Page 41 - gs140102
P. 41
ISOMetrics
ChapterTitle
Breaches across America – 2013
at 79 Schnuck Markets agency employee working
Inc. locations, may have with Paragon Benefits Inc. The
compromised card numbers individual was apprehended
and expiration dates without and charged with felony
exposing any customer names. identity theft.
Kirkwood, Nov. 4, 2013 – Northeast
Hackers obtained plain text New York
archives that contained credit
card numbers, expiration New York, March 28 and
dates, names and addresses of 29, 2013 – On March 28, the
Here is a compilation of significant U.S. data breaches that occurred 850,000 CorporateCarOnline. JPMorgan Chase website was
in 2013. Incidents are listed by region, state, city and date reported. com limousine and ground taken offline for a day due to
West between Jan. 25 and 29, 2013. transportation customers. a distributed-denial-of-service
attack. One day later, the
Sprouts reportedly identified
California the issue within days of the Minnesota American Express Co. website
Multiple locations, March breach and took immediate Minneapolis, Dec. 19, was offline for two hours due
to a similar hacker-related
2013 – Between Nov. 27, 2013
19, 2013 – Subway restaurants action. and Dec. 15, 2013, hackers incident.
in California, Massachusetts reportedly accessed debit
and Wyoming experienced Tempe, Aug. 8, 2013 – and credit card information, New York, July 26, 2013 –
fraud when a former Subway The names, dates of birth, including PINs, of 70 million Malware installed on servers
franchise owner, working security question answers, individuals using payment from November 2008 to
with an accomplice, sold POS last four digits of credit card cards at Target Corp. stores; October 2010 allowed hackers
software and later hacked into numbers and mileage of 7,700 online customers apparently to execute commands, alter
at least 13 POS systems to create US Airways Group Dividend were not affected. and steal data from NASDAQ
fraudulent Subway gift cards Miles accountholders appears OMX Group Inc. computers.
worth an estimated $40,000. to have been compromised; South Five foreign hackers were
Both participants were indicted mileage was reported stolen subsequently charged in a
on March 6. from accessed accounts. Arkansas series of financial incidents
Little Rock, Sept. 20, 2013 targeting major corporate
San Francisco, May 10, 2013 Phoenix, Nov. 27, 2013 – – Two men pleaded guilty to networks that resulted in
– A flaw in Coinbase's bitcoin An unspecified data breach placing skimming devices on exposure of over 160 million
wallet platform exposed potentially exposed the names, gas pumps at Murphy USA credit cards.
information of an unknown Social Security numbers stations in two states; they
number of merchants, (SSNs), bank and academic posted $400,000 in charges New York, Dec. 5, 2013 – An
including email addresses, and records of 2.9 million students, on fraudulent cards between investigation found hackers
was detected when a phishing employees and vendors of April 2012 and January 2013, were able to access personal
attack targeted merchants with Maricopa County Community impacting 50 to 500 customer information that included
emails that appeared to come College District and could cost accounts. passwords, of 465,000
from Coinbase. $14 million to correct. Florida JPMorgan Chase prepaid
Midwest Ucards in July 2013. This
San Francisco, May 22, 2013 Aventura, Oct. 10, 2013 – Six affected corporate payroll
– At least 22,900 customers who Illinois skimming devices equipped and government tax refund,
used the Vendini Inc. server to Chicago, Oct. 21, 2013 – with cameras were discovered unemployment, and benefit
purchase tickets online may Experian Information Solutions in a Nordstrom store. Witnesses payments.
have had financial information Inc. subsidiary Court Ventures reported seeing six individuals
compromised during a March Inc. reportedly gave SSNs, as who entered the store on Oct. Maryland
2013 breach incident detected well as driver's license, credit 5, split into groups of three Gaithersburg, Nov. 28,
April 25, 2013. card and other personal data to and distracted sales reps while 2013 – CVS Pharmacy Inc.
Southwest fraudsters posing as legitimate tampering with the registers. agreed to a $250,000 settlement
private investigators, affecting Georgia with the Maryland Attorney
Arizona about 500,000 consumers. Columbus, Oct. 31, 2013 – General, who charged its
Phoenix, Feb. 25, 2013 Missouri Spreadsheets with the names, Maryland CVS Pharmacy LLC
with failure to protect sensitive
– Credit card terminals in St. Louis, April 10, 2013 SSNs, dates of birth and home information when it disposed
Sprouts Farmers Markets – Between December 2012 addresses of former Total of patient records in publicly
LLC stores in 19 Arizona and March 29, 2013, a breach System Services Inc. employees accessible places.
and California locations affecting 500,000 customers were emailed to a personal
were infected by malware using debit and credit cards address of a temporary staffing (Source: Privacy Rights Clearinghouse)
41
41
41
ChapterTitle
Breaches across America – 2013
at 79 Schnuck Markets agency employee working
Inc. locations, may have with Paragon Benefits Inc. The
compromised card numbers individual was apprehended
and expiration dates without and charged with felony
exposing any customer names. identity theft.
Kirkwood, Nov. 4, 2013 – Northeast
Hackers obtained plain text New York
archives that contained credit
card numbers, expiration New York, March 28 and
dates, names and addresses of 29, 2013 – On March 28, the
Here is a compilation of significant U.S. data breaches that occurred 850,000 CorporateCarOnline. JPMorgan Chase website was
in 2013. Incidents are listed by region, state, city and date reported. com limousine and ground taken offline for a day due to
West between Jan. 25 and 29, 2013. transportation customers. a distributed-denial-of-service
attack. One day later, the
Sprouts reportedly identified
California the issue within days of the Minnesota American Express Co. website
Multiple locations, March breach and took immediate Minneapolis, Dec. 19, was offline for two hours due
to a similar hacker-related
2013 – Between Nov. 27, 2013
19, 2013 – Subway restaurants action. and Dec. 15, 2013, hackers incident.
in California, Massachusetts reportedly accessed debit
and Wyoming experienced Tempe, Aug. 8, 2013 – and credit card information, New York, July 26, 2013 –
fraud when a former Subway The names, dates of birth, including PINs, of 70 million Malware installed on servers
franchise owner, working security question answers, individuals using payment from November 2008 to
with an accomplice, sold POS last four digits of credit card cards at Target Corp. stores; October 2010 allowed hackers
software and later hacked into numbers and mileage of 7,700 online customers apparently to execute commands, alter
at least 13 POS systems to create US Airways Group Dividend were not affected. and steal data from NASDAQ
fraudulent Subway gift cards Miles accountholders appears OMX Group Inc. computers.
worth an estimated $40,000. to have been compromised; South Five foreign hackers were
Both participants were indicted mileage was reported stolen subsequently charged in a
on March 6. from accessed accounts. Arkansas series of financial incidents
Little Rock, Sept. 20, 2013 targeting major corporate
San Francisco, May 10, 2013 Phoenix, Nov. 27, 2013 – – Two men pleaded guilty to networks that resulted in
– A flaw in Coinbase's bitcoin An unspecified data breach placing skimming devices on exposure of over 160 million
wallet platform exposed potentially exposed the names, gas pumps at Murphy USA credit cards.
information of an unknown Social Security numbers stations in two states; they
number of merchants, (SSNs), bank and academic posted $400,000 in charges New York, Dec. 5, 2013 – An
including email addresses, and records of 2.9 million students, on fraudulent cards between investigation found hackers
was detected when a phishing employees and vendors of April 2012 and January 2013, were able to access personal
attack targeted merchants with Maricopa County Community impacting 50 to 500 customer information that included
emails that appeared to come College District and could cost accounts. passwords, of 465,000
from Coinbase. $14 million to correct. Florida JPMorgan Chase prepaid
Midwest Ucards in July 2013. This
San Francisco, May 22, 2013 Aventura, Oct. 10, 2013 – Six affected corporate payroll
– At least 22,900 customers who Illinois skimming devices equipped and government tax refund,
used the Vendini Inc. server to Chicago, Oct. 21, 2013 – with cameras were discovered unemployment, and benefit
purchase tickets online may Experian Information Solutions in a Nordstrom store. Witnesses payments.
have had financial information Inc. subsidiary Court Ventures reported seeing six individuals
compromised during a March Inc. reportedly gave SSNs, as who entered the store on Oct. Maryland
2013 breach incident detected well as driver's license, credit 5, split into groups of three Gaithersburg, Nov. 28,
April 25, 2013. card and other personal data to and distracted sales reps while 2013 – CVS Pharmacy Inc.
Southwest fraudsters posing as legitimate tampering with the registers. agreed to a $250,000 settlement
private investigators, affecting Georgia with the Maryland Attorney
Arizona about 500,000 consumers. Columbus, Oct. 31, 2013 – General, who charged its
Phoenix, Feb. 25, 2013 Missouri Spreadsheets with the names, Maryland CVS Pharmacy LLC
with failure to protect sensitive
– Credit card terminals in St. Louis, April 10, 2013 SSNs, dates of birth and home information when it disposed
Sprouts Farmers Markets – Between December 2012 addresses of former Total of patient records in publicly
LLC stores in 19 Arizona and March 29, 2013, a breach System Services Inc. employees accessible places.
and California locations affecting 500,000 customers were emailed to a personal
were infected by malware using debit and credit cards address of a temporary staffing (Source: Privacy Rights Clearinghouse)
41
41
41
