Data Breaches Caused By Third-parties
2021 Data Leaks
Data Leaks for 2021
Date
Company
Data Breached
Use of 3rd Party
3rd-party Company
Date
April
Data Breached
Subscriber ID,Social Security numbers, diagnoses, conditions, claims data, dates of services, medical procedure codes, insurance policy numbers, provider names, contact details, and dates of birth.
Use of 3rd Party
Revenue cycle service provider
3rd-party Company
MedData
Date
April
Data Breached
Variety of personally identifiable information, including federal tax documents, passports, addresses, birth dates, bank account information and Social Security numbers
Use of 3rd Party
File sharing app
3rd-party Company
Accellion
Date
April
Company
Wiener & Kennedy
Data Breached
Possibly employee sensitive information
Use of 3rd Party
Accounting firm
3rd-party Company
Perkins & Co, Netgain (4th party)
Date
April
Company
Biotel Heart
Data Breached
Social Security numbers, medical records, contact information
Use of 3rd Party
Third-party vendor
3rd-party Company
Not disclosed
Date
April
Data Breached
Social Security numbers, financial information, medical records and more of patients, employees and dependents
Use of 3rd Party
Parent company
3rd-party Company
Personal Touch Holding Corp.
Date
April
Company
Ei2
Data Breached
Names, identification number, contact information, educational qualifications, and employment history
Use of 3rd Party
Contact centre solution provider
3rd-party Company
I-vic International
Date
March
Company
Royal Dutch Shell
Data Breached
Personal Data and data belonging to stakeholders
Use of 3rd Party
Third-party file transfer application
3rd-party Company
Accellion
Date
March
Data Breached
contact information, insurance ID numbers, dates of birth, and health information, such as medical conditions and treatments.
Use of 3rd Party
Third-party file transfer application
3rd-party Company
Accellion
Date
March
Company
Israeli Likud Party
Data Breached
Full name, sex, home address, and, in many cases, cellphone number and responses to political polling for 6.5 million Israeli adults.
Use of 3rd Party
Polling app vendor
3rd-party Company
Elector Software
Date
March
Company
Piedmont Health Services
Data Breached
Patients’ name, date of birth, address, social security number and diagnosis codes.
Use of 3rd Party
Administrative services vendor
3rd-party Company
PeakTPA
Date
March
Company
Armed Forces Communications, Electronics Association and the US Geospatial Intelligence Foundation
Data Breached
Members’ names and addresses
Use of 3rd Party
Event management vendor
3rd-party Company
SPARGO
Date
March
Company
Poll County Schools
Data Breached
Students’ names, dates of birth, and student identification numbers.
Use of 3rd Party
Technology vendor (for school nutrition)
3rd-party Company
PCS Revenue Systems
Date
March
Company
Schools, jail cells, hospital ICUs, and major companies like Tesla, Nissan, Equinox, Cloudflare
Data Breached
Video footages
Use of 3rd Party
Security camera vendor
3rd-party Company
Verkada
Date
March
Company
Calviva Health
Data Breached
Patients’ data
Use of 3rd Party
Business Associate
3rd-party Company
Health Net Community Solutions, Inc, Accellion
Date
March
Company
University of Miami Health
Data Breached
Patients’ health information
Use of 3rd Party
Third-party file transfer application
3rd-party Company
Accellion
Date
March
Data Breached
Patient names, addresses, LMC medical record numbers, Social Security numbers and health insurance details.
Use of 3rd Party
IT vendor
3rd-party Company
Healthgrades
Date
March
Company
Austin ISD
Data Breached
Students’ name, their identification number, and date of birth
Use of 3rd Party
Third-party vendor
3rd-party Company
not disclosed
Date
March
Company
Flagstar Bank
Data Breached
Social Security numbers and mailing addresses
Use of 3rd Party
Third-party file transfer application
3rd-party Company
Accellion
Date
March
Company
Multicare Health Services
Data Breached
Names, addresses, Social Security numbers, medical record numbers, bank account numbers and medical record disclosure logs
Use of 3rd Party
Technology vendor
3rd-party Company
Netgain
Date
March
Company
European Banking Authority
Data Breached
Emails
Use of 3rd Party
Email Server
3rd-party Company
Microsoft
Date
March
Data Breached
Availability of the websites
Use of 3rd Party
Domain Registrar
3rd-party Company
Atak Domain
Date
March
Data Breached
Membership number and tier status
Use of 3rd Party
IT vendor
3rd-party Company
SITA
Date
March
Company
Qualys
Data Breached
Customer data possibly including invoices, purchase orders, tax documents, and scan reports
Use of 3rd Party
Third-party file transfer application
3rd-party Company
Accellion
Date
February
Data Breached
Not disclosed
Use of 3rd Party
IT Vendor
3rd-party Company
Centreon
Date
February
Company
Jamaican Government
Data Breached
Over 425,000 immigration documents, COVID-19 results
Use of 3rd Party
Software vendor
3rd-party Company
Amber Group
Date
February
Data Breached
Personal information include contain names, addresses, license plate numbers and vehicle identification numbers (VIN)
Use of 3rd Party
Payment processor
3rd-party Company
AFTS
Date
February
Company
Sitepoint, teespring
Data Breached
Email addresses
Use of 3rd Party
Web analytics
3rd-party Company
WayDev
Date
February
Company
Ubiquiti Networks
Data Breached
User accounts – including include names, email addresses, and salted and hashed passwords. Also home addresses and phone numbers for some users.
Use of 3rd Party
Cloud provider
3rd-party Company
Not disclosed
Date
February
Company
French Government
Data Breached
Customer accounts and source code of Stormshield Network Security (SNS)
Use of 3rd Party
Cybersecurity vendor
3rd-party Company
Stormshield
Date
February
Data Breached
Names, addresses, dates of birth, dates of service, telephone numbers, account numbers, health insurance information,medical information and possibly SSN
Use of 3rd Party
Managed IT services
3rd-party Company
Netgain
Date
February
Company
Beaumont Health
Data Breached
Unauthorized appointments
Use of 3rd Party
Appointment scheduling software
3rd-party Company
Epic Software
Date
February
Data Breached
Social Security numbers, passport and visa details, dates of birth and driver’s license numbers, as well as health information and financial account information
Use of 3rd Party
Embedded software vendor
3rd-party Company
Wind River Systems
Date
February
Data Breached
Full names, dates of birth, email addresses, phone numbers, physical addresses, social security numbers, secondary insurance information, familial relationships to the child in question, and financial details
Use of 3rd Party
Web hosting vendor
3rd-party Company
Jelly Bean Communications Design
Date
February
Data Breached
Contact details, dates of birth, MPI numbers, medical record information, health insurance data, financial account details, passport numbers, diagnoses, treatments, and Social Security numbers
Use of 3rd Party
Support vendor
3rd-party Company
USF
Date
February
Data Breached
Clients’ confidential information
Use of 3rd Party
Third-party file transfer application
3rd-party Company
Accellion
Date
February
Data Breached
Bank account numbers, routing information, names, addresses, billing amounts and utility account numbers of customers
Use of 3rd Party
Utility bill payment vendor
3rd-party Company
Automatic Funds Transfer Services
Date
February
Data Breached
Microsoft 365 email accounts
Use of 3rd Party
Certificate provider
3rd-party Company
Mimecast
Date
February
Data Breached
Social Security numbers and banking information
Use of 3rd Party
Third-party file transfer application
3rd-party Company
Accellion
Date
January
Company
SonicWall Customers
Data Breached
Unknown at this stage
Use of 3rd Party
Cybersecurity vendor
3rd-party Company
SonicWall
Date
January
Data Breached
Company emails
Use of 3rd Party
Defence tech service provider
3rd-party Company
ELCOM Innovations
Date
January
Data Breached
Full names, Social Security numbers, details of medical examinations, drug and alcohol testing reports, and scans of driver’s licenses
Use of 3rd Party
Occupational healthcare provider
3rd-party Company
Taylor Made Diagnostics (TMD)
Date
January
Company
Bonobos
Data Breached
Names and telephone numbers associated with 7 million customers or orders, 3.5 million records containing the last four digits of credit card numbers, and account information for 1.8 million customers, including encrypted passwords
Use of 3rd Party
Cloud Service Provider
3rd-party Company
Not disclosed
Date
January
Company
Saskatchewan HAL system
Data Breached
Customer name and HAL account identification number for about 33,000 email addresses.
Use of 3rd Party
Software company
3rd-party Company
Aspira
Date
January
Company
Supply chain for Audi, BMW, Mercedes, Porsche, Saab, Volkswagen and Volvo across North America
Data Breached
Full names, addresses, phone numbers, and exact working hours of at least 12 NameSouth employees, credit card statements
Use of 3rd Party
OEM company
3rd-party Company
NameSouth
Date
January
Data Breached
Unknown at this stage
Use of 3rd Party
Stock investment app
3rd-party Company
Not disclosed
Date
January
Company
Facebook, Instagram, LinkedIn
Data Breached
Personal data of 214 million social media users
Use of 3rd Party
Third-party app
3rd-party Company
SocialArk
Date
January
Company
OmniTRAX
Data Breached
Internal OmniTRAX documents, contents of employee computers
Use of 3rd Party
Parent company
3rd-party Company
Broe Group
Date
January
Data Breached
Commercially and personally sensitive information
Use of 3rd Party
Third-party file transfer application
3rd-party Company
Acellion Software
2020 Data Leaks
Data Leaks for 2020
Date
Company
Data Breached
Use of 3rd Party
3rd-party Company
Date
December
Company
Mongolian Government Agencies
Data Breached
HR chat messages
Use of 3rd Party
Software vendor for chatting app
3rd-party Company
Able Software
Date
December
Company
Microsoft
Data Breached
Credentials for Azure
Use of 3rd Party
Third-party reseller
3rd-party Company
Not disclosed
Date
Deecember
Company
Medical Facilities
Data Breached
Full names and dates of birth, postal and email addresses, phone numbers, passport details, credit card numbers, medical records and recent test results and diagnoses.
Use of 3rd Party
Software vendor
3rd-party Company
iSofH
Date
December
Company
Dental Practices
Data Breached
Patient names, contact details, dental diagnoses, treatment information, patient account numbers, billing details, dentists’ names, bank account numbers, and health insurance data.
Use of 3rd Party
Support vendor-accounting billing
3rd-party Company
Dental Care Alliance (DCA)
Date
December
Company
Now:Pensions
Data Breached
Names, postal and email addresses, birth dates and national insurance numbers of 30,000 customers
Use of 3rd Party
Third-party contractor
3rd-party Company
Not disclosed
Date
December
Data Breached
Digital certificate toolkit
Use of 3rd Party
Certificate authority
3rd-party Company
Vietnam Certification Authority
Date
December
Company
FireEye customers
Data Breached
Red-team tools
Use of 3rd Party
CyberSecurity firm
3rd-party Company
FireEye
Date
December
Data Breached
Customers’ email traffic
Use of 3rd Party
Network management software vendor
3rd-party Company
SolarWinds
Date
November
Company
Customers of Belden
Data Breached
Data of some current and former employees, as well as some company information
Use of 3rd Party
Networking equipment vendor
3rd-party Company
Belden
Date
November
Company
Great Heart Academies
Data Breached
Names and contact information
Use of 3rd Party
Cloud and CRM provider
3rd-party Company
Blackbaud
Date
November
Data Breached
Contact details, health insurance policy numbers, and appointment notes related to treatment, such as health conditions, procedures, and prescriptions, as well as other sensitive data, including the credit card information and Social Security information of some patients
Use of 3rd Party
Appointment app provider
3rd-party Company
Luxottica
Date
November
Data Breached
Driver’s license numbers, names, dates of birth, addresses and vehicle registration histories
Use of 3rd Party
Insurance software company
3rd-party Company
Vertafore
Date
November
Data Breached
Customer names, tax ID numbers, loan documents, business contracts, private emails, invoices, credentials for network shares, company confidential files
Use of 3rd Party
Banking software provider
3rd-party Company
ABS
Date
November
Company
WildWorks
Data Breached
7 million parent account email addresses, and 32 million usernames associated with the parent accounts, containing encrypted passwords, players’ birthdays and gender
Use of 3rd Party
Third-party server
3rd-party Company
Not disclosed
Date
November
Data Breached
Names, credit card details, ID numbers and reservation details
Use of 3rd Party
Channel manager
3rd-party Company
Prestige Software
Date
October
Data Breached
Not disclosed
Use of 3rd Party
Media-monitoring vendor
3rd-party Company
Isentia
Date
October
Company
Apple, Google, Amazon, Citibank
Data Breached
E-mail addresses,
full names,
bcrypt hashed passwords,
titles, company names,
IP addresses, and other system-related data
Use of 3rd Party
Software provider
3rd-party Company
NITRO
Date
October
Company
Google
Data Breached
Passports,
driver’s licenses,
ID cards (in Form I-9) of employees
Use of 3rd Party
Law firm
3rd-party Company
Fragomen, Del Rey, Bernsen & Loewy
Date
October
Company
JM Bullion
Data Breached
Names
addresses, payment card information
(the account number, expiration date, and security codes)
Use of 3rd Party
Third-party javacript
3rd-party Company
Not disclosed
Date
October
Company
Lazada RedMart App
Data Breached
Names, phone numbers, encrypted passwords, and partial credit card numbers of 1M accounts
Use of 3rd Party
Third-party database hosting provider
3rd-party Company
Not disclosed
Date
October
Company
Broadvoice Customers
Data Breached
Names,
phone numbers,
locations,
hundreds of thousands of voice mails,
medical and financial details
Use of 3rd Party
VoIP service provider
3rd-party Company
Broadvoice
Date
October
Company
Dickey’s Barbecue Pit
Data Breached
Names, credit card information of 3M customers
Use of 3rd Party
POS provider
3rd-party Company
Not disclosed
Date
October
Company
City of Odessa
Data Breached
Utility bill information, credit/debit card information
Use of 3rd Party
Third-party payment software provider
3rd-party Company
Click2Gov
Date
October
Company
Kylie Cosmetics
Data Breached
Names,
addresses,
emails,
product orders,
the last four digits of SS numbers
Use of 3rd Party
E-commerce platform
3rd-party Company
Shopify
Date
October
Data Breached
Patient names, addresses,
phone numbers ,
medical departments patients visited, dates of birth, treatment facilities, treating physicians, departments of service, room numbers, medical record numbers.
Use of 3rd Party
Data management software, cloud service provider
3rd-party Company
BlackBaud
Date
September
Company
Pell City Valley Bank
Data Breached
Utility payment information
Use of 3rd Party
Third-party service provider
3rd-party Company
Not disclosed
Date
September
Company
E-commerce stores
Data Breached
Customer payment information
Use of 3rd Party
E-commerce platform
3rd-party Company
Adobe Magento 1
Date
September
Company
Tribune Media, Times Media Grup
Data Breached
Full names, email and street addresses, phone numbers and ZIP codes of 38 million US citizens
Use of 3rd Party
Marketing company
3rd-party Company
View Media
Date
September
Data Breached
Names, medical service numbers and dates of service for patients and list of donors
Use of 3rd Party
Data management software vendor
3rd-party Company
BlackBaud
Date
September
Company
Phipps Conservatory
Data Breached
Members names, emails and physical addresses
Use of 3rd Party
Data management software vendor
3rd-party Company
BlackBaud
Date
August
Company
Department of Health
Data Breached
Infection status, dates of birth, addresses, names, and other PII of COVID-19 patients in South Dakota
Use of 3rd Party
Doftware vendor
3rd-party Company
not disclosed
Date
August
Company
Rochester YMCA
Data Breached
Names, addresses and gift history of donors
Use of 3rd Party
Software vendor
3rd-party Company
Not disclosed
Date
August
Company
FeedMore
Data Breached
Personal information of donors
Use of 3rd Party
Software vendor
3rd-party Company
BlackBaud
Date
August
Company
Jack Daniel’s
Data Breached
Corporate data
Use of 3rd Party
Wine and spirit maker
3rd-party Company
Brown-Forman
Date
July
Data Breached
Personal information of investors
Use of 3rd Party
Third-party software provider
3rd-party Company
M.J. Brunner
Date
July
Company
Citrix
Data Breached
E-mail IDs, phone numbers, last known location, phone type and login dates
Use of 3rd Party
Third-party vendor
3rd-party Company
Not disclosed
Date
July
Company
Promo.com
Data Breached
First name, last name, email address, IP address, approximated user location based on their IP address, and gender, as well as encrypted, hashed and salted passwords.
Use of 3rd Party
Third-party service provider
3rd-party Company
Not disclosed
Date
July
Data Breached
Name, date of birth, contact information, and some information about donations regarding alumni and donors
Use of 3rd Party
Cloud-computing service provider
3rd-party Company
BlackBaud
Date
July
Company
Digital Bank App, Dave
Data Breached
7.5 million users’ names, emails and physical addresses, birthdates, and phone numbers
Use of 3rd Party
Third-party service provider
3rd-party Company
WayDev
Date
June
Company
Police Departments
Data Breached
ACH routing numbers, IBANs and other financial data as well as PII
Use of 3rd Party
Web development firm
3rd-party Company
NetSentiel
Date
June
Data Breached
Names, addresses, birth dates, banking and IRS data
Use of 3rd Party
Web site design firm
3rd-party Company
10up Inc
Date
June
Company
MU Health
Data Breached
E-mail addresses & passwords of MU students
Use of 3rd Party
Third-party web site
3rd-party Company
Not disclosed
Date
June
Company
Keepnet
Data Breached
Breached email addresses, breached passwords
Use of 3rd Party
Third-party IT service provider
3rd-party Company
Not disclosed
Date
June
Company
Joomla
Data Breached
Full name,Business address, Business email address, Business phone number, Company URL, Nature of business,Encrypted password (hashed),IP address, Newsletter subscription preferences
Use of 3rd Party
Third-party company(CMS)
3rd-party Company
Open Source Matters
Date
May
Company
Bank of America
Data Breached
PPP applications, in particular business details, such as an address or tax identification number, or a business owner’s information, such as name, address, Social Security number, phone number, email and citizenship status
Use of 3rd Party
Third-party merchant
3rd-party Company
Not disclosed
Date
May
Company
BHIM wallet app
Data Breached
7 million Indians’ Aadhaar number, name, gender, date of birth, biometric details, Permanent Account Number (PAN), scanned copies of Caste and Religion certificates, user’s picture, residential details, professional degree certificates
Use of 3rd Party
Amazon Web Services S3 bucket of a third party
3rd-party Company
CSC e-Governance Services LTD
Date
May
Company
TrueCaller
Data Breached
Full names, email addresses, mobile numbers, Facebook IDs, age, city, gender, telecom service provider
Use of 3rd Party
Third-party merchant
3rd-party Company
Not disclosed
Date
May
Data Breached
Full names and Social Security numbers of some people who have applied for unemployment benefits
Use of 3rd Party
Third party
3rd-party Company
Not disclosed
Date
May
Company
MNS’ Healthcare Clients
Data Breached
Name, medical treatment information, diagnosis information/codes, medication information, dates of service, insurance provider, health insurance number, date of birth, and
Social Security number.
Use of 3rd Party
Network Services Provider
3rd-party Company
Management and Network Services – MNS
Date
April
Company
UseNeXt, Usenet.nl
Data Breached
First and last name, billing address and IBAN and account number
Use of 3rd Party
Third-party partner company
3rd-party Company
Not disclosed
Date
April
Company
RigUp’s energy sector clients
Data Breached
Human resource files from RigUp’s clients, contractors, job seekers
Use of 3rd Party
Labor and marketplace provider
3rd-party Company
RigUp
Date
April
Company
Mariott
Data Breached
5.2 million customers’ personal information incl. names, addresses, birthdays, emails, phone numbers and loyalty reward program numbers
Use of 3rd Party
Franchised hotel in Russia
3rd-party Company
Not disclosed
Date
April
Company
Cognizant’s clients
Data Breached
Not disclosed for now
Use of 3rd Party
IT-services vendor
3rd-party Company
Cognizant
Date
April
Company
Michigan State University
Data Breached
Names, phone numbers, addresses, credit card numbers, CVVs and expiration dates
Use of 3rd Party
E-commerce vendor
3rd-party Company
Volusion
Date
March
Company
T-Mobile
Data Breached
Customer names and addresses, phone numbers, account numbers, rate plans, and features, and billing information.
Use of 3rd Party
E-mail vendor
3rd-party Company
Not disclosed
Date
March
Company
Radio.com
Data Breached
Name, Social Security number, driver’s license number, listeners’ credentials
Use of 3rd Party
Cloud hosting service
3rd-party Company
Not disclosed
Date
March
Company
Chubb
Data Breached
Sensitive files
Use of 3rd Party
Third-party service provider
3rd-party Company
Not disclosed
Date
March
Company
General Electric
Data Breached
Direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates
Use of 3rd Party
Business service provider
3rd-party Company
Canon Business Services
Date
March
Data Breached
8 million sales records: customer names, email addresses, shipping addresses, purchases, last four digits of credit card numbers
Use of 3rd Party
Third-party app
3rd-party Company
Not disclosed
Date
March
Data Breached
Non-disclosure agreements, partial schematic for a missile antenna
Use of 3rd Party
Precision parts maker
3rd-party Company
Visser
Date
February
Company
Brunswick County Schools
Data Breached
First and Last Name, Last Four Digits of Social Security Number, Transaction Date and Amount, Plan Sponsor/Employer Name,
Address, Social Security Number, Email Address, Mailing Address,
Date of Birth
Use of 3rd Party
Administering services
3rd-party Company
Interactive Medical Systems Corporation
Date
February
Company
TQL carriers
Data Breached
Tax ID numbers, bank account numbers
Use of 3rd Party
Freight brokerage services
3rd-party Company
TQL
Date
February
Company
Community Care Physicians
Data Breached
Names, dates of birth, billing codes, insurance description, and medical record numbers
Use of 3rd Party
Accounting and tax services
3rd-party Company
BST
Date
February
Company
Health Share of Oregon
Data Breached
Names, addresses, phone numbers, dates of birth, Social Security numbers and Health Share identification numbers
Use of 3rd Party
Medical transportation
3rd-party Company
GridWorks
Date
February
Company
Rutters Store
Data Breached
Customers’ names, card numbers, expiration dates, and internal verification codes
Use of 3rd Party
POS device
3rd-party Company
Not disclosed
Date
February
Company
Carson City
Data Breached
Resident’s names, addresses, email addresses, payment card numbers, expiration dates, card security code (CVV) information, bank account numbers and routing numbers
Use of 3rd Party
Utility payment software
3rd-party Company
Click2Gov
Date
February
Company
Idaho Central Credit Union
Data Breached
Name, date of birth, Social Security number, financial account information, tax identification number, and information on borrowers, liability, assets, employment, and income
Use of 3rd Party
Mortgage portal
3rd-party Company
Not disclosed
Date
February
Company
Nedbank
Data Breached
1.7 million customers information(name, ID, contacts)
Use of 3rd Party
Marketing and promotional campaigns
3rd-party Company
Computer Facilities (Pty) Ltd
Date
January
Company
Instagram
Data Breached
Instagram usernames and passwords
Use of 3rd Party
Third-party app
3rd-party Company
Social Captain
Date
January
Company
State Governments of U.S.
Data Breached
Names, dates of birth, home addresses, email and phone numbers, names of family members, past addresses, the reason for application
Use of 3rd Party
Third-party service provider
3rd-party Company
Not disclosed
Date
January
Data Breached
Photo IDs, phone numbers and home addresses of marijuana users as well as cannabis variety and quantity purchased
Use of 3rd Party
Point-of-sale software company
3rd-party Company
THSuite
Date
January
Company
Regus
Data Breached
Employee names, emails and performance
Use of 3rd Party
Mystery shopping business
3rd-party Company
Applause
Date
January
Company
Mitsubishi
Data Breached
Company data, data of government organizations and private companies, names and addresses, previous employment history, birthdates, telephone numbers of 8,122 applicants, employees and retirees
Use of 3rd Party
An affiliated company in China
3rd-party Company
Not disclosed
Date
January
Company
Mercy Health Lorain
Data Breached
Names, street addresses and Social Security numbers
Use of 3rd Party
Revenue cycle management vendor
3rd-party Company
RCM Enterprise Services
Date
January
Company
Schools
Data Breached
Name, payment card expiration date and security code and Blue Bear account usernames and passwords
Use of 3rd Party
School software vendor
3rd-party Company
Active Network
Date
January
Company
Amazon Customers
Data Breached
E-mail addresses and phone numbers
Use of 3rd Party
Hosting
3rd-party Company
Amazon
Date
January
Company
The Australian P&N Bank
Data Breached
Name, address, email, phone number, customer number, age, account number and account balance
Use of 3rd Party
Third-party CRM hosting firm
3rd-party Company
Not disclosed
2019 Data Leaks
Data Leaks for 2019
Date
Company
Data Breached
Use of 3rd Party
3rd-party Company
Date
December
Company
Wyze customer
Data Breached
2.4 million customers
Use of 3rd Party
IoT vendor
3rd-party Company
Wyze
Date
December
Company
Singapore Armed Forces (SAF)
Data Breached
98,000 SAF servicemen information
Use of 3rd Party
healthcare training provider
3rd-party Company
HMI Institute of Health Sciences
Date
December
Data Breached
2,400 personal data including full names and NRIC numbers, and a combination of contact numbers, e-mail addresses or residential addresses
Use of 3rd Party
logistics services
3rd-party Company
ST Logistics
Date
December
Company
City of Sioux
Data Breached
3,500 customers utility and parking accounts
Use of 3rd Party
online parking ticket system and utility billing system portal
3rd-party Company
Click2Gov
Date
December
Company
City of Marietta
Data Breached
8,800 Marietta utility customers card information
Use of 3rd Party
online electric, water and sanitation payment software company
3rd-party Company
Click2Gov
Date
December
Company
NYPD Fingerprint Database
Data Breached
fingerprint database
Use of 3rd Party
not disclosed
3rd-party Company
not disclosed
Date
December
Data Breached
477,000 clients’ media contacts, business account information, 35,000 hashed user passwords, various documents, and admin credentials
Use of 3rd Party
PR company
3rd-party Company
iPR Software
Date
November
Company
Palo Alto Networks
Data Breached
seven current and former employees’ information includes names, dates of birth, and Social Security numbers
Use of 3rd Party
not disclosed
3rd-party Company
not disclosed
Date
November
Company
Facebook and Twitter
Data Breached
email addresses, usernames and recent tweets
Use of 3rd Party
SDK kit
3rd-party Company
One Audience
Date
November
Company
The city of Charlottesville
Data Breached
not disclosed
Use of 3rd Party
tax collections
3rd-party Company
not disclosed
Date
November
Company
TennCare
Data Breached
44,000 members information
Use of 3rd Party
pharmacy management vendor
3rd-party Company
Magellan Health System
Date
November
Company
Macy’s
Data Breached
first and last names, physical addresses, ZIP codes, email addresses, payment card numbers, card security codes, and expiration dates
Use of 3rd Party
Website Javascript
3rd-party Company
not disclosed
Date
November
Company
City of San Angelo
Data Breached
not disclosed
Use of 3rd Party
online water bill payments software company
3rd-party Company
Click2Gov
Date
November
Company
Pompano Beach City
Data Breached
4,000 residents’ data
Use of 3rd Party
online water bill payments software company
3rd-party Company
Click2Gov
Date
November
Company
Florida Blue
Data Breached
5 million members’ information
Use of 3rd Party
managed care company
3rd-party Company
Magellan Health Inc
Date
October
Company
UniCredit
Data Breached
400,000 Italian clients’ information
Use of 3rd Party
not disclosed
3rd-party Company
not disclosed
Date
October
Company
NordVPN
Data Breached
some of the browsing habits of customers
Use of 3rd Party
data center provider
3rd-party Company
not disclosed
Date
October
Company
Geisinger Health Plan
Data Breached
undisclosed number of patients’ information
Use of 3rd Party
manage radiology benefits
3rd-party Company
Magellan National Imaging Associates
Date
October
Company
The Clark County School District
Data Breached
560,000 students’ information
Use of 3rd Party
learning assessment platform
3rd-party Company
Pearson Clinical Assessment (AIMSweb)
Date
October
Company
CenturyLink
Data Breached
2.8 million CenturyLink customer information which including names, addresses, phone numbers, email addresses and CenturyLink account numbers
Use of 3rd Party
notification platform
3rd-party Company
not disclosed
Date
October
Company
GW community members
Data Breached
thousands of usernames, passwords and addresses
Use of 3rd Party
educational technology company
3rd-party Company
Chegg
Date
October
Company
Uber, Slack, and FCC
Data Breached
10,000 Zendesk Support and Chat accounts
Use of 3rd Party
customer service software provider
3rd-party Company
Zendesk
Date
September
Company
Ames parking ticket payments
Data Breached
1,498 individuals’ information includes encrypted credit or debit card numbers, first names, last names, addresses and email addresses
Use of 3rd Party
payment software system
3rd-party Company
Click2Gov
Date
September
Data Breached
not disclosed
Use of 3rd Party
payment software system
3rd-party Company
Click2Gov
Date
September
Company
DoorDash
Data Breached
4.9 million consumers, Dashers, and merchants
Use of 3rd Party
service provider
3rd-party Company
not disclosed
Date
September
Company
Malinda Air
Data Breached
Malinda’s passengers information
Use of 3rd Party
not disclosed
3rd-party Company
not disclosed
Date
September
Company
Yves Rocher
Data Breached
2.5 million Canadian customers’ personal data
Use of 3rd Party
Consulting services
3rd-party Company
Aliznet
Date
September
Company
GitHub And Bitbucket
Data Breached
usernames and email addresses associated with GitHub and Bitbucket and IP addresses and user agent strings & organisation name, repository URLs and names, branch names, and repository
Use of 3rd Party
Analytics company
3rd-party Company
CirclCI
Date
August
Company
Mastercard
Data Breached
90,000 customers’ names, addresses, and credit card numbers
Use of 3rd Party
loyalty program
3rd-party Company
not disclosed
Date
August
Company
Cable One
Data Breached
14 Cable One employee accounts may include addresses, Social Security numbers, government-issued identification numbers, financial account numbers, digital signatures or medical and health insurance information
Use of 3rd Party
not disclosed
3rd-party Company
not disclosed
Date
August
Data Breached
3,700 students information in District 203, 49,000 students information in District 204, 3,206 students information in District 303 and 8,000 students information in District 304
Use of 3rd Party
learning assessment platform
3rd-party Company
Pearson Clinical Assessment (AIMSweb)
Date
August
Data Breached
students’ and teachers’ information (names, surnames, birthdates)
Use of 3rd Party
learning assessment platform
3rd-party Company
Pearson Clinical Assessment (AIMSweb)
Date
July
Data Breached
534,500 patients information and 7,400 financial data of AEL, 412,000 patients information with 15,000 financial data of SML, 145,100 patients information with 3,800 financial data of CBLPath, 143,400 patients information with 4,200 financial data of LMC, 44,700 patients information with 1,800 financial data of APA, 14,900 patients information and 1,200 financial data of STD, 12,700 patients information with 600 financial data of PS, 4,000 patients information and 240 financial data of ADX, 9,200 patients information with 800 financial data of SP, 4,200 patients information with 350 financial data of WPC, 6,500 patients information with 500 financial data of AD, unknown number of Natera
Use of 3rd Party
collections vendor
3rd-party Company
American Medical Collection Agency
Date
July
Company
Clinical Pathology Laboratories
Data Breached
2.2 million patients information and 34,500 financial information
Use of 3rd Party
collections vendor
3rd-party Company
American Medical Collection Agency
Date
June
Company
Westpac Bank
Data Breached
Up to 100,000 Australians’ personal information
Use of 3rd Party
payments platform
3rd-party Company
PayID
Date
June
Company
Komodo
Data Breached
Komodo hacked its customers and unauthorisedly transferred nearly 8 million KMD and 96 Bitcoins from their cryptocurrency wallets to a new address owned by the company to protect its customers’ funds.
Use of 3rd Party
JavaScript library
3rd-party Company
not disclosed
Date
June
Company
Opko Health
Data Breached
422,600 patients information
Use of 3rd Party
collections vendor
3rd-party Company
American Medical Collection Agency
Date
June
Data Breached
12 million patients of Quest Diagnostics,7.7 million Laboratory Corporation of America (LabCorp) patients information
Use of 3rd Party
collections vendor
3rd-party Company
American Medical Collection Agency
Date
May
Data Breached
100.000 traveller photos and licence plate image
Use of 3rd Party
not disclosed
3rd-party Company
not disclosed
Date
May
Data Breached
312,570 files in 51,025 folders, over 516 Gb of data financial and private information on all clients
Use of 3rd Party
IT Company
3rd-party Company
CITYCOMP
Date
May
Company
Instagram
Data Breached
personal information including contact details
Use of 3rd Party
social media marketing firm
3rd-party Company
Chtrbox
Date
May
Company
Truecaller
Data Breached
140 million user names, phone numbers and email addresses
Use of 3rd Party
not disclosed
3rd-party Company
not disclosed
Date
May
Company
Bank, Axis, ICICI, IndusInd, RBL
Data Breached
50.000 credit card holders information
Use of 3rd Party
data management company
3rd-party Company
not disclosed
Date
May
Company
Webstorage users
Data Breached
not disclosed
Use of 3rd Party
to storage
3rd-party Company
ASUS Webstorage
Date
May
Company
4,600 websites
Data Breached
not disclosed
Use of 3rd Party
analytics service and open-source project
3rd-party Company
Picreel and Alpaca Forms
Date
May
Company
UNIQLO
Data Breached
460,000 online store accounts
Use of 3rd Party
not disclosed
3rd-party Company
not
disclosed
Date
May
Company
Forbes
Data Breached
credit card information
Use of 3rd Party
to build website
3rd-party Company
not disclosed
Date
April
Company
Freedom Mobile
Data Breached
15,000 customers information
Use of 3rd Party
service provider for customer support processes
3rd-party Company
Apptium Technologies
Date
April
Company
176 colleges and universities
Data Breached
201 online stores including payment card information
Use of 3rd Party
e-commerce platform
3rd-party Company
PrismRBS
Date
April
Company
Facebook
Data Breached
540 million records, including account names, Facebook ID, and user activity
Use of 3rd Party
to develop app
3rd-party Company
Cultura Colectiva
Date
March
Company
The Bank of Queensland
Data Breached
customer names, contact information (including phone numbers and email addresses) and other details related to property evaluations
Use of 3rd Party
fund management company and provider of property valuations
3rd-party Company
LandMark White Limited
Date
March
Data Breached
the personal and medical information of hundreds of thousands of people may have been compromised
Use of 3rd Party
contractor that provides mailing and other services for hospitals and healthcare companies
3rd-party Company
Wolverine Solutions Group
Date
March
Company
Rush System for Health
Data Breached
patient names, addresses, Social Security numbers, birth dates and health insurance information for 45,000 patients was exposed
Use of 3rd Party
claim processing
3rd-party Company
MiraMed
Date
February
Company
Equifax, Experian and TransUnion
Data Breached
personal information including Social Security numbers, names, dates of birth and home addresses may have been stolen
Use of 3rd Party
employee and background screening software
3rd-party Company
Image-I-Nation Technologies
Date
February
Company
Huddle House
Data Breached
credit card payment information since Aug. 2017
Use of 3rd Party
Point-of-sale systems
3rd-party Company
not disclosed
Date
February
Company
China Railway
Data Breached
millions of train passengers’ information
Use of 3rd Party
Ticketing
3rd-party Company
not disclosed
Date
February
Company
Houzz
Data Breached
user names, salted and hashed passwords, IP addresses and, for users who logged into Houzz using Facebook, their Facebook IDs
Use of 3rd Party
not disclosed
3rd-party Company
not disclosed
Date
January
Company
LocalBitcoins
Data Breached
theft of almost 8 bitcoins ($28,200) from five of the victims
Use of 3rd Party
Forum software
3rd-party Company
not disclosed
Date
January
Company
Ascension
Data Breached
24 million financial and banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the US
Use of 3rd Party
OCR Services
3rd-party Company
OpticsML
Date
January
Data Breached
650 consumer data
Use of 3rd Party
Online payroll, benefits, tax compliance & HR services
3rd-party Company
BenefitMall
Date
January
Data Breached
the extent is unknown
Use of 3rd Party
open-source library
3rd-party Company
PHP PEAR
Date
January
Data Breached
flight information of passengers
Use of 3rd Party
online flight booking system
3rd-party Company
Amadeus
Date
January
Data Breached
credit card information of visitors
Use of 3rd Party
Javascript for advertising
3rd-party Company
Adverline
Date
January
Company
Hanover County
Data Breached
credit card information of citizens
Use of 3rd Party
online parking ticket payment system
3rd-party Company
Click2Gov
Date
January
Company
City of Saint John, NB
Data Breached
credit card information of 6,000 people
Use of 3rd Party
online parking ticket payment system
3rd-party Company
Click2Gov
Date
January
Company
Humana
Data Breached
name, address, date of birth, partial info of the SSN, and some info about policy type of unknown number of customers
Use of 3rd Party
Bankers Life
3rd-party Company
LCP Corp.
2018 Data Leaks
Data Leaks for 2018
Date
Company
Data Breached
Use of 3rd Party
3rd-party Company
Date
December
Data Breached
31,000 Patient Records
Use of 3rd Party
Transportation
3rd-party Company
LCP Corp.
Date
December
Company
BevMo
Data Breached
credit card data of nearly 15,000 customers
Use of 3rd Party
online payment system
3rd-party Company
NCR Corp.
Date
December
Company
City of Saint John
Data Breached
6,000 citizens’ payment information
Use of 3rd Party
online payment system
3rd-party Company
Click2Gov
Date
December
Company
Redwood Eye Center
Data Breached
16,000 patients’ health information including names, birth dates, insurance information and addresses
Use of 3rd Party
application-hosting service provider
3rd-party Company
IT Lighthouse
Date
December
Data Breached
approximately 47,000 patients or guarantors whose payment information, including partial credit card information
Use of 3rd Party
credit card processing system
3rd-party Company
not disclosed
Date
December
Data Breached
account and password data of almost 50,000 users
Use of 3rd Party
Programming software
3rd-party Company
Easy Programming Language
Date
November
Company
Marriott
Data Breached
personal information of as many as 500 million guests
Use of 3rd Party
Hotels (acquired)
3rd-party Company
Starwood
Date
November
Data Breached
unknown amount of data exposed
Use of 3rd Party
small and mid-tier suppliers
3rd-party Company
not disclosed
Date
November
Company
BitPay
Data Breached
users of CoPay mobile cryptocoin wallet were targeted for cryptocoin theft, but none stolen
Use of 3rd Party
JavaScript Library
3rd-party Company
Right9ctrl
Date
November
Company
Atrium Health
Data Breached
2.65 M patient records including names, addresses, dates of birth, invoice numbers, account balances, dates of service, insurance policy information and Social Security numbers
Use of 3rd Party
billing services
3rd-party Company
AccuDoc Solutions Inc.
Date
November
Company
City of York Council
Data Breached
potentially almost 6,000 individual’s personal info including name, address, postcode, email, phone, and encrypted password
Use of 3rd Party
mobile app for One Planet York program
3rd-party Company
Appware
Date
November
Company
Nordstrom
Data Breached
personal info of employees including names, SSNs and dates of birth, checking account and routing numbers, salaries, etc.
Use of 3rd Party
management of direct deposits of wages
3rd-party Company
Not Disclosed
Date
November
Company
City of Bakersfield
Data Breached
2,400 user accounts with payment information
Use of 3rd Party
Online Payment
3rd-party Company
Click2Gov
Date
November
Data Breached
Social Security numbers of thousands of individuals who applied for a job
Use of 3rd Party
online employment application services
3rd-party Company
Jobscience, Inc.
Date
November
Company
Huntsville Hospital in Alabama
Data Breached
Social Security numbers of thousands of individuals who applied for a job
Use of 3rd Party
online employment application services
3rd-party Company
Jobscience, Inc.
Date
November
Company
Ontario Cannabis Store
Data Breached
names and addresses of 4500 consumers
Use of 3rd Party
Online tracking tool
3rd-party Company
Canada Post
Date
November
Data Breached
potential theft of BTC from customers
Use of 3rd Party
Web Analytics
3rd-party Company
StatCounter
Date
October
Company
VestaCP
Data Breached
managed to launch DDoS attacks
Use of 3rd Party
not disclosed
3rd-party Company
not disclosed
Date
October
Company
Department of Defense (Pentagon)
Data Breached
personal and payment card info of 30K employees and service members
Use of 3rd Party
Maintenance of travel records
3rd-party Company
not disclosed
Date
October
Company
The Indio Water Authority
Data Breached
unknown amount of customers’ names and credit card numbers
Use of 3rd Party
Online Payment
3rd-party Company
Click2Gov
Date
October
Data Breached
unknown amount of payment card info (still in investigation)
Use of 3rd Party
3rd-party Javascript for customer rating
3rd-party Company
Shopper Approved
Date
October
Data Breached
Unknown amount of data
Use of 3rd Party
Microchip in servers and online portal for software update
3rd-party Company
Supermicro
Date
September
Data Breached
Accounts of more than 50 million users compromised
Use of 3rd Party
Social Media Connection
3rd-party Company
Facebook
Date
September
Company
The Conservative Party (UK)
Data Breached
Sensitive information about MPs, journalist and conference attendees, including personal mobile numbers
Use of 3rd Party
Conference App
3rd-party Company
CrowdComms
Date
September
Company
Perth Mint
Data Breached
Names, addresses, passport and bank account of 3200 customers
Use of 3rd Party
Online depository
3rd-party Company
Not disclosed
Date
September
Company
British Airways
Data Breached
Financial and personal details of 380,000 customers
Use of 3rd Party
Website Javascript
3rd-party Company
Still in investigation
Date
September
Company
Foosackly
Data Breached
Unauthorized access to 165K customers’ payment card information
Use of 3rd Party
Cash register system
3rd-party Company
Not disclosed
Date
September
Company
University of Lousville
Data Breached
Names, employee IDs, physician’s name of hundreds of employees and retirees
Use of 3rd Party
Fitness vendor
3rd-party Company
Health Fitness Corp
Date
September
Company
e-commerce sites of Feedify
Data Breached
payment card data from customers of hundreds of e-commerce websites may have been stolen due to the compromise of the cloud service firm Feedify
Use of 3rd Party
Cloud service provider
3rd-party Company
Feedify
Date
September
Data Breached
Teachers’ emails, usernames and passwords were exposed
Use of 3rd Party
Instructional tool
3rd-party Company
Edmodo
Date
September
Data Breached
Names, their BCBSRI ID numbers, service providers, types of service provided and costs of claims for 1.5K customers
Use of 3rd Party
Responsible for sending members’ benefits explanations
3rd-party Company
Not disclosed
Date
September
Company
Wegmans
Data Breached
cost the grocery chain over $900,000
Use of 3rd Party
Seafood supplier
3rd-party Company
Invermar
Date
August
Data Breached
7GB cache of data exposed with medical information for employees of 181 business locations and social security numbers for nearly 3000 individuals
Use of 3rd Party
Back-up pharmacy services
3rd-party Company
MedCall Healthcare Advisers
Date
August
Company
Mention
Data Breached
Data at risk of exposure includes names and email addresses, account profile info (plan value, # of alerts and mentions)
Use of 3rd Party
Marketing
3rd-party Company
Not disclosed
Date
August
Data Breached
The personal data of 2M patients was left exposed online
Use of 3rd Party
Telemedicine company
3rd-party Company
Hova Health
Date
August
Company
GoDaddy
Data Breached
Sensitive data on 31,000 GoDaddy servers exposed online
Use of 3rd Party
Cloud data storage
3rd-party Company
Amazon S3 Bucket
Date
August
Company
South Korean Organizations
Data Breached
Unknown amount of data
Use of 3rd Party
Remote support
3rd-party Company
Remote support solution provider
Date
August
Company
Air Canada
Data Breached
Profile data, including names, email addresses and phone numbers, passport info, NEXUS numbers, dates of birth,etc.
Use of 3rd Party
Mobile app
3rd-party Company
Not disclosed
Date
August
Data Breached
Customer’s email address, phone number and full bank account number and alert details
Use of 3rd Party
Website providers
3rd-party Company
Fiserv
Date
June
Company
TicketMaster
Data Breached
40K UK citizens’ info
Use of 3rd Party
Website application
3rd-party Company
Inbenta
Date
June
Company
Reddit
Data Breached
Access data: email addresses of current Reddit users and a 2007 database
Use of 3rd Party
SMS login system
3rd-party Company
Not disclosed
Date
June
Data Breached
Passwords, usernames, contact info of millions
Use of 3rd Party
Online Survey Tool
3rd-party Company
Typeform
Date
June
Company
More than a dozen US cities
Data Breached
Over 10K individuals’ names, credit card numbers, card expiration dates and security codes
Use of 3rd Party
Online payment system
3rd-party Company
Click2Gov
Date
June
Data Breached
Any data submitted in the course of recruitment
Use of 3rd Party
Online recruitment services
3rd-party Company
PageUp
Date
June
Company
Klook
Data Breached
Personal data and credit card info of undisclosed number of customers
Use of 3rd Party
Web-based analytics tool
3rd-party Company
SOCIAPlus
Date
June
Company
UC San Diego Health
Data Breached
Personal information of hundreds of patients
Use of 3rd Party
Transcription services
3rd-party Company
Nuance Communications
Date
June
Company
The Central Bank of the Bahamas
Data Breached
No indication that any personal information was been accessed or viewed
Use of 3rd Party
Website hosting
3rd-party Company
Not disclosed
Date
May
Company
Some Fortune 500 firms
Data Breached
5,6K customer info (PII)
Use of 3rd Party
Domain registiration, agent for service of process for clients
3rd-party Company
Corporation Service Company
Date
May
Company
Universal Music Group
Data Breached
Internal FTP credentials, AWS Secret Keys/Passwords, the internal and SQL root password
Use of 3rd Party
Cloud data storage contractor
3rd-party Company
Agilisium
Date
May
Company
Chili’s Grill & Bar
Data Breached
Credit card data belonging to an undisclosed number of customers
Use of 3rd Party
Point-of-sale system
3rd-party Company
Not disclosed
Date
April
Company
BestBuy, Sears, Kmart, Delta
Data Breached
Hundreds of thousands of customer data (per company)
Use of 3rd Party
Online chat application
3rd-party Company
Not disclosed
Date
February
Company
Orlando Orthopaedic Center
Data Breached
19K patients’ records
Use of 3rd Party
Transcription services
3rd-party Company
Not disclosed
Date
February
Company
Applebee’s
Data Breached
Credit card information from unknowing diners at more than 160 Applebee’s restaurants
Use of 3rd Party
Point-of-sale system
3rd-party Company
Not disclosed
Date
January
Company
Western Union
Data Breached
Undisclosed # of customers’ contact info, bank names, WU internal ID numbers, transaction amounts, times and ID numbers
Use of 3rd Party
Cloud-based or off-site backup storage provider
3rd-party Company
Not disclosed
Date
January
Company
Reddit
Data Breached
No access to Reddit’s systems or to any Redditors’ email accounts
Use of 3rd Party
Third-party software vendor to send account emails (e.g., reset password e-mails)
3rd-party Company
Mailgun
2017 Data Leaks
Data Leaks for 2017
Date
Company
Data Breached
Use of 3rd Party
3rd-party Company
Date
November
Company
Forever 21
Data Breached
Credit card data belonging to an undisclosed number of customers
Use of 3rd Party
Point-of-sale system
3rd-party Company
Not disclosed
Date
October
Company
Domino’s Australia
Data Breached
Thousands of customer names and e-mails
Use of 3rd Party
Management of an online rating system
3rd-party Company
A former supplier
Date
October
Company
Hyatt Hotels
Data Breached
Credit card data belonging to an undisclosed number of customers at 41 hotels
Use of 3rd Party
Point-of-sale system
3rd-party Company
Not disclosed
Date
October
Company
Uber
Data Breached
Confidential information of 57M Uber users (names, driver licence #, etc)
Use of 3rd Party
Coding site used by Uber engineers
3rd-party Company
GitHub
Date
September
Data Breached
Unknown
Use of 3rd Party
Computer cleaner/ad removal tool
3rd-party Company
CCleaner
Date
July
Company
Equifax
Data Breached
Personal info (SSNs, names, addresses) of 143M consumers
Use of 3rd Party
3rd party tool to build web applications
3rd-party Company
Not disclosed
Date
July
Company
Verizon
Data Breached
14M customer data including account and personal info
Use of 3rd Party
Providing customer service analytics
3rd-party Company
NICE Systems
Date
July
Company
Hard Rock Hotels & Casinos
Data Breached
Credit card data belonging to an undisclosed number of customers at 11 hotels
Use of 3rd Party
Travel services (reservation)
3rd-party Company
Sabre Corp. (SynXis)
Date
July
Data Breached
Unknown
Use of 3rd Party
Server management software
3rd-party Company
NetSarang
Date
June
Company
Republican National Committee
Data Breached
Personal info 200M voters
Use of 3rd Party
Marketing
3rd-party Company
Deep Root
Date
June
Data Breached
Unknown (lost of hundreds of million dollars to ransonware)
Use of 3rd Party
Accounting software
3rd-party Company
MeDoc
Date
May
Data Breached
Tens of thousands (possibly up to millions) of patient records
Use of 3rd Party
Management of record backups
3rd-party Company
iHealth Innovations
Date
May
Data Breached
Unknown
Use of 3rd Party
Open source video transcoder
3rd-party Company
Handbrake
Date
March
Company
Brand New Day
Data Breached
14K patient info
Use of 3rd Party
A vendor system used by a contracted provider
3rd-party Company
Not disclosed
Date
March
Data Breached
Unknown
Use of 3rd Party
Network Logs and Event-monitoring Tool
3rd-party Company
Altair Technologies
Date
February
Data Breached
14K patients’ sensitive info (name, address, SSNs, birth dates, medical info)
Use of 3rd Party
Server containing its electronic health records database
3rd-party Company
Not disclosed
2015 Data Leaks
Data Leaks for 2015
Date
Company
Data Breached
Use of 3rd Party
3rd-party Company
Date
September
Company
T-Mobile
Data Breached
15M customer records (SSNs, birth dates, driver licence #, etc)
Use of 3rd Party
Customer credit assessment
3rd-party Company
Experian
Date
September
Data Breached
Customers’ credit card and personal info
Use of 3rd Party
Online photo order and print
3rd-party Company
PNI Digital Media
2014 Data Leaks
Data Leaks for 2014
Date
Company
Data Breached
Use of 3rd Party
3rd-party Company
Date
October
Company
JPMorgan Chase & Co
Data Breached
Contact info for 76M households and 7M small business
Use of 3rd Party
Management of its Corporate Challenge Race Registration
3rd-party Company
Not disclosed
Date
July
Company
Lowe’s
Data Breached
Current and former drivers’ records (SSNs, birth dates, driver licence #, etc)
Use of 3rd Party
Online database to store driver info
3rd-party Company
SafetyFirst – E-Driver File
Date
April
Company
Boston Medical
Data Breached
Records about 15K patients posted withoout authentication
Use of 3rd Party
Transcription services
3rd-party Company
MDF Transcription Services
2013 Data Leaks
Data Leaks for 2013
Date
Company
Data Breached
Use of 3rd Party
3rd-party Company
Date
November
Data Breached
Data of 70M customers and 40M credit/debit card
Use of 3rd Party
Heating, ventilaion, and air conditioning (HVAC)
3rd-party Company
Fazio Mechanical Services
Date
July
Company
RT Jones Capital
Data Breached
Personal Info of 100K individuals and 1000s of clients
Use of 3rd Party
Web server hosting
3rd-party Company
Not disclosed