Data Breaches Caused By Third-parties

2020 Data Leaks

Data Leaks for 2020
Date
Company
Data Breached
Use of 3rd Party
3rd-party Company
Date September
Company Experian
Data Breached Cellphone numbers,Home phone numbers, Work phone numbers, Employment details; and Identity numbers of 24 million South Africans
Use of 3rd Party third-party hosting
3rd-party Company not disclosed
Date September
Data Breached full names, email and street addresses, phone numbers and ZIP codes of 38 million US citizens
Use of 3rd Party marketing company
3rd-party Company View Media
Date September
Data Breached names, medical service numbers and dates of service for patients and list of donors
Use of 3rd Party data management software vendor
3rd-party Company BlackBaud
Date September
Data Breached members names, emails and physical addresses
Use of 3rd Party data management software vendor
3rd-party Company BlackBaud
Date August
Data Breached infection status, dates of birth, addresses, names, and other PII of COVID-19 patients in South Dakota
Use of 3rd Party software vendor
3rd-party Company not disclosed
Date August
Data Breached names, addresses and gift history of donors
Use of 3rd Party software vendor
3rd-party Company not disclosed
Date August
Company FeedMore
Data Breached personal information of donors
Use of 3rd Party software vendor
3rd-party Company BlackBaud
Date August
Data Breached corporate data
Use of 3rd Party wine and spirit maker
3rd-party Company Brown-Forman
Date July
Data Breached personal information of investors
Use of 3rd Party third-party software provider
3rd-party Company M.J. Brunner
Date July
Company Citrix
Data Breached email IDs, phone numbers, last known location, phone type and login dates
Use of 3rd Party third-party vendor
3rd-party Company not disclosed
Date July
Company Promo.com
Data Breached first name, last name, email address, IP address, approximated user location based on their IP address, and gender, as well as encrypted, hashed and salted passwords.
Use of 3rd Party third-party service provider
3rd-party Company not disclosed
Date July
Data Breached name, date of birth, contact information, and some information about donations regarding alumni and donors
Use of 3rd Party cloud-computing service provider
3rd-party Company BlackBaud
Date July
Data Breached 7.5 million users’ names, emails and physical addresses, birthdates, and phone numbers
Use of 3rd Party third-party service provider
3rd-party Company WayDev
Date June
Data Breached ACH routing numbers, IBANs and other financial data as well as PII
Use of 3rd Party web development firm
3rd-party Company NetSentiel
Date June
Data Breached names, addresses, birth dates, banking and IRS data
Use of 3rd Party web site design firm
3rd-party Company 10up Inc
Date June
Company MU Health
Data Breached email addresses & passwords of MU students
Use of 3rd Party third-party web site
3rd-party Company not disclosed
Date June
Company Keepnet
Data Breached Breached email addresses, breached passwords
Use of 3rd Party third-party IT service provider
3rd-party Company not disclosed
Date June
Company Joomla
Data Breached Full name,Business address, Business email address, Business phone number, Company URL, Nature of business,Encrypted password (hashed),IP address, Newsletter subscription preferences
Use of 3rd Party third-party company(CMS)
3rd-party Company Open Source Matters
Date May
Data Breached PPP applications, in particular business details, such as an address or tax identification number, or a business owner’s information, such as name, address, Social Security number, phone number, email and citizenship status
Use of 3rd Party third-party merchant
3rd-party Company not disclosed
Date May
Data Breached 7 million Indians’ Aadhaar number, name, gender, date of birth, biometric details, Permanent Account Number (PAN), scanned copies of Caste and Religion certificates, user’s picture, residential details, professional degree certificates
Use of 3rd Party Amazon Web Services S3 bucket of a third party
3rd-party Company CSC e-Governance Services LTD
Date May
Company TrueCaller
Data Breached full names, email addresses, mobile numbers, Facebook IDs, age, city, gender, telecom service provider
Use of 3rd Party third-party merchant
3rd-party Company not disclosed
Date May
Data Breached full names and Social Security numbers of some people who have applied for unemployment benefits
Use of 3rd Party third party
3rd-party Company not disclosed
Date May
Data Breached name, medical treatment information, diagnosis information/codes, medication information, dates of service, insurance provider, health insurance number, date of birth, and Social Security number.
Use of 3rd Party Network Services Provider
3rd-party Company Management and Network Services – MNS
Date April
Data Breached First and last name, billing address and IBAN and account number
Use of 3rd Party third-party partner company
3rd-party Company not disclosed
Date April
Data Breached human resource files from RigUp’s clients, contractors, job seekers
Use of 3rd Party labor and marketplace provider
3rd-party Company RigUp
Date April
Company Mariott
Data Breached 5.2 million customers’ personal information incl. names, addresses, birthdays, emails, phone numbers and loyalty reward program numbers
Use of 3rd Party franchised hotel in Russia
3rd-party Company not dsiclosed
Date April
Data Breached not disclosed for now
Use of 3rd Party It-services vendor
3rd-party Company Cognizant
Date April
Data Breached names, phone numbers, addresses, credit card numbers, CVVs and expiration dates
Use of 3rd Party E-commerce vendor
3rd-party Company Volusion
Date March
Company T-Mobile
Data Breached customer names and addresses, phone numbers, account numbers, rate plans, and features, and billing information.
Use of 3rd Party e-mail vendor
3rd-party Company not disclosed
Date March
Company Radio.com
Data Breached name, Social Security number, driver’s license number, listeners’ credentials
Use of 3rd Party cloud hosting service
3rd-party Company not disclosed
Date March
Company Chubb
Data Breached sensitive files
Use of 3rd Party third-party service provider
3rd-party Company not disclosed
Date March
Data Breached direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates
Use of 3rd Party business service provider
3rd-party Company Canon Business Services
Date March
Data Breached 8 million sales records: customer names, email addresses, shipping addresses, purchases, last four digits of credit card numbers
Use of 3rd Party third-party app
3rd-party Company not disclosed
Date March
Data Breached non-disclosure agreements, partial schematic for a missile antenna
Use of 3rd Party precision parts maker
3rd-party Company Visser
Date February
Data Breached First and Last Name, Last Four Digits of Social Security Number, Transaction Date and Amount, Plan Sponsor/Employer Name, Address, Social Security Number, Email Address, Mailing Address, Date of Birth
Use of 3rd Party administering services
3rd-party Company Interactive Medical Systems Corporation
Date February
Company TQL carriers
Data Breached tax ID numbers, bank account numbers
Use of 3rd Party freight brokerage services
3rd-party Company TQL
Date February
Data Breached names, dates of birth, billing codes, insurance description, and medical record numbers
Use of 3rd Party accounting and tax services
3rd-party Company BST
Date February
Data Breached names, addresses, phone numbers, dates of birth, Social Security numbers and Health Share identification numbers
Use of 3rd Party medical transportation
3rd-party Company GridWorks
Date February
Company Rutters Store
Data Breached customers’ names, card numbers, expiration dates, and internal verification codes
Use of 3rd Party POS Device
3rd-party Company not disclosed
Date February
Company Carson City
Data Breached resident’s names, addresses, email addresses, payment card numbers, expiration dates, card security code (CVV) information, bank account numbers and routing numbers
Use of 3rd Party utility payment software
3rd-party Company Click2Gov
Date February
Data Breached name, date of birth, Social Security number, financial account information, tax identification number, and information on borrowers, liability, assets, employment, and income
Use of 3rd Party mortgage portal
3rd-party Company not disclosed
Date February
Company Nedbank
Data Breached 1.7 million customers information(name, ID, contacts)
Use of 3rd Party marketing and promotional campaigns
3rd-party Company Computer Facilities (Pty) Ltd
Date January
Company Instagram
Data Breached Instagram usernames and passwords
Use of 3rd Party third-party app
3rd-party Company Social Captain
Date January
Data Breached names, dates of birth, home addresses, email and phone numbers, names of family members, past addresses, the reason for application
Use of 3rd Party third-party service provider
3rd-party Company not disclosed
Date January
Data Breached photo IDs, phone numbers and home addresses of marijuana users as well as cannabis variety and quantity purchased
Use of 3rd Party point-of-sale software company
3rd-party Company THSuite
Date January
Company Regus
Data Breached employee names, emails and performance
Use of 3rd Party mystery shopping business
3rd-party Company Applause
Date January
Company Mitsubishi
Data Breached company data, data of government organizations and private companies, names and addresses, previous employment history, birthdates, telephone numbers of 8,122 applicants, employees and retirees
Use of 3rd Party an affiliated company in China
3rd-party Company not disclosed
Date January
Data Breached names, street addresses and Social Security numbers
Use of 3rd Party revenue cycle management vendor
3rd-party Company RCM Enterprise Services
Date January
Company Schools
Data Breached name, payment card expiration date and security code and Blue Bear account usernames and passwords
Use of 3rd Party school software vendor
3rd-party Company Active Network
Date January
Data Breached e-mail addresses and phone numbers
Use of 3rd Party hosting
3rd-party Company Amazon
Date January
Data Breached name, address, email, phone number, customer number, age, account number and account balance
Use of 3rd Party a third-party CRM hosting firm
3rd-party Company not disclosed

2019 Data Leaks

Data Leaks for 2019
Date
Company
Data Breached
Use of 3rd Party
3rd-party Company
Date December
Company Wyze customer
Data Breached 2.4 million customers
Use of 3rd Party IoT vendor
3rd-party Company Wyze
Date December
Data Breached 98,000 SAF servicemen information
Use of 3rd Party healthcare training provider
3rd-party Company HMI Institute of Health Sciences
Date December
Data Breached 2,400 personal data including full names and NRIC numbers, and a combination of contact numbers, e-mail addresses or residential addresses
Use of 3rd Party logistics services
3rd-party Company ST Logistics
Date December
Company City of Sioux
Data Breached 3,500 customers utility and parking accounts
Use of 3rd Party online parking ticket system and utility billing system portal
3rd-party Company Click2Gov
Date December
Data Breached 8,800 Marietta utility customers card information
Use of 3rd Party online electric, water and sanitation payment software company
3rd-party Company Click2Gov
Date December
Data Breached fingerprint database
Use of 3rd Party not disclosed
3rd-party Company not disclosed
Date December
Data Breached 477,000 clients’ media contacts, business account information, 35,000 hashed user passwords, various documents, and admin credentials
Use of 3rd Party PR company
3rd-party Company iPR Software
Date November
Data Breached seven current and former employees’ information includes names, dates of birth, and Social Security numbers
Use of 3rd Party not disclosed
3rd-party Company not disclosed
Date November
Data Breached email addresses, usernames and recent tweets
Use of 3rd Party SDK kit
3rd-party Company One Audience
Date November
Data Breached not disclosed
Use of 3rd Party tax collections
3rd-party Company not disclosed
Date November
Company TennCare
Data Breached 44,000 members information
Use of 3rd Party pharmacy management vendor
3rd-party Company Magellan Health System
Date November
Company Macy’s
Data Breached first and last names, physical addresses, ZIP codes, email addresses, payment card numbers, card security codes, and expiration dates
Use of 3rd Party Website Javascript
3rd-party Company not disclosed
Date November
Data Breached not disclosed
Use of 3rd Party online water bill payments software company
3rd-party Company Click2Gov
Date November
Data Breached 4,000 residents’ data
Use of 3rd Party online water bill payments software company
3rd-party Company Click2Gov
Date November
Company Florida Blue
Data Breached 5 million members’ information
Use of 3rd Party managed care company
3rd-party Company Magellan Health Inc
Date October
Company UniCredit
Data Breached 400,000 Italian clients’ information
Use of 3rd Party not disclosed
3rd-party Company not disclosed
Date October
Company NordVPN
Data Breached some of the browsing habits of customers
Use of 3rd Party data center provider
3rd-party Company not disclosed
Date October
Data Breached undisclosed number of patients’ information
Use of 3rd Party manage radiology benefits
3rd-party Company Magellan National Imaging Associates
Date October
Data Breached 560,000 students’ information
Use of 3rd Party learning assessment platform
3rd-party Company Pearson Clinical Assessment (AIMSweb)
Date October
Company CenturyLink
Data Breached 2.8 million CenturyLink customer information which including names, addresses, phone numbers, email addresses and CenturyLink account numbers
Use of 3rd Party notification platform
3rd-party Company not disclosed
Date October
Data Breached thousands of usernames, passwords and addresses
Use of 3rd Party educational technology company
3rd-party Company Chegg
Date October
Data Breached 10,000 Zendesk Support and Chat accounts
Use of 3rd Party customer service software provider
3rd-party Company Zendesk
Date September
Data Breached 1,498 individuals’ information includes encrypted credit or debit card numbers, first names, last names, addresses and email addresses
Use of 3rd Party payment software system
3rd-party Company Click2Gov
Date September
Data Breached not disclosed
Use of 3rd Party payment software system
3rd-party Company Click2Gov
Date September
Company DoorDash
Data Breached 4.9 million consumers, Dashers, and merchants
Use of 3rd Party service provider
3rd-party Company not disclosed
Date September
Company Malinda Air
Data Breached Malinda’s passengers information
Use of 3rd Party not disclosed
3rd-party Company not disclosed
Date September
Company Yves Rocher
Data Breached 2.5 million Canadian customers’ personal data
Use of 3rd Party Consulting services
3rd-party Company Aliznet
Date September
Data Breached usernames and email addresses associated with GitHub and Bitbucket and IP addresses and user agent strings & organisation name, repository URLs and names, branch names, and repository
Use of 3rd Party Analytics company
3rd-party Company CirclCI
Date August
Company Mastercard
Data Breached 90,000 customers’ names, addresses, and credit card numbers
Use of 3rd Party loyalty program
3rd-party Company not disclosed
Date August
Company Cable One
Data Breached 14 Cable One employee accounts may include addresses, Social Security numbers, government-issued identification numbers, financial account numbers, digital signatures or medical and health insurance information
Use of 3rd Party not disclosed
3rd-party Company not disclosed
Date August
Data Breached 3,700 students information in District 203, 49,000 students information in District 204, 3,206 students information in District 303 and 8,000 students information in District 304
Use of 3rd Party learning assessment platform
3rd-party Company Pearson Clinical Assessment (AIMSweb)
Date August
Data Breached students’ and teachers’ information (names, surnames, birthdates)
Use of 3rd Party learning assessment platform
3rd-party Company Pearson Clinical Assessment (AIMSweb)
Date July
Data Breached 534,500 patients information and 7,400 financial data of AEL, 412,000 patients information with 15,000 financial data of SML, 145,100 patients information with 3,800 financial data of CBLPath, 143,400 patients information with 4,200 financial data of LMC, 44,700 patients information with 1,800 financial data of APA, 14,900 patients information and 1,200 financial data of STD, 12,700 patients information with 600 financial data of PS, 4,000 patients information and 240 financial data of ADX, 9,200 patients information with 800 financial data of SP, 4,200 patients information with 350 financial data of WPC, 6,500 patients information with 500 financial data of AD, unknown number of Natera
Use of 3rd Party collections vendor
3rd-party Company American Medical Collection Agency
Date July
Data Breached 2.2 million patients information and 34,500 financial information
Use of 3rd Party collections vendor
3rd-party Company American Medical Collection Agency
Date June
Company Westpac Bank
Data Breached Up to 100,000 Australians’ personal information
Use of 3rd Party payments platform
3rd-party Company PayID
Date June
Company Komodo
Data Breached Komodo hacked its customers and unauthorisedly transferred nearly 8 million KMD and 96 Bitcoins from their cryptocurrency wallets to a new address owned by the company to protect its customers’ funds.
Use of 3rd Party JavaScript library
3rd-party Company not disclosed
Date June
Company Opko Health
Data Breached 422,600 patients information
Use of 3rd Party collections vendor
3rd-party Company American Medical Collection Agency
Date June
Data Breached 12 million patients of Quest Diagnostics,7.7 million Laboratory Corporation of America (LabCorp) patients information
Use of 3rd Party collections vendor
3rd-party Company American Medical Collection Agency
Date May
Data Breached 100.000 traveller photos and licence plate image
Use of 3rd Party not disclosed
3rd-party Company not disclosed
Date May
Data Breached 312,570 files in 51,025 folders, over 516 Gb of data financial and private information on all clients
Use of 3rd Party IT Company
3rd-party Company CITYCOMP
Date May
Company Instagram
Data Breached personal information including contact details
Use of 3rd Party social media marketing firm
3rd-party Company Chtrbox
Date May
Company Truecaller
Data Breached 140 million user names, phone numbers and email addresses
Use of 3rd Party not disclosed
3rd-party Company not disclosed
Date May
Data Breached 50.000 credit card holders information
Use of 3rd Party data management company
3rd-party Company not disclosed
Date May
Data Breached not disclosed
Use of 3rd Party to storage
3rd-party Company ASUS Webstorage
Date May
Data Breached not disclosed
Use of 3rd Party analytics service and open-source project
3rd-party Company Picreel and Alpaca Forms
Date May
Company UNIQLO
Data Breached 460,000 online store accounts
Use of 3rd Party not disclosed
3rd-party Company not disclosed
Date May
Company Forbes
Data Breached credit card information
Use of 3rd Party to build website
3rd-party Company not disclosed
Date April
Data Breached 15,000 customers information
Use of 3rd Party service provider for customer support processes
3rd-party Company Apptium Technologies
Date April
Data Breached 201 online stores including payment card information
Use of 3rd Party e-commerce platform
3rd-party Company PrismRBS
Date April
Company Facebook
Data Breached 540 million records, including account names, Facebook ID, and user activity
Use of 3rd Party to develop app
3rd-party Company Cultura Colectiva
Date March
Data Breached customer names, contact information (including phone numbers and email addresses) and other details related to property evaluations
Use of 3rd Party fund management company and provider of property valuations
3rd-party Company LandMark White Limited
Date March
Data Breached the personal and medical information of hundreds of thousands of people may have been compromised
Use of 3rd Party contractor that provides mailing and other services for hospitals and healthcare companies
3rd-party Company Wolverine Solutions Group
Date March
Data Breached patient names, addresses, Social Security numbers, birth dates and health insurance information for 45,000 patients was exposed
Use of 3rd Party claim processing
3rd-party Company MiraMed
Date February
Data Breached personal information including Social Security numbers, names, dates of birth and home addresses may have been stolen
Use of 3rd Party employee and background screening software
3rd-party Company Image-I-Nation Technologies
Date February
Company Huddle House
Data Breached credit card payment information since Aug. 2017
Use of 3rd Party Point-of-sale systems
3rd-party Company not disclosed
Date February
Company China Railway
Data Breached millions of train passengers’ information
Use of 3rd Party Ticketing
3rd-party Company not disclosed
Date February
Company Houzz
Data Breached user names, salted and hashed passwords, IP addresses and, for users who logged into Houzz using Facebook, their Facebook IDs
Use of 3rd Party not disclosed
3rd-party Company not disclosed
Date January
Company LocalBitcoins
Data Breached theft of almost 8 bitcoins ($28,200) from five of the victims
Use of 3rd Party Forum software
3rd-party Company not disclosed
Date January
Company Ascension
Data Breached 24 million financial and banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the US
Use of 3rd Party OCR Services
3rd-party Company OpticsML
Date January
Data Breached 650 consumer data
Use of 3rd Party Online payroll, benefits, tax compliance & HR services
3rd-party Company BenefitMall
Date January
Data Breached the extent is unknown
Use of 3rd Party open-source library
3rd-party Company PHP PEAR
Date January
Data Breached flight information of passengers
Use of 3rd Party online flight booking system
3rd-party Company Amadeus
Date January
Data Breached credit card information of visitors
Use of 3rd Party Javascript for advertising
3rd-party Company Adverline
Date January
Data Breached credit card information of citizens
Use of 3rd Party online parking ticket payment system
3rd-party Company Click2Gov
Date January
Data Breached credit card information of 6,000 people
Use of 3rd Party online parking ticket payment system
3rd-party Company Click2Gov
Date January
Company Humana
Data Breached name, address, date of birth, partial info of the SSN, and some info about policy type of unknown number of customers
Use of 3rd Party Bankers Life
3rd-party Company LCP Corp.

2018 Data Leaks

Data Leaks for 2018
Date
Company
Data Breached
Use of 3rd Party
3rd-party Company
Date December
Data Breached 31,000 Patient Records
Use of 3rd Party Transportation
3rd-party Company LCP Corp.
Date December
Company BevMo
Data Breached credit card data of nearly 15,000 customers
Use of 3rd Party online payment system
3rd-party Company NCR Corp.
Date December
Data Breached 6,000 citizens’ payment information
Use of 3rd Party online payment system
3rd-party Company Click2Gov
Date December
Data Breached 16,000 patients’ health information including names, birth dates, insurance information and addresses
Use of 3rd Party application-hosting service provider
3rd-party Company IT Lighthouse
Date December
Data Breached approximately 47,000 patients or guarantors whose payment information, including partial credit card information
Use of 3rd Party credit card processing system
3rd-party Company not disclosed
Date December
Data Breached account and password data of almost 50,000 users
Use of 3rd Party Programming software
3rd-party Company Easy Programming Language
Date November
Company Marriott
Data Breached personal information of as many as 500 million guests
Use of 3rd Party Hotels (acquired)
3rd-party Company Starwood
Date November
Data Breached unknown amount of data exposed
Use of 3rd Party small and mid-tier suppliers
3rd-party Company not disclosed
Date November
Company BitPay
Data Breached users of CoPay mobile cryptocoin wallet were targeted for cryptocoin theft, but none stolen
Use of 3rd Party JavaScript Library
3rd-party Company Right9ctrl
Date November
Company Atrium Health
Data Breached 2.65 M patient records including names, addresses, dates of birth, invoice numbers, account balances, dates of service, insurance policy information and Social Security numbers
Use of 3rd Party billing services
3rd-party Company AccuDoc Solutions Inc.
Date November
Data Breached potentially almost 6,000 individual’s personal info including name, address, postcode, email, phone, and encrypted password
Use of 3rd Party mobile app for One Planet York program
3rd-party Company Appware
Date November
Company Nordstrom
Data Breached personal info of employees including names, SSNs and dates of birth, checking account and routing numbers, salaries, etc.
Use of 3rd Party management of direct deposits of wages
3rd-party Company Not Disclosed
Date November
Data Breached 2,400 user accounts with payment information
Use of 3rd Party Online Payment
3rd-party Company Click2Gov
Date November
Data Breached Social Security numbers of thousands of individuals who applied for a job
Use of 3rd Party online employment application services
3rd-party Company Jobscience, Inc.
Date November
Data Breached Social Security numbers of thousands of individuals who applied for a job
Use of 3rd Party online employment application services
3rd-party Company Jobscience, Inc.
Date November
Data Breached names and addresses of 4500 consumers
Use of 3rd Party Online tracking tool
3rd-party Company Canada Post
Date November
Data Breached potential theft of BTC from customers
Use of 3rd Party Web Analytics
3rd-party Company StatCounter
Date October
Company VestaCP
Data Breached managed to launch DDoS attacks
Use of 3rd Party not disclosed
3rd-party Company not disclosed
Date October
Data Breached personal and payment card info of 30K employees and service members
Use of 3rd Party Maintenance of travel records
3rd-party Company not disclosed
Date October
Data Breached unknown amount of customers’ names and credit card numbers
Use of 3rd Party Online Payment
3rd-party Company Click2Gov
Date October
Data Breached unknown amount of payment card info (still in investigation)
Use of 3rd Party 3rd-party Javascript for customer rating
3rd-party Company Shopper Approved
Date October
Data Breached Unknown amount of data
Use of 3rd Party Microchip in servers and online portal for software update
3rd-party Company Supermicro
Date September
Data Breached Accounts of more than 50 million users compromised
Use of 3rd Party Social Media Connection
3rd-party Company Facebook
Date September
Data Breached Sensitive information about MPs, journalist and conference attendees, including personal mobile numbers
Use of 3rd Party Conference App
3rd-party Company CrowdComms
Date September
Company Perth Mint
Data Breached Names, addresses, passport and bank account of 3200 customers
Use of 3rd Party Online depository
3rd-party Company Not disclosed
Date September
Data Breached Financial and personal details of 380,000 customers
Use of 3rd Party Website Javascript
3rd-party Company Still in investigation
Date September
Company Foosackly
Data Breached Unauthorized access to 165K customers’ payment card information
Use of 3rd Party Cash register system
3rd-party Company Not disclosed
Date September
Data Breached Names, employee IDs, physician’s name of hundreds of employees and retirees
Use of 3rd Party Fitness vendor
3rd-party Company Health Fitness Corp
Date September
Data Breached payment card data from customers of hundreds of e-commerce websites may have been stolen due to the compromise of the cloud service firm Feedify
Use of 3rd Party Cloud service provider
3rd-party Company Feedify
Date September
Data Breached Teachers’ emails, usernames and passwords were exposed
Use of 3rd Party Instructional tool
3rd-party Company Edmodo
Date September
Data Breached Names, their BCBSRI ID numbers, service providers, types of service provided and costs of claims for 1.5K customers
Use of 3rd Party Responsible for sending members’ benefits explanations
3rd-party Company Not disclosed
Date September
Company Wegmans
Data Breached cost the grocery chain over $900,000
Use of 3rd Party Seafood supplier
3rd-party Company Invermar
Date August
Data Breached 7GB cache of data exposed with medical information for employees of 181 business locations and social security numbers for nearly 3000 individuals
Use of 3rd Party Back-up pharmacy services
3rd-party Company MedCall Healthcare Advisers
Date August
Company Mention
Data Breached Data at risk of exposure includes names and email addresses, account profile info (plan value, # of alerts and mentions)
Use of 3rd Party Marketing
3rd-party Company Not disclosed
Date August
Data Breached The personal data of 2M patients was left exposed online
Use of 3rd Party Telemedicine company
3rd-party Company Hova Health
Date August
Company GoDaddy
Data Breached Sensitive data on 31,000 GoDaddy servers exposed online
Use of 3rd Party Cloud data storage
3rd-party Company Amazon S3 Bucket
Date August
Data Breached Unknown amount of data
Use of 3rd Party Remote support
3rd-party Company Remote support solution provider
Date August
Company Air Canada
Data Breached Profile data, including names, email addresses and phone numbers, passport info, NEXUS numbers, dates of birth,etc.
Use of 3rd Party Mobile app
3rd-party Company Not disclosed
Date August
Data Breached Customer’s email address, phone number and full bank account number and alert details
Use of 3rd Party Website providers
3rd-party Company Fiserv
Date June
Company TicketMaster
Data Breached 40K UK citizens’ info
Use of 3rd Party Website application
3rd-party Company Inbenta
Date June
Company Reddit
Data Breached Access data: email addresses of current Reddit users and a 2007 database
Use of 3rd Party SMS login system
3rd-party Company Not disclosed
Date June
Data Breached Passwords, usernames, contact info of millions
Use of 3rd Party Online Survey Tool
3rd-party Company Typeform
Date June
Data Breached Over 10K individuals’ names, credit card numbers, card expiration dates and security codes
Use of 3rd Party Online payment system
3rd-party Company Click2Gov
Date June
Data Breached Any data submitted in the course of recruitment
Use of 3rd Party Online recruitment services
3rd-party Company PageUp
Date June
Company Klook
Data Breached Personal data and credit card info of undisclosed number of customers
Use of 3rd Party Web-based analytics tool
3rd-party Company SOCIAPlus
Date June
Data Breached Personal information of hundreds of patients
Use of 3rd Party Transcription services
3rd-party Company Nuance Communications
Date June
Data Breached No indication that any personal information was been accessed or viewed
Use of 3rd Party Website hosting
3rd-party Company Not disclosed
Date May
Data Breached 5,6K customer info (PII)
Use of 3rd Party Domain registiration, agent for service of process for clients
3rd-party Company Corporation Service Company
Date May
Data Breached Internal FTP credentials, AWS Secret Keys/Passwords, the internal and SQL root password
Use of 3rd Party Cloud data storage contractor
3rd-party Company Agilisium
Date May
Data Breached Credit card data belonging to an undisclosed number of customers
Use of 3rd Party Point-of-sale system
3rd-party Company Not disclosed
Date April
Data Breached Hundreds of thousands of customer data (per company)
Use of 3rd Party Online chat application
3rd-party Company Not disclosed
Date February
Data Breached 19K patients’ records
Use of 3rd Party Transcription services
3rd-party Company Not disclosed
Date February
Company Applebee’s
Data Breached Credit card information from unknowing diners at more than 160 Applebee’s restaurants
Use of 3rd Party Point-of-sale system
3rd-party Company Not disclosed
Date January
Company Western Union
Data Breached Undisclosed # of customers’ contact info, bank names, WU internal ID numbers, transaction amounts, times and ID numbers
Use of 3rd Party Cloud-based or off-site backup storage provider
3rd-party Company Not disclosed
Date January
Company Reddit
Data Breached No access to Reddit’s systems or to any Redditors’ email accounts
Use of 3rd Party Third-party software vendor to send account emails (e.g., reset password e-mails)
3rd-party Company Mailgun

2017 Data Leaks

Data Leaks for 2017
Date
Company
Data Breached
Use of 3rd Party
3rd-party Company
Date November
Company Forever 21
Data Breached Credit card data belonging to an undisclosed number of customers
Use of 3rd Party Point-of-sale system
3rd-party Company Not disclosed
Date October
Data Breached Thousands of customer names and e-mails
Use of 3rd Party Management of an online rating system
3rd-party Company A former supplier
Date October
Data Breached Credit card data belonging to an undisclosed number of customers at 41 hotels
Use of 3rd Party Point-of-sale system
3rd-party Company Not disclosed
Date October
Company Uber
Data Breached Confidential information of 57M Uber users (names, driver licence #, etc)
Use of 3rd Party Coding site used by Uber engineers
3rd-party Company GitHub
Date September
Data Breached Unknown
Use of 3rd Party Computer cleaner/ad removal tool
3rd-party Company CCleaner
Date July
Company Equifax
Data Breached Personal info (SSNs, names, addresses) of 143M consumers
Use of 3rd Party 3rd party tool to build web applications
3rd-party Company Not disclosed
Date July
Company Verizon
Data Breached 14M customer data including account and personal info
Use of 3rd Party Providing customer service analytics
3rd-party Company NICE Systems
Date July
Data Breached Credit card data belonging to an undisclosed number of customers at 11 hotels
Use of 3rd Party Travel services (reservation)
3rd-party Company Sabre Corp. (SynXis)
Date July
Data Breached Unknown
Use of 3rd Party Server management software
3rd-party Company NetSarang
Date June
Data Breached Personal info 200M voters
Use of 3rd Party Marketing
3rd-party Company Deep Root
Date June
Data Breached Unknown (lost of hundreds of million dollars to ransonware)
Use of 3rd Party Accounting software
3rd-party Company MeDoc
Date May
Data Breached Tens of thousands (possibly up to millions) of patient records
Use of 3rd Party Management of record backups
3rd-party Company iHealth Innovations
Date May
Data Breached Unknown
Use of 3rd Party Open source video transcoder
3rd-party Company Handbrake
Date March
Company Brand New Day
Data Breached 14K patient info
Use of 3rd Party A vendor system used by a contracted provider
3rd-party Company Not disclosed
Date February
Data Breached 14K patients’ sensitive info (name, address, SSNs, birth dates, medical info)
Use of 3rd Party Server containing its electronic health records database
3rd-party Company Not disclosed

2015 Data Leaks

Data Leaks for 2015
Date
Company
Data Breached
Use of 3rd Party
3rd-party Company
Date September
Company T-Mobile
Data Breached 15M customer records (SSNs, birth dates, driver licence #, etc)
Use of 3rd Party Customer credit assessment
3rd-party Company Experian
Date September
Data Breached Customers’ credit card and personal info
Use of 3rd Party Online photo order and print
3rd-party Company PNI Digital Media

2014 Data Leaks

Data Leaks for 2014
Date
Company
Data Breached
Use of 3rd Party
3rd-party Company
Date October
Data Breached Contact info for 76M households and 7M small business
Use of 3rd Party Management of its Corporate Challenge Race Registration
3rd-party Company Not disclosed
Date July
Company Lowe’s
Data Breached Current and former drivers’ records (SSNs, birth dates, driver licence #, etc)
Use of 3rd Party Online database to store driver info
3rd-party Company SafetyFirst – E-Driver File
Date April
Data Breached Records about 15K patients posted withoout authentication
Use of 3rd Party Transcription services
3rd-party Company MDF Transcription Services

2013 Data Leaks

Data Leaks for 2013
Date
Company
Data Breached
Use of 3rd Party
3rd-party Company
Date November
Data Breached Data of 70M customers and 40M credit/debit card
Use of 3rd Party Heating, ventilaion, and air conditioning (HVAC)
3rd-party Company Fazio Mechanical Services
Date July
Data Breached Personal Info of 100K individuals and 1000s of clients
Use of 3rd Party Web server hosting
3rd-party Company Not disclosed