2,720 potential victims What was affected: Personal information including date of birth, drivers license and social security numbers may have been stolen. When it happened: August 2018 How it happened: This all came to...
Credential Stuffing Attacks Possible now due to Massive Data Breach
Who: People’s Email Addresses and Passwords used to log in to third-party sites No. of Accounts Breached: 773 million unique email addresses and 21 million unique passwords that were used to log in to third-party sites What was affected: 773 million unique email...
City of Knoxville released personally identifiable information on Employees
Who: City of Knoxville No. of Accounts Breached: 1,470 employees were affected by the inadvertent posting of personal data. What was affected: Employee names, addresses, dates of birth, gender and Social Security numbers and other types of employment information. When...
Hackers steal Customer Credit Cards from Discount Mugs
Who: DiscountMugs.com No. of Accounts Breached: Thousands of customers who made purchases through the site during the four months. What was affected: Credit card numbers, the security code, and expiration date, as well as names, addresses, phone numbers, email...
Hackers Exploit Vulnerability to take down Whistler.ca Website
Who: RMOW - Resort Municipality of Whistler What was affected: Municipal website, whistler.ca, has been breached When it happened: December 28, 2018 How it happened: The Resort Municipality of Whistler (RMOW) is informing members of the public that its municipal...