Data Breach Archive

2015

December 2015

Date Public Notified Date of Breach Company Data Stolen
December 4, 2015

Between May 18th and November 9th Kalahari Resort
Names, credit and debit card numbers, expiration dates and card verification codes.
Who's Affected Details
An unknown number of Wisconsin residents who made purchases with their debit or credit card during the time of the breach.

Kalahari Resorts recently detected a breach that may have compromised the personal information of their customers. Between mid-May and early November an intruder installed malicious software designed to capture data from certain credit and debit cards. This malicious software potentially allowed access to personal information including credit and debit card data; card number, cardholder name, card’s expiration, and card verification code.

Upon learning of the incident, the business secured a highly regarded forensic firm to conduct a complete system analysis. The investigation is ongoing.

Kalahari Resorts has set up a hotline at 1-866-691-1861, to answer additional questions.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


November 2015

Date Public Notified Date of Breach Company Data Stolen
November 23, 2015

Between March 9th and June 8th
Wilderness Hotel and Golf Resort
Name, card number, expiration date, and CVV
Who's Affected Details
An unknown number of Wisconsin residents who were guests at the resort and made purchases between March 9th and June 8th.

Wilderness Hotel and Golf Resort detected a breach that may have compromised the personal information of their customers.  Between March and June of this year, unauthorized individuals installed sophisticated malware on the resort’s system used to process debit and credit cards.  This malicious software potentially allowed access to personal information including names, card numbers, expiration dates, and CVV.

During the investigation, the resort implemented additional security measures to prevent further unauthorized access.  The resort is offering free credit monitoring services to any affected individual.

Wilderness Resort has set up a hotline at 855-770-0004, to answer additional questions.  Callers should use the reference number 7113111815.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


October 2015

Date Public Notified Date of Breach Company Data Stolen
October 28, 2015

April 2015 and late September 2015 
Digital Theatre LLC DBA ShowTix4U
Name, address, card number, expiration date, and security code.
Affected Details
5,200 Wisconsin residents who purchased tickets on the website during the time of the breach.

Digital Theatre LLC detected a breach that may have compromised the personal information of their customers. Between late April and late September unauthorized individuals installed malicious software on the website hosting the service ShowTix4U. This malicious software potentially allowed access to personal information including names, addresses, card numbers, expiration dates, and security codes.

The business took steps to contain the incident when it was first discovered. Digital Theatre is conducting an ongoing forensic investigation.

Digital Theatre has set up a hotline at 866-981-6854 to answer additional questions.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


Date Public Notified Date of Breach Company Data Stolen
October 1, 2015

Sept. 1, 2013 to Sept. 9, 2015 
Experian Name, Social Security number, date of birth, and driver's license
Who’s Affected Details
15 million consumers who had a credit check completed for T-Mobile service

On September 15, 2015, Experian detected a data breach that included personal identifying information of consumers who had a credit check for T-Mobile service.

Experian’s initial investigation indicates the breach occurred between September 1, 2013, and September 16, 2015. Experian believes that records containing names, dates of birth, Social Security numbers, and driver license numbers were compromised. Experian indicates that the breach did not include their consumer credit database.

Law enforcement has been notified and an investigation is ongoing.

Consumers affected will be offered two years of free credit report monitoring services. Consumers should visit Experian.com/T-MobileFacts for the most up to date information. They may also call 1-866-369-0422.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


September 2015

Date Public Notified Date of Breach Company Data Stolen
September 29, 2015

SeptemberKohl's
Name and debit card information
Who's Affected Details
An unknown number of Wisconsin residents who made purchases with their debit card at Kohl’s department stores.

Kohl’s detected a breach that may have compromised the personal information of their customers. A call center employee captured the names and debit card information of certain Kohl’s customers for unauthorized purposes. This fraudulent activity potentially allowed access to personal information including names and debit card information.

Kohl’s immediately launched an investigation, terminated the employee and reported the incident to law enforcement. Additionally, Kohl’s is offering one year of free identity theft protection service to affected individuals.

Kohl’s has set up a hotline at 1-800-985-6457 to answer additional questions.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

August 2015

Date Public Notified Date of Breach Company Data Stolen
July 23, 2015

May 7 to May 26, 2015 Medical Informatics Engineering Health care records including: Name, date of birth, Social Security number, security question and answer, email address
Who’s Affected Details
35,050 Wisconsin consumers

Medical Informatics Engineering detected a data breach that compromised some personal and health records.These records can include a consumer’s name, phone number, date of birth, mailing address, user name, security question and answer, spousal information, email address, Social Security number, health insurance policy number, and health information.

Medical Informatics Engineering’s initial investigation indicates the breach started May 7, 2015.

There are 35,050 Wisconsin consumers affected by this data breach.Consumers affected will be offered two years of free credit report monitoring services.

A report has been filed with the FBI and an investigation is still ongoing.

Consumers may find further information on http://www.mieweb.com.They may also call 1-877-322-8228 for the most up to date information.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

June 2015

Date Public Notified Date of Breach Company Data Accessed
June 15, 2015

Unknown
Office of Personnel Management
Information on federal background checks.
Who’s Affected Details

The Office of Personnel Management stated that the breach expanded to include current, former, and prospective federal employees, and individuals for whom a federal background check was completed.

 

 

The United States Office of Personnel Management has confirmed a second breach involving personally identifying information. This data breach was discovered through the investigation of the first data breach. The Office of Personnel Management has stated this was a separate incident.

Both the FBI and the US Department of Homeland Security’s Computer Emergency Readiness Team have been notified.

Office of Personnel Management’s news releases:

http://www.opm.gov/news/latest-news/announcements/

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

Date Public Notified Date of Breach Company Data Accessed
June 4, 2015

April 2015
Office of Personnel Management
Personnel data including personally identifiable information.
Who’s Affected Details

Approximately 4 million current and former federal government employees.

 

 

The United States Office of Personnel Management has confirmed a breach involving personnel data.

The office has implemented new security controls, and cleared malicious software from the network.

Both the FBI and the US Department of Homeland Security’s Computer Emergency Readiness Team have been notified. As they are actively investigating the breach, and the Office of Personnel Management has stated additional exposures may come to light.

The Office of Personnel Management is offering free credit monitoring services for 18 months for individuals affected by the breach through CSID. Additional information will be available on http://www.csid.com/opm/ or by calling 844-222-2743.

Office of Personnel Management’s news releases:

http://www.opm.gov/news/latest-news/announcements/

http://www.opm.gov/news/releases/2015/06/opm-to-notify-employees-of-cybersecurity-incident/

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

May 2015

Date Public Notified Date of Breach Company Data Accessed
May 26, 2015

February - May 2015
Internal Revenue Service
Copies of up to five years' worth of taxpayer filings.
Who’s Affected Details

Approximately 100,000 consumers’ tax filings were accessed.

There were 200,000 fraudulent attempts to access the tax filings.

 

 

 

The Internal Revenue Service detected a data breach that compromises five years’ worth of tax filings. The IRS believes that personal information on tax returns was compromised including social security numbers, date of birth, and bank account information.

The IRS believes the hackers used information acquired from non-IRS sources to gain access to tax returns through the "Get Transcript" application. This application had a multi-step authentication including answering personal verification questions.

The IRS will be sending a letter to all consumers whose accounts were attempted to be accessed. The IRS will also be offering free credit report monitoring services to consumers whose tax filings were accessed.

An investigation is still ongoing with the Treasury Inspector General for Tax Administration and the IRS’ Criminal Investigation unit. The IRS disabled the

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

Date Public Notified Date of Breach Company Data Stolen
May 4, 2015

Between March 6th and April 17th, 2015
Sally Beauty Holdings, Inc.
Payment cards
Who's Affected Details

41,808 Wisconsin residents who used payment cards at the affected U.S. Sally Beauty stores during this time.

Sally Beauty Holdings Inc. detected a breach that may have compromised the personal information of their customers. Between March 6th and April 17th, 2015, criminals used malware to infiltrate the point-of-sale system. This malicious software potentially allowed access to the payment card information of customers who used their cards at Sally Beauty stores during the time of the breach.

The business took steps to contain the incident when it was first discovered. Sally Beauty Holdings Inc. is conducting an ongoing forensic investigation.

Sally Beauty Holdings Inc. has set up a hotline at 1-866-234-9442 or email customerserviceinquiry@sallybeauty.com to answer additional questions.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


Date Public Notified Date of Breach Company Data Accessed
May 1, 2015

September 3, 2014 - April 2, 2015
Hard Rock Hotel & Casino in Las Vegas
Credit & debit card numbers, customer names, expiration dates, CVV number
Who’s Affected Details

People who used credit or debit card purchases at the restaurant, bar, and retail outlets at the Hard Rock Hotel & Casino between September 3, 2014 – April 2, 2015.

 

 

Hard Rock says that credit and debit card accounts may have been affected by a data breach.

Authorities and financial institutions were notified once the company became aware of the breach.They are working with a third party security firm to investigate the matter.

Hard Rock is offering 12 months of credit monitoring through ProtectMyID to individuals affected by the data breach.

Consumers can visit https://www.hardrockhotel.com/statement and review the FAQ for up to date information.  They can also call (888) 829-6551.

Individuals should review their statements and notify their financial institutions if they see unauthorized charges.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


March 2015

Date Public Notified Date of Breach Company Data Accessed
March 17, 2015

May 5, 2014
Premera Blue Cross
Member names, dates of birth, email addresses, addresses, telephone numbers, Social Security numbers, member identification numbers, bank account information, and claims information, including clinical information.
Who’s Affected Details

About 11 million consumers nationwide. Applicants and members of Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and affiliate brands Vivacity and Connexion Insurance Salutation’s Inc.

Members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska are also affected.

 

 

On March 17, 2015, Premera Blue Cross announced it has been a victim of a sophisticated cyberattack. The intrusion was discovered on January 29, 2015 however the initial attack took place on May 5, 2014.

The attackers may have gained unauthorized access to applicants and members’ information, which could include member names, dates of birth, email addresses, addresses, telephone numbers, Social Security numbers, member identification numbers, bank account information, and claims information, including clinical information going back to 2002.

Premera is continuing to work with the FBI and security firm Mandiant.

Letters are being mailed to those affected by the data breach beginning March 17th, 2015. The notification will include an offer of 2 years of free credit monitoring and identity theft protection services through Experian’s ProtectMyID.

Consumers with questions may call 1-800-768-5817 Monday through Friday, 5:00 AM – 8:00 PM PT or visit http://premeraupdate.com/.

February 2015

Date Public Notified Date of Breach Company Data Accessed
February 27, 2015

May 13, 2014
Uber
Names and driver's license numbers.
Who’s Affected Details

50,000 Uber drivers.

 

 

On Friday, February 27th, Uber disclosed a data breach of approximately 50,000 drivers’ names and driver’s license numbers.

Uber discovered the breach on September 17, 2014 and learned their databases were accessed by an unauthorized third party on May 13, 2014.

Uber immediately began investigating and changed database access protocols. Uber also filed a "John Doe" lawsuit in attempt to gather information that could help identify the third party.

Uber is offering a one year membership to Experian’s ProtectMyID Alert free of charge, to those impacted. Data breach notification letters with instructions for signing up will be mailed.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

Date Public Notified Date of Breach Company Data Accessed
February 4, 2015

Unknown
Anthem Inc.
Names, dates of birth, Social Security numbers, medical ID numbers, street addresses, email addresses and employment information, including income data .
Who’s Affected Details

Anthem’s current and former members and Anthem employee

 

 

Anthem Inc. has been a victim of a sophisticated cyber-attack. The number of those affected is unknown, but currently estimated at about 80 million.

Names, dates of birth, Social Security numbers, medical ID numbers, street addresses, email addresses, and employment information, including income data of Anthem’s current and former members and employees have been compromised in the breach.

Anthem’s initial investigation concludes that no medical data or credit card details have been exposed.

The impacted plans/brands of the data breach include:

  • Anthem Blue Cross
  • Anthem Blue Cross and Blue Shield
  • Blue Cross and Blue Shield of Georgia
  • Empire Blue Cross and Blue Shield
  • Amerigroup
  • Caremore
  • Unicare
  • Healthlink
  • DeCare

Anthem Inc. has hired an expert cybersecurity firm to assist in the investigation and is working closely with the FBI.

Anthem will be mailing notifications to all who are impacted. Included in the notification will be an offer of free credit report monitoring and instructions for signing up.

Consumers should visit anthemfacts.com and review the FAQ for the most up to date information. They may also call 1-877-263-7995.

Update 2/13/15:Anthem is offering 24 months of credit monitoring and identity theft repair services through AllClear ID free of charge, to current or former members (2004 and beyond) of one of Anthem’s plans.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


January 2015

Date Public Notified Date of Breach Company Data Accessed
January 15, 2015

December 30, 2014
American Airlines Inc.
Customer names, email addresses, phone numbers, mailing addresses, dates of birth, the last 4 digits of the passport number, the last 4 digits of the card number stored in the account, the card expiration date, AAdvantage numbers, information about miles, mileage activity and the amount of mileage points.
Who’s Affected Details

10,000 American Airlines AAdvantage accounts.

 

On Thursday, January 15, American Airlines Inc. reported a data breach that occurred on or about December 30, 2014 in which a third party used email addresses and passwords obtained from external sources to log into certain accounts.

The breach affects AAdvantage customers which has about 70 million participants. It is estimated that only about 10,000 accounts were affected.

The exposed information may include customer names, email addresses, phone numbers, mailing addresses, dates of birth, the last 4 digits of the passport number, the last 4 digits of the card number stored in the account, the card expiration date, AAdvantage numbers, information about miles, mileage activity and the amount of mileage points.

The company has locked compromised AAdvantage accounts and is instructing consumers to create new accounts, using a new password. Consumers will then need to contact AAdvantage Customer Service by calling 1-800-882-8880 to request their miles from their old account be transferred to their new account.

American Airlines is also offering one year of free credit monitoring services from Experian’s ProtectMyID Alert program. Consumers have until April 30, 2015 to access the offer and must do so following the instructions in their breach notice which contains a unique code.

The investigation is ongoing and the company is working closely with law enforcement.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

Date Public Notified Date of Breach Company Data Accessed
January 6, 2015

December 9, 2014
United Airlines Inc.
MileagePlus number, account balance and Premier status. Other account details may also have been viewed such as mailing addresses and the last four digits of the card number saved in the account.
Who’s Affected Details

7,000 United MileagePlus accounts.

 

On Tuesday, January 6, United Airlines Inc. reported a data breach that began on December 9, 2014 when a third party used email addresses and passwords obtained from external sources to log into certain accounts.

The breach affects United MileagePlus customers which has about 70 million participants. It is estimated that only about 7,000 accounts were affected.

The exposed information may include the customer’s MileagePlus number, account balance and Premier status. While there is no indication that any other information was obtained, there is a possibility that other account details may have been viewed such as mailing addresses and the last four digits of the card number saved in the account.

The company has locked the compromised Mileage Plus accounts and is instructing consumers to contact Customer Service at 1-800-421-4655 to receive assistance in resetting the account password, username, pin and security questions.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

Date Public Notified Date of Breach Company Data Accessed
January 13, 2015

Unknown
Park 'N Fly Inc.
Card holder names, billing addresses, card numbers, expiration dates and verification codes.
Who’s Affected Details

Consumers who used a debit or credit card on pnf.com.

 

On Tuesday, January 13th, Park ‘N Fly confirmed a data breach that compromised payment card data processed through its website, pnf.com.

The exposed data includes card numbers, expiration dates, security codes, card holder names and billing addresses. Loyalty customers may have also had their email address, Park ‘N Fly password and telephone number breached.

The investigation is ongoing and Park ‘N Fly has engaged law enforcement and data forensic experts to assist.

The number of consumers affected is unknown however Park ‘N Fly is offering 12 months of free credit monitoring services to its customers through AllClear ID.

There are two Park ‘N Fly locations near the Milwaukee General Mitchell International Airport. A complete list can be found here.

Consumers can visit pnf.com/security-update/ for the most up to date information or call 1-855-683-1165 Monday thru Saturday 8:00 AM to 8:00 PM CST.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


Back to Top

2014

December 2014

Date Public Notified Date of Breach Company Data Accessed
December 19, 2014

July 20, 2014 – September 16, 2014
Staples Inc.
Card holder names, card numbers, expiration dates and verification codes.
Who’s Affected Details
Consumers who shopped at one of the 115 affected stores between July 20, 2014 and September 16, 2014 – approximately 1.16 million payment cards.
 

On Friday, December 19, 2014 Staples confirmed a data breach which has impacted 115 of its 1400 locations. No Wisconsin stores were affected.A complete list can be found here.

The investigation determined that Staples point-of-sale systems were infiltrated with malware which may have allowed access to transaction data including cardholder names, card numbers, expiration dates, and verification codes. At 113 stores, the malware may have allowed access to this data for purchases made from August 10, 2014 through September 16, 2014. At two stores, the malware may have allowed access to data from purchases made from July 20, 2014 through September 16, 2014.

Staples is offering free credit monitoring services through ProtectMyID (Experian) to anyone who shopped at one of the affected stores during the data breach.

Consumers with questions regarding this incident may visit Staples.com or call 1-866-274-4371 Monday through Friday from 9:00 AM to 9:00 PM EST, and Saturday and Sunday from 11:00 AM to 8:00 PM EST.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

 

 


Date Public Notified Date of Breach Company Data Accessed
December 9, 2014

November 5, 2009 - September 24, 2014
Charge Anywhere LLC
Card numbers, expiration dates, verification codes and card holder names.
Who’s Affected Details

Consumers who used their debit or credit cards at one of the affected merchants.

 

On December 9, 2014, Charge Anywhere LLC released an official notice of a payment card incident.

Charge Anywhere LLC is an electronic payment provider for merchants. They route payment transactions from a merchant’s point-of-sale system to the merchant’s payment processor.

On September 22, 2014, Charge Anywhere discovered their systems were infected with malware.

Cards used at certain merchants between November 5, 2009 and September 24, 2014 may have been compromised.

Most of the information was encrypted and evidence shows that consumers who used a card at one of the affected merchants between August 17, 2014 and September 24, 2014 are more at risk.

Charge Anywhere LLC is working with credit card companies and processors to provide them with the list of affected merchants and the account numbers for cards used between August 17, 2014 and September 24, 2014.

Consumers and businesses can also search by merchant name or call 1-888-299-1179 Monday through Friday, 9 AM to 9 PM. EST with any questions.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

 


Date Public Notified Date of Breach Company Data Accessed
December 4, 2014

UnknownBebe Stores Inc.Card numbers, expirations dates, verifications codes and card holder names.
Who’s Affected Details

Consumers who shopped at one of Bebe’s 200 retail stores between November 8 and November 26, 2014.

 
 
UPDATE: December 5, 2014
 
Bebe Stores Inc. has now posted an official statement about the data breach.
 
Consumers with questions related to this incident can call 1-888-236-0447 Monday through Friday 6:00 AM to 6:00 PM PST.
 
Bebe Inc. has confirmed their point of sale systems were infiltrated and card details compromised of transactions that took place at one of their retail stores between November 8 and November 26, 2014.
 
The exposed data includes card numbers, expiration dates, verification codes and card holder names.
 
No data suggests that online transactions were affected.
 
Bebe has have moved quickly to block the attack and have taken steps to further enhance their security measures.
 
The number of consumers affected is unknown at this time however, the Bebe will be offering credit monitoring services. The company is advising consumers to carefully review their statements for unauthorized transactions.
 
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

 

November 2014

Date Public Notified Date of Breach Company Data Accessed
November 24, 2014

November 24, 2014Sony Pictures Entertainment
Unreleased movies, sensitive corporate data and Social Security Numbers, dates of birth, names and other personal identifying information of employees.
Who’s Affected Details

Sony Pictures Entertainment employees.

On November 24, 2014, Sony Pictures Entertainment experienced a data breach. The hackers infiltrated Sony’s network displaying a message on employee computers. Several movies were leaked in the hacking, including four unreleased films. Consumers should note that downloading pirated movies is illegal.
 
On December 1, 2014 reports confirmed that sensitive corporate data and personal identifying information of tens of thousands of Sony employees were also compromised in the breach, including social security numbers and medical data. In addition, files have been appearing online that contain lists of names, addresses, dates of birth, salaries, dates of employment and user names of about 6,800 employees.
 
The FBI is actively investigating the breach.
 
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

 


Date Public Notified Date of Breach Company Data Accessed
November 10, 2014

Unknown United States Postal Service (USPS) Mid-September
Who’s Affected Details

All USPS employees and consumers who contacted the Postal Service Call Center with an inquiry by phone or email between January 1, 2014 and August 16th, 2014.

The United States Postal Service (USPS) has confirmed a data breach of names, addresses, social security numbers, dates of birth, dates of employment and emergency contact information of approximately 800,000 employees.
 
Consumers who contacted the Postal Service Call Center with an inquiry by phone or email between January 1, 2014 and August 16th, 2014 were also affected in the breach. The compromised data includes names, addresses, telephone numbers and email addresses.
 
USPS confirms that no debit or credit card numbers were compromised. There is no evidence that retail or online purchases such as Click-N-Ship, the Postal Store, PostalOne!, or change of address were affected.
 
USPS is offering free credit monitoring services for one year for its employees.
 
Consumers can read the USPS Cyber Intrusion Incident Statement or visit USPS for information.
 
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

 


September 2014

Date Public Notified Date of Breach Company Data Accessed
October 10, 2014

September - October 9, 2014 Kmart (wholly owned subsidiary of Sears Holdings Corporation) Credit and debit card numbers
Who’s Affected Details

Consumers who used their debit or credit card to shop at Kmart stores between September 2014 and October 9th 2014.

Kmart’s initial investigation indicates the breach started in early September. Their store payment systems were infected with malware. A police report has been filed and an investigation is still ongoing.
 
Kmart does not believe that debit card pin numbers, email addresses, or social security numbers were compromised.
 
The specific number of stores and consumers affected is currently unknown.
 
Kmart will be offering credit monitoring services for customers who shopped in a Kmart store during the month of September through October 9th, 2014.
 
Consumers should visit kmart.com for the most up to date information or call 1-888-488-5978.
 
If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

 


Back to Top

Date Public Notified Date of Breach Company Data Accessed
September 24, 2014

June 16, 2014 – September 5, 2014 Jimmy John’s Franchise LLC Customers who swiped their credit or debit cards for purchases made at approximately 216 Jimmy John’s sandwich stores nationwide. Those cards entered manually and online credit and debit card data was not compromised. Five locations in Wisconsin were reported as locations affected. The list of locations affected can be found at the link below. https://www.jimmyjohns.com/datasecurityincident/storedates.html
Who’s Affected Details

On July 30, 2014, Jimmy John’s learned of a possible security incident involving credit and debit card data at some of Jimmy John’s stores and franchised locations by remotely accessing the point-of-sale systems at some corporate and franchised locations between June 16, 2014 and September 5, 2014. The security compromise has been contained, and customers can use their credit and debit cards securely at Jimmy John’s stores.

 

UPDATE (10/29)

 

Signature Systems Inc. is the point-of-sale service used by Jimmy John’s. Signature Systems has confirmed two other Wisconsin businesses were also affected by this breach: Pizzeria Scotty in Milwaukee and Rosati’s in Oconomowoc. A complete list can be found by visiting http://www.pdqpos.com/notice.html

 

The credit and debit card information at issue may include the card number and in some cases the cardholder’s name, verification code, and/or the card’s expiration date. Information entered online, such as customer address, e-mail, and password, remains secure.

 

Jimmy John’s has taken steps to prevent this type of event from occurring in the future, including installing encrypted swipe machines, implementing system enhancements, and reviewing its policies and procedures for its third party vendors.

 

Jimmy John’s is offering identity protection services through AllClear ID to impacted customers. For further information call 855-398-6442 or online at https://www.jimmyjohns.com/datasecurityincident/contacts.html

In addition, customers are encouraged to monitor their credit and debit card accounts, and notify their bank if they notice any suspicious activity.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@wisconsin.gov

 



Date Public Notified Date of Breach Company Data Accessed
September 19, 2014

September 2, 2014 Viator, Inc. Credit or debit card number, card expiration date, name, billing address and email address, and possibly Viator account information (email address, encrypted password and Viator "nickname")
Who’s Affected Details

Approximately 1.4 million users who used credit or debit cards to purchase travel on Viator’s website or mobile offerings.Also anyone who created an account on Viator may have had their account information compromised.

On September 2, 2014 Viator was informed by a payment card service provider that unauthorized charges occurred on a number of their customers' credit cards. Forensic experts and law enforcement have been working to investigate the incident, identify how the systems may have been impacted, and to secure the systems.

Approximately 1.4 million Viator customers may have been affected by the compromise.

The company is recommending that all affected customers monitor their card activity and report any fraudulent charges to their credit card company. Customers will not be responsible for fraudulent charges to their accounts if they are reported in a timely manner.

For extra assurance, Viator is offering free identity protection services, including credit monitoring, for customers in the U.S in Experian's ProtectMyID Alert service. They also are encouraging members to reset their passwords on the Viator site, and on any other sites where they used the same password.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@wisconsin.gov

 



Date Public Notified Date of Breach Company Data Accessed
September 2, 2014

April 1, 2014
Home Depot USA, Inc. Credit/debit card data

UPDATE (11/10): email addresses

Who’s Affected Details

Customers who used a credit or debit card to make a purchase at Home Depot stores in the US and Canada starting April 1, 2014.

UPDATE (11/10): Customers who have an online account with homedepot.com


 

UPDATE (9/29):  Home Depot has confirmed that credit and debit card information of consumers making purchases at its stores nationwide was accessed by hackers beginning on April 1, 2014.  However, there is currently no evidence that debit PIN numbers were compromised.
 
Affected US customers may enroll in the AllClear PRO service at no cost to them at any time during the next 12 months.  To enroll, customer should go to https://homedepot.allclearid.com/.  Additionally, if ID theft repair is required, AllClear can be contacted at 1-855-252-0908 and a dedicated investigator will do the work to recover financial losses, restore your credit, and make sure your identity is returned to its proper condition.

 

UPDATE (11/10): On November 6th, 2014, Home Depot confirmed that 53 million email addresses were also compromised in this breach. Passwords were not affected.

 

 
Customers who wish to learn more about the breach can contact Home Deport at www.homedepot.com or by calling 1-800-HOMEDEPOT (800-466-3337).
 
If you feel that you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@wisconsin.gov

 


Back to Top

August 2014

Date Public Notified Date of Breach Company Data Accessed
August 29, 2014

Unknown American Dairy Queen Corp. Credit card data
Who’s Affected Details

Customers who used a credit cards or debit cards for purchases at an undisclosed number of locations. Details on how many customers might be affected are unknown at this time.

Dairy Queen reported that it is looking into possible collection of credit/debit card information through malicious software installed on point of sale systems at some of its franchises. Law enforcement has become involved and an investigation on the scope of the issue is being conducted.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@wisconsin.gov

 



Date Public Notified Date of Breach Company Data Accessed
August 28, 2014

August, Exact Dates Unknown JP Morgan Chase & Co Banking and Credit Card Information
Who’s Affected Details

Unknown at this time

The FBI is conducting an investigation after JP Morgan Chase discovered a possible data breach as a result of a series of complex attacks and network intrusions. No details are yet available on the exact information that was taken or how many customers have been affected.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@wisconsin.gov

 



Date Public Notified Date of Breach Company Data Accessed
August 15, 2014

August 5 – 7, 2014 MeetMe, Inc. User names, email addresses, passwords
Who’s Affected Details

An undisclosed number of people with MeetMe user accounts.

MeetMe, an online social network, reported that information of some user accounts had been hacked during a brief span of 8/5 – 8/7/2014.The information believed to be accessed was user names, email addresses and passwords. No financial information was stolen.

The company says the vulnerability has been closed and that affected users were notified to change their user names and passwords.

The contact information from the company’s website is listed as Aaron Curtiss, email at press@meetme.com.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@wisconsin.gov

 



Date Public Notified Date of Breach Company Data Accessed
August 15, 2014

June 22, 2014 – July 17, 2014 Jewel – Osco Credit and debit card payment information
Who’s Affected Details
An undetermined number of customers who used their credit or debit card for payment during the above dates. Only some Jewel-Osco stores, exact locations yet unknown, in Illinois, Indiana and Iowa were affected.

Customers of other stores under the operating company, AB Acquisition LLC, were also affected. Albertsons stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah were impacted. In addition, ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; and Shaw’s and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island were all impacted by this incident.

Jewel-Osco reported that an unlawful intrusion to obtain credit and debit card payment information occurred. Some stores in Illinois, Indiana and Iowa were targeted. Third party IT services SUPERVALU is working closely with the store chain to gain a better understanding of the scope of the incident. Appropriate federal law enforcement authorities have also been notified.

It has not yet been determined whether any cardholder data was in fact stolen or misused. The intrusion has been contained and the company believes customers can safely use their credit and debit cards in its stores.

AB Acquisition LLC, the parent company of Jewel-Osco is offering customers whose cards may have been affected 12 months of complimentary consumer identity protection services through AllClear ID. Customers may visit https://abacquisition.allclearid.com for further information on obtaining the complimentary service, or can call 1-855-865-4449

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@wisconsin.gov


Back to Top

June 2014

Date Public Notified Date of Breach Company Data Accessed
June 13, 2014

Between April 9 and April 21, 2014 AT & T Social Security Numbers and Call Records
Who’s Affected Details
AT & T Customers

AT&T revealed that outside attackers — allegedly employees of one of AT&T's service providers — stole personal information on AT&T Mobility customers. AT&T says the stolen information includes Social Security numbers and call records, i.e. details about the date, time, duration and other phone number for every phone call customers make. It is unknown how many AT & T customers are affected.

AT & T will be offering one year of free credit monitoring to those affected. Enrollment is conducted online at www.CSID.com/attcustomercare/ or by calling CSID at 877-274-5554 using the CSID "PIN Code" shown at the top of the first page of the notification letter they received from AT & T. See letter sent to customers here.

Additionally, AT & T recommends that customers change their passwords immediately, and perhaps place a fraud alert on their credit reports.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


Date Public Notified Date of Breach Company Data Accessed
June 10, 2014

March 2014 through May 30, 2014 PF Chang’s China Bistro Credit & Debit Card Information
Who’s Affected Details
Consumers who used their debit and/or credit card at PF Chang’s China Bistro anytime between March 2014 and May 30, 2014.

PF Chang’s China Bistro reported a data breach. Restaurant chain P.F. Chang’s China Bistro has confirmed it has suffered a data breach that has exposed an undisclosed number of credit and debit cards used at its restaurants.

The company is still in the preliminary stages of their investigation, and they do not yet know which credit or debit cards may be involved. P.F. Chang's has notified the credit card companies and is working with them to identify the affected cards. The company encourages consumers to monitor their accounts and to report any suspected fraudulent activity to their card company.

P.F. Chang’s China Bistro has established a dedicated public website, pfchangs.com/security, for guests to receive updates and answers to their questions. If consumers have additional questions, they may also call 1-877-412-7152.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.



May 2014

Date Public Notified Date of Breach Company Data Accessed
May 21, 2014

Late February, Early March 2014eBay Customer names, account passwords, email addresses, physical addresses, phone numbers and birth dates.
Who’s Affected Details

On Wednesday, May 21, 2014 eBay announced that hackers broke into their database and stole user information.

eBay is requesting that all their users reset their passwords and will begin notifying customers today via email, site communications and other marketing channels.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


April 2014

Date Public Notified Date of Breach Company Data Accessed
January 27, 2014 & April 17, 2014

May 8, 2013 through January 27, 2014 Michaels Stores, Inc. & Aaron Brothers Payment card information: Payment card number and expiration date.
Who’s Affected Details

Approximately 3 million Michael’s Stores customers and approximately 400,000 Aaron Brother’s customers.

Nationwide arts and crafts chain Michaels Stores Inc. has released information on two separate eight-month-long security breaches at its stores last year may have exposed as many as 3 million customer credit and debit cards; including Wisconsin stores in Janesville, Madison and Middleton.

The company discovered evidence confirming that systems of Michael’s stores in the United States and its subsidiary, Aaron Brothers, were attacked by criminals using highly sophisticated malware that had not been encountered previously.

Regarding Aaron Brothers, Michaels Stores said it has confirmed that between June 26, 2013 and February 27, 2014, 54 Aaron Brothers stores were affected by this malware, noting that the locations for each affected Aaron Brothers store are listed here.

The company’s statement says the attack on Michaels’ targeted "a limited portion of the point-of-sale systems at a varying number of stores between May 8, 2013 and January 27, 2014."

Affected Michaels and Aaron Brothers customers in the U.S. are being offered identity protection, credit monitoring and fraud assistance services for 12 months at no cost to them. Details of the services are available here. If you have any questions or would like more information, please call us toll-free at 1-877-412-7145, Monday through Saturday, from 8:00 a.m. CT to 8:00 p.m. CT.

 

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

 


January 2014

Date Public Notified Date of Breach Company Data Accessed
January 31, 2014

January 31, 2014 Yahoo, Inc. Usernames & passwords
Who’s Affected Details

Yahoo, Inc. email users

Yahoo has announced that it has detected a security breach of some of their email customers. The information accessed was customer user names and passwords. So if you're a Yahoo Mail user, you may be receiving a notification to reset your password.

Yahoo didn't say how many accounts were affected, but it is the second-largest webmail provider in the world, with well over a quarter of a billion accounts.

Anyone affected should have received a text or email at a backup address saying their password has been reset. If you didn't have a secondary mode of notification attached to your Yahoo Mail account, try to log in — if your password works, you weren't affected, but you should probably change it just in case. If it didn't, you should contact Yahoo and see about getting your access restored.

 

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

 


Date Public Notified Date of Breach Company Data Accessed
January 31, 2014

December 12, 2014 Unity Health Insurance Unity member number, date of birth, city of residence, name of prescribed drug, and date of service, if any.
Who’s Affected Details

41,437 Unity Health Insurance members may have been affected by the breach..



Date Public Notified Date of Breach Company Data Accessed
January 10, 2014

July 16 – October 30, 2013 Neiman Marcus Approximately 1.1 million customers who shopped at Neiman Marcus between July 16 and October 30, 2013.
Who’s Affected Details

Neiman Marcus confirmed Saturday that its customers are at risk after hackers breached the company’s servers and accessed the payment information of those who visited its stores.The company said that the malware had been put into its system and had stolen payment data off cards used from July 16 to Oct. 30. During those months, approximately 1,100,000 customer payment cards could have potentially been visible to the malware capable of fraudulently obtaining payment card information.

Customers can sign up for free credit monitoring by visiting www.protectmyid.com/nm. For enrollment issues, contact Experian’s ProtectMyID at 1-866-579-2216. Customers who want to take advantage of the free credit monitoring offer must do so by June 15, 2014.

For consumers that are concerned about their Neiman Marcus or Bergdorf card, they can call the credit office at 1-800-685-6695.

For additional information on this breach, Neiman Marcus has a FAQ section on their website.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


Date Public Notified Date of Breach Company Data Accessed
January 1, 2014

December 2013 Snapchat Usernames and Phone Numbers
Who’s Affected Details

Approximately 4.6 million Snapchat users.

Consumers whose data was included in the leak should change their password and watch for any weird activity on their account. (No passwords were included in the leak)

The private messaging app Snapchat has reported a data breach. Security researchers were able to expose basic identifying information on 4.6 million users, connecting their usernames with phone numbers.

Although the exposed information isn’t of high security (like a Social Security or credit card number), experts say the breach should still be taken seriously.

There is a tool consumers can use to check if their account was compromised; GS Lookup - Snapchat, will ask them to enter only their username. If your account info was compromised, you'll see your phone number (minus the last two digits) on the Web page. If your account wasn't included in the leak, you'll see a "You're Safe" message.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.



2013

December 2013

Date Public Notified Date of Breach Company Data Accessed
December 19, 2013

November 27, 2013 – December 15, 2013 Target Corp. The breach involves the theft of information stored on the magnetic stripe on the backs of credit or debit cards used by consumers in all US Stores. The information involved in this incident included customer name, credit or debit card number, and the card’s expiration date and CVV (three-digit security code).
Who’s Affected Details

Approximately 40 million customers who made purchases using credit or debit cards at its U.S. stores between November 27 and December 15, 2013.

Target says about 40 million credit and debit card accounts may have been affected by a data breach. Target says about 40 million credit and debit card accounts may have been affected by a data breach.

The chain said Thursday that the accounts may have been impacted between Nov. 27 and Dec. 15, 2013.

Authorities and financial institutions were immediately notified once the company became aware of the breach. They worked with a third-party forensics firm to investigate the matter and it has been identified and resolved.

 

Target Corp. said that customers who made purchases at its U.S. stores during the impacted period and suspected unauthorized activity should call them at 866-852-8680.

 

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

 


Date Public Notified Date of Breach Company Data Accessed
December 3, 2013

November 24, 2013Facebook, LinkedIn, Twitter, Gmail, & Yahoo Website login credentials (usernames) and passwords
Who’s Affected Details

Approximately two million Facebook, LinkedIn, Twitter, Gmail and Yahoo users.

Security firms are reporting that hackers have stolen usernames and passwords for nearly two million accounts at Facebook, Gmail, Twitter, LinkedIn, and Yahoo.

The security firm, Trustwave believes it was the result of keylogging software that has been capturing passwords of people whose computers were infected.

Facebook, LinkedIn and Twitter are now emailing members whose passwords have been compromised.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


November 2013

Date Public Notified Date of Breach Company Data Accessed
November 16, 2013

October 22, 2013 Dynacare Laboratories, Milwaukee Names, addresses, dates of birth, Social Security numbers, and gender.

 

Approximately 6,000 City of Milwaukee employees and 3,000 of their spouses and domestic partners.

 

Who’s Affected Details

On October 22, 2013, Dynacare learned that a flash drive inside a car stolen from a Dynacare employee contained patient information. The theft occurred overnight and was immediately reported to the Milwaukee Police Department the morning of October 22, 2013. After a thorough Investigation, it was determined that the stolen flash drive contained a database with patient demographic information, this included patient names, addresses, dates of birth, Social Security numbers, and gender. No financial information, medical records, or test results were included in the database.

This incident did not affect all Dynacare patients, but only a group who received testing from Dynacare Laboratories between August and October 2013.

As a precaution, Dynacare will begin notifying affected patients on November 18, 2013. They have also established a call center for patients to call with any questions.

If you believe you are affected but do not receive a letter by November 30, 2013, please call 1-877-237-4971, Monday through Friday, 8:00 a.m. to 5:00 p.m. Central Time (closed on U.S. observed holidays). Please be prepared to provide the following ten digit reference number when calling: 9691111113.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


October 2013

Date Public Notified Date of Breach Company Data Accessed
October 4, 2013

August 6, 2013 Memorial Hospital of Lafayette CountyPatient's name and account number, date(s) of service, and the charges associated with each date of service.

 

 

The statements also included the name, address and identification number for the guarantor on the account. Other personal information, such as social security number, date of birth, and specific health conditions, were not included in the disclosure.

 

Who’s Affected Details

Patients who received care/services at Memorial Hospital of Lafayette County that date back to 2001 through the present.

On August 6, 2013 Memorial Hospital of Lafayette County discovered a potential breach of unsecured patient health information involving financial statements that were inadvertently sent to some third parties. While most of the approximately 8,000 notices mailed were sent to the patients themselves or their authorized representatives, in some cases they may have been mailed to third parties who were not authorized to receive the information.

If you believe your information may have been disclosed, but did not receive written notice from Memorial Hospital of Lafayette County, please call this toll free number 1-877-615-3759.

 

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


Date Public Notified Date of Breach Company Data Accessed
October 1, 2013

August 27, 2013St. Mary’s Janesville HospitalPatient name, date of birth, medical record and account numbers, provider and department of service, bed and room number, date and time of service, visit history, complaint, diagnosis, procedures, test results, vaccines, if administered, and medications.

 

Who’s Affected Details

They have identified 629 patients who may have been affected and are notifying each of the patients or their guardians by letters mailed September 30, 2013. These patients received care at St. Mary’s Janesville Hospital in the emergency department between January 1 and August 26, 2013.

St. Mary’s Janesville Hospital has reported a data breach. On August 27, 2013, they received a report that an SSM Health Care laptop was stolen from an employee’s car during a break-in.

St. Mary’s states that they have no reason to believe the laptop was stolen to gain access to patient information, or that this information has been accessed or misused in any way. They also state that the computer was configured in such a way that information could not be written to the hard drive but Email information was stored on the hard drive and password protected but not encrypted, which is a violation of St. Mary’s Janesville Hospital policy.

St. Mary’s Janesville Hospital has partnered with ID Experts for patient identity monitoring and protection at their expense. Through ID Experts, they have arranged for affected patients to opt for a free one-year identity theft monitoring.

St. Mary’s Janesville Hospital posted the notice to its site on October 1, 2013. Click here to view.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


Date Public Notified Date of Breach Company Data Accessed
October 4, 2013

October 4, 2013AdobeCustomer names, passwords and payment (debit & credit) card numbers as well as the source code for Adobe products
Who’s Affected Details

Approximately 2.9 million Adobe customers.

Adobe confirmed that 2.9 million customers have had their private information stolen during a sophisticated cyber attack on its website.

The attackers accessed customer names, passwords.and payment card numbers. They also accessed the source code for Adobe products.

Adobe has reset the passwords for the customers’ accounts it believes were compromised, and that those customers will receive an email alerting them of the change. Adobe is also recommending as a precaution, that customers who are affected should change their passwords and user information. Adobe has set up a page for customers on how to reset their passwords.

For those customers whose debit or credit card information is suspected of being accessed, Adobe is offering a complimentary one-year subscription to a credit monitoring program.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


July 2013

Date Public Notified Date of Breach Company Data Accessed
May 22, 2013

April 25, 2013Vendini, Inc.Name, mailing address, email address, phone number and credit card numbers with expiration dates.
Who’s Affected Details

Vendini provides box office and online ticketing services to hundreds of entertainment venues, which includes tour, casino, sports, and arts organizations across the U.S. and Canada. For those who have used a credit card to make a purchase for an event that was processed through Vendini’s service, their information may have been compromised.

On April 25, 2013, Vendini, Inc. detected an unauthorized intrusion into its systems.

Personal information that may have been accessed includes name, mailing address, email address, phone number and credit card numbers & expiration dates. The company does not collect credit card security access codes (e.g., CVV, CVV2, PINs), social security numbers, usernames or passwords.

For customers requesting more information the company provided the following contact information: 1-800-836-0473, or visit www.vendini.com/info

Vendini has also offered a resource guide to those who may have additional questions: https://www.vendini.com/e/a.php?id=1563&v=7efcbbb137

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


June 2013

Date Public Notified Date of Breach Company Data Accessed
Sometime in 2012

April 26, 2013Facebook Email addresses and telephone numbers.
Who’s Affected Details

Approximately 6 million Facebook users had email addresses or telephone numbers shared in a download at least one or two times.

A Facebook security bug exposed users’ personal contact information (email or phone number) to other users who were connected to them; the bug has affected 6 million accounts.

Facebook’s security team described that the breach is related to the contact list/address book upload feature on the platform. When people used the DYI (Download Your Information) tool, it’s possible that they also received the additional email addresses and phone numbers for their contacts and even people with whom they have no connection.

Additionally, no other types of personal or financial information were included and only people on Facebook – not developers or advertisers – have access to the DYI tool.

You can review the full message from Facebook’s security blog page here: https://www.facebook.com/notes/facebook-security/important-message-from-facebooks-white-hat-program/10151437074840766

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


May 2013

Date Public Notified Date of Breach Company Data Accessed
April 26, 2013

April 26, 2013TerraCom, Inc. ("TerraCom")Name, Social Security Number, Date of Birth, Address, Driver’s License Number, copies of tax information and other government forms that TerraCom is required by law to obtain and use in order to determine applicant eligibility for the Lifeline program.
Who’s Affected Details
The data accessed belonged to 150,000 applicants seeking enrollment in the federal Lifeline telephone program administered by the Federal Communications Commission (FCC). Approximately 875 of the 150,000 are Wisconsin residents.

On April 26, 2013, TerraCom learned of a security breach involving unauthorized access to personal data and downloaded files related to over 150,000 individuals. The data was stored on the computer servers of TerraCom’s IT contractor, Call Centers India, Inc. d/b/a VCare Corporation ("VCare") and belonged to applicants seeking enrollment in the federal Lifeline telephone program administered by the Federal Communications Commission (FCC). Approximately 875 of the 150,000 are Wisconsin residents

TerraCom has initiated immediate corrective action to secure and protect compromised data files and further safeguard the personal data of applicants from future attacks by hackers.

TerraCom has mailed notice of the security breach to those persons whose records were individually accessed. Additionally, TerraCom will provide these applicants whose personal information was put at risk with instructions and the opportunity to enroll in a credit bureau monitoring service at no cost to the applicant.

A toll free number has been provided to assist applicants whose personal information was accessed about what they should do. (1-855-297-0243)

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


April 2013

Date Public Notified Date of Breach Company Data Accessed
April 9, 2013

March 13, 2013Kirkwood Community College (ADPI)Names, birthdates, race, contact information and social security numbers
Who’s Affected Details
Individuals who applied for college-credit classes between February 25, 2005 and March 13, 2013.

Hackers using an international IP address unlawfully accessed the Kirkwood website on March 13, 2013.

Specifically, the hackers gained access to archived application information for approximately 125,000 individuals who applied for college-credit courses from February 2005 through March 13, 2013. This may have included applicant names, birthdates, race, contact information and social security numbers.

Those who have been affected by the breach will be notified in writing by Kirkwood administrators.

For those who haven’t received a letter, but believe they applied to take Kirkwood college-credit classes between the specified times can contact verify@kirkwood.edu.

This breach affects all Kirkwood locations.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


February 2013

Date Public Notified Date of Breach Company Data Accessed
February 13, 2013

December 14, 2012Froedtert HealthA computer virus may have allowed an unauthorized person to access an employee of Froedtert Health’s work computer account that contained personally identifiable information (PII) of approximately 43,000 patients.
Who’s Affected Details
Although there was no evidence found that any unauthorized person accessed any personal information or medical records, the expert computer forensics company couldn’t definitively rule out the possibility that the virus was able to obtain information stored in this employee’s work computer account, so they felt it was important to make the public aware of this incident. The file in the employee’s work computer account contained patient information including names, addresses, telephone numbers, dates of birth, medical record numbers, names and health insurers, diagnosis, other clinical information, and in some instances, Social Security Numbers. Financial information was not stored in any files in the employee’s work computer.

A public notice is available on their website (listed directly below) along with letters that were sent out to those affected--and to clarify, there are three different notices:

  • 1)Froedtert Medical’s website: General Public notice: http://www.froedterthealth.org/computer-security-incident Patients with questions regarding this breach can contact Froedtert Health; a call-center has been set up to handle these specific calls: 1-855-770-0006; when prompted, customers need to enter 10-digit reference code: 5764020813.
  • 2)Notice to patients whose SSN was on the employee’s computer along with the other PII – Credit Monitoring is being offered for one-year with TransUnion Patients who receive this letter will need to contact TransUnion directly at 1-800-242-5181; when prompted, customers need to say or enter the telephone pass code: 623817.
  • 3)Notice to patients whose PII was on the employee’s computer, but not their SSN – No Credit Monitoring Offered. Patients who receive this letter can contact the call-center at 1-855-770-0006; when prompted, enter the following 10-digit code: 5763020813.

 

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


Date Public Notified Date of Breach Company Data Accessed
February 2, 2013

Summer 2012River Falls Medical ClinicPatient’s personal information: first and last name, certain account/billing information such as diagnosis codes, scheduling information, insurance information, account numbers, medical chart numbers and some documents taken contained patient social security numbers, home addresses and phone numbers.
Who’s Affected Details
River Falls Medical Clinic says about 2,400 of their clients have been affected and each one has been notified. The letter is from River Falls Medical Clinic and AllClearID.

River Falls Medical Clinic has notified about 2,400 clients of a breach of unsecured personal information.

The breach occurred after clinic officials reported stolen equipment to the River Falls Police in the summer of 2012.

Police investigated and found the stolen equipment, as well as paper documents containing patient-identifying information in the suspect’s home on Nov. 28.

An employee of a cleaning service is the main suspect. The items were found in the employee's home and he was charged with felonies associated with theft and drug possession.

All these records were returned to the clinic.

According to clinic administrator Jon Pedersen, clinic officials have concluded that the overall risk of harm to patients is low. Out of caution, affected patients were still contacted by letter.

The clinic is offering help from AllClearID at no cost. Individuals who have further questions or concerns can call 877-676-0371.

 

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


Date Public Notified Date of Breach Company Data Accessed
February 1, 2013

February 1, 2013 Twitter, Inc.Usernames, email addresses, and encrypted passwords.
Who’s Affected Details
Approximately 250,000 Twitter users.

On Friday, February 01, 2013, Twitter, Inc. announced that it was a target of an attack. The company says 250,000 users may have been affected.

The company reports it detected unusual access patterns earlier during the week and found that user information—usernames, email addresses and encrypted passwords for about 250,000 users may have been accessed.

Twitter’s director of information security wrote that they discovered one live attack and were able to shut it down while in process; however, their investigation has thus far indicated that the attackers may have had access to this limited user information.

Jim Prosser, spokesman for Twitter, the social network known for its 140-character messages, could not speculate on the origin of the attacks as its investigation was ongoing.

Prosser also stated that Twitter was working with government and federal law enforcement to track down the source of attacks. For now, he said the company had reset passwords for, and notified every compromised user.

For more information about making your Twitter account more secure, go to: https://support.twitter.com/articles/76036-keeping-your-account-secure# .

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


January 2013

Date Public Notified Date of Breach Company Data Accessed
December 21, 2012

November 29, 2012Skagit Valley Casino ResortStolen data may have included name, driver’s license number, social security number and bank account information.
Who’s Affected Details
Individual’s whose information may have been exposed included customers of the Skagit Valley Casino Resort, and/or customers who have been to a casino in Las Vegas or a casino that uses Bally’s as a vendor. Bally Technologies, Inc. ("Bally") is a slot manufacturing company, their primary technologies include gaming devices for land-based, riverboat and Native American casinos, video lottery and central determination markets.

On November 29, 2012 the Skagit Valley Casino Resort learned that an incident involving one of its vendors, Bally Technologies, Inc., ("Bally") may have involved customer’s personal data. Electronic equipment in Bally’s possession in the normal course of business for the purposes of performing services for Skagit Valley Casino Resort was stolen from a Bally employee’s home office and may have contained data of customers.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


Back to Top

2012

December 2012

Date Public Notified Date of Breach Company Data Accessed
November 29, 2012

June 15, 2012 to October 1, 2012Advanced Data Processing, Inc. (ADPI)Name, Date of Birth and Social Security Number
Who’s Affected Details
Individuals whose information may have been exposed included patients who received services from certain ambulance agencies associated with Advanced Data Processing, Inc.

On October 1, 2012. ADPI learned that one of their employees stole information associated with Grady EMS ambulance service and disclosed certain patient account information in connection with a scheme to file false federal tax returns. The accessed account information included names, dates of birth, Social Security numbers and record identifiers.About 900 Grady EMS patients had their information exposed between June 15, 2012 and October 12, 2012.

The company sent letters by first class mail, dated November 29, 2012, to affected individuals and has posted a notice on its website with links to information regarding the incident and resources to aid affected individuals.

The employee has been apprehended by authorities and was immediately terminated by the company and no longer has access to the company’s system.

To help detect possible misuse of the patients’ personal information, the company offered a complimentary one year membership of Experian’s ProtectMyID Alert.Individuals have 90 days to activate this membership, which will then continue for 1 year.An activation code was provided on the letter they received.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


November 2012

Date Public Notified Date of Breach Company Data Accessed
November 26, 2012

October 11, 2012Pinnacle Foods Group, LLC Names, Social Security Numbers, driver’s license numbers, credit card numbers, and/or personal information.
Who’s Affected Details
Individual whose information may have been exposed includes employees, former employees, and employees who applied for employment at Pinnacle’s Darien, Wisconsin location.

Pinnacle Foods learned that an employee’s laptop was stolen from her home in Clinton, WI on October 11, 2012.Company operations and systems weren’t involved; the breach affected only information residing on the stolen laptop, which was password protected Personal information of up to 1,818 individuals in up to 13 states, including Mexico may have been affected by a theft of the company’s laptop from an employee’s home. The company isn’t offering any free credit monitoring or identity theft services; however, in the following press release they have a list of steps the affected individuals should follow to protect themselves against identity theft. Pinnacle Foods Group, LLC issues a press release that can be obtained directly from their website: http://www.pinnaclefoods.com/Media+Relations/Press+Releases If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


Date Public Notified Date of Breach Company Data Accessed
November 16, 2012

October 3, 2012Nationwide Insurance CompanyIndividual’s Name and a combination of: Social Security number, driver’s license number and/or date of birth and possibly marital status, gender and occupation, and the name and address of their employer.
Who’s Affected Details
Nationwide’s records indicate that the information of some customers and other individuals who received a quote on auto insurance from Nationwide or Allied, either online, via phone or through an agent at some point during the thirteen months prior to the attack on October 3, 2012.

Nationwide Insurance Company confirmed that on October 3, 2012, a portion of their computer network that is used by Nationwide Insurance and Allied Insurance was attacked.

On November 2, 2012, Nationwide received confirmation of the identities and addresses of the individuals whose personal information was compromised.

Nationwide began sending letters to those affected on November 16, 2012, and is offering free credit monitoring and identity theft protection product for one year as a precaution. Individuals who enroll in this service, offered through Equifax, will be notified of changes to their credit information and will receive $1-million in identity theft insurance with a $0 deductible.

Nationwide will remain committed to enhancing its defenses against these kinds of attacks. They promptly reported this criminal attack to law enforcement, including the FBI, who are still investigating the incident.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


Back to Top


October 2012

Date Public Notified Date of Breach Company Data Accessed
October 24, 2012

September 23, 2012Alere Home MonitoringName, Address, Date of Birth, Social Security Number, Diagnosis
Who’s Affected Details
More than 100,000; among those affected include 1,736 Wisconsin residents.

A car belonging to an Alere Home Monitoring employee was burglarized on September 23, 2012, and one of the items stolen from the car was the employee’s laptop.

Although the laptop was password protected, it did contain a file with personal information that included name, address, date of birth, Social Security Number and diagnosis; all of which was not encrypted.

Alere Home Monitoring has arranged for customers to receive identity protection from Experian Security Assistance at no cost for one full year from the date the customer registers.

The customer must register in order to receive this complimentary identity protection service.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


July 2012

Date Public Notified Date of Breach Company Data Accessed
July 24, 2012

April 2012 – July 2012Department of Revenue (DOR)Social Security Numbers
Who’s Affected Details
The first seller listed on the real estate property return.The Department of Revenue (DOR) has had a data breach. The 2011 historical property sales report that was posted online contained a second imbedded file; and the imbedded file contained social security numbers for the first seller listed on the real estate property return. This information was not visible; the user would have needed to open this specific file to find the confidential information.

During the April-July timeframe, the Access report was downloaded 138 times. Although DOR believes that the individuals who downloaded the file are using it for their own business purposes, and have no malicious intent, they will be offering free credit monitoring for a year for individuals who may have been affected by this situation.

The agency removed the report immediately after they were notified by a user that they found this buried report online. DOR has contacted appraiser and real estate associations to ask them to notify their members that anyone who used it should destroy it and a new clean report without any information has been reposted online.

The agency will be mailing letters to the sellers that may have been impacted, these letters will be mailed to the last known address of the seller. If the seller does not receive a letter, he or she can contact the department to confirm whether or not their social security number was included on their real estate form:

Toll-free number: 888-947-3453
Email: realestate@wisconsin.gov

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.

Date Public Notified Date of Breach Company Data Accessed
July 12, 2012

July 11, 2012Yahoo! VoicesEmail address and passwords
Who’s Affected Details
This affects those who use: Yahoo!, Gmail, MSN, Hotmail, Comcast and AOL (because Yahoo! Voices allows you to sign in using different email addresses) Yahoo confirmed on Thursday, July 12, 2012 that its user generated contributor network Yahoo! Voices, suffered a massive Data Breach.

On Wednesday, July 11, 2012, hackers stole a file from the servers of Yahoo! Voices that contained over 400,000 user email addresses and passwords, and then posted them in plain text online.

This doesn’t just affect Yahoo! email addresses, this also affects: Gmail, MSN, Hotmail, Comcast and AOL users as well because Yahoo! Voices allows you to sign in with non-Yahoo! email addresses.

Yahoo has taken action and is now working on fixing the vulnerability that led to the breach. Yahoo! has changed the passwords of the affected accounts and has notified the companies whose user accounts may have been compromised.

 

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


Back to Top


June 2012

Date Public Notified Date of Breach Company Data Accessed
June 6, 2012

June 6, 2012LinkedInAccess to approximately 6.5 million customer passwords
Who’s Affected Details
About 6.5 million LinkedIn users were affected. The company notified members that have accounts associated with compromised passwords to notify them their account password is no longer valid; this notification included instructions on how to change their passwords.On June 6, 2012, LinkedIn confirmed a security breach that resulted in the loss of encrypted passwords and could allow hackers to break into subscribers’ accounts.

The company reported that only passwords were stolen; not corresponding email addresses and that they weren’t concerned about the hackers being able to access account or financial information.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


April 2012

Date Public Notified Date of Breach Company Data Accessed
April 21, 2012

April 12, 2012Under Armour Inc. Employee names, Social security numbers, Salary information
Who’s Affected Details
Unspecified number of employees.

Under Armour Inc. employs 5,400 employees around the world.
An unencrypted thumb drive containing payroll information was lost in the U.S. mail by Under Armour Inc’s auditing firm, PricewaterhouseCoopers.

PricewaterhouseCoopers is offering free credit monitoring service and identity theft insurance to data theft victims for 12 months.

If you feel you are a victim of identity theft as a result of this breach, contact the Bureau of Consumer Protection at (800) 422-7128 or email us at DATCPWisconsinPrivacy@Wisconsin.gov.


Back to Top