The worst data breaches of 2014…so far (Q1)

data breach

The Identity Theft Resource Center, which tracks data breaches, has counted 204 of them through March of the this year for a loss of 4,238,983 records related to sensitive personal information exposed through hacker cyberattacks, stolen laptops or dumb mistakes. Here's the worst of it.

RELATED: The 12 biggest data breaches of the past 12 months

Snapchat

Snapchat, the photo app and delivery service, suffered a security gap in January that resulted in the phone numbers and usernames of up to 4.6 million accounts being downloaded by a website called SnapchatDB.info. Snapchat called the incident  “no big deal,” but would try to make it more difficult to do.

Neiman Marcus
Reuters

High-end store chain Neiman Marcus in January acknowledged hackers had stolen information related to about 1.1 million payment cards of its customers, and the company’s senior vice president and CIO Michael Kingston had to testify about the malware-based cyberattack before Congress.

AIG’s Variable Annuity Life Insurance Company

AIG’s Variable Annuity Life Insurance Company in February disclosed that information related to 774,723 customers had been taken on a hard drive by a former financial adviser arrested by law enforcement last September and being criminally prosecuted.

The University of Maryland

The University of Maryland suffered two breaches this quarter, the worst one in February when hackers stole personal data related to 307,079 individuals from a records database. Brian Voss, the U-MD. CIO, was quoted as saying the hackers had a “very significant understanding” if the school’s network security and “these people picked through several locks to get to the data.”

Archdiocese of Seattle

The Catholic Church was hit when the Archdiocese of Seattle in March had to disclose that hackers had struck its database, exposing an estimated 90,000 records related to employees and volunteers--an incident linked to a tax-fraud scheme investigated by law enforcement. 

North Dakota University System

The North Dakota University System in March acknowledged that hackers had gained access to servers and records of an estimated 291,465 students and staffers.

Los Angeles Dept. of Health Services

The Los Angeles Department of Health Services said it’s notifying about 168,000 patients that their personal health information as well as billing information was at risk of exposure after Sutherland Healthcare Solutions, which handles DHS’s billing and collections, reported in February that its office was broken into and computer equipment holding that information stolen.

Indiana University

Indiana University in February said a breach of its systems had exposed the personal data of about 146,000 students. The university indicated it believed the information, which had been stored in an insecure manner, wasn’t grabbed by a individual hacker but instead was crawled by a number of automated web-crawling applications.

IRS

In March, the Internal Revenue Service said an IRS employee took home personal information on about 20,000 individuals stored on a drive and loaded it onto an insecure home network.

Auburn University

Auburn University in March said it had discovered a compromised server in the College of Business network, leading to the exposure of 13,698 records. College of Business Dean Bill Hardgrave said, “We truly regret the inconvenience and concern this cyber attack may cause to our college’s constituents.”

Coco-Cola

Coco-Cola said a former employee in Atlanta stole 55 laptops that had contained unencrypted personal information on about 74,000 people, most of them Coca-Cola employees. The company didn’t say how it had regained the laptops but acknowledged to the Wall Street Journal that company policy requires laptops to be encrypted but these stolen laptops weren’t.

University of Wisconsin

In March, the University of Wisconsin, Parkside, in Kenosha notified about 15,000 students about the potential exposure of their personal information because the university had discovered that hackers had installed malware on university servers.

Service Coordination of Maryland,

Hackers broke into the computers of the state-licensed provider of services to the developmentally disabled, Service Coordination of Maryland, and stole Social Security numbers and medical information on about 14,000 patients.

ISally Beauty Holdings

Sally Beauty Holdings disclosed that hackers broke into its network and stole credit-card data on an estimated 25,000 customers.

Valley View Hospital

Valley View Hospital in Glenwood Springs, Colo., disclosed it had been the target of computer hackers who inserted malware on the hospital’s system last fall, exposing information on about 5,400 patients.

Banner Health

In a flub, Banner Health based in Phoenix, accidently exposed personal information on more than 50,000 people when their Medicare and Social Security numbers showed up on magazine address labels.

State of Connecticut

In February, the State of Connecticut said that due to a printing error, the tax forms mailed to about 27,000 people stating unemployment information could include someone else’s information. The department said it was re-mailing the forms out again.

Assisted Living Concepts
REUTERS/Marvin Gentry

Assisted Living Concepts, which operates care facilities in 20 states, in February disclosed that hackers breached a vendor’s system, gaining access to ALC’s payroll files on about 43,600 current and former employees.

North East King County Regional Public Safety
REUTERS/Mike Blake

In January, the North East King County Regional Public Safety in Washington said it was working with law enforcement to investigate a breach of a server related to 6,000 medical responses in three fire districts there.

Easton-Bell Sports

Sporting good maker Easton-Bell Sports, based in Van Nuys, Calif., disclosed in January that a network breach tied to malware apparently led to payment and personal data from around 6,000 online shoppers during December being stolen.

Midland Independent School District

In February, the Midland Independent School District in Texas said a laptop and external hard drive were stolen from a school administrator’s vehicle, potentially exposed the personal data of 14,000 students.

U.S. Dept. of Health and Human Services

Due to late entries made by the U.S. Dept. of Health and Human Services into its breach database, several data breach incidents related to exposure of personal health information over several years was indicated, including:

-       25,513 records at Dept. of Medical Assistance Services in Virginia

-       22,511 records at Cook County Health & Hospital System

-       18,000 records at Terrell County Health Dept. in Georgia

-       10,000 records at Health Advantage in Arkansas

-       84,000 records at St. Francis Patient Care Services in Tulsa, OK

-       10,024 records at Missouri Consolidated Health care

The Home Depot

In February, The Home Depot in Atlanta said three human resources employees have been charged with stealing confidential information on 20,000 coworkers’ personal information and opening  fraudulent credit cards