Data Breaches Caused By Third Parties
DATE | COMPANY | DATA BREACHED | USE OF 3RD PARTY | 3RD-PARTY COMPANY |
|---|---|---|---|---|
September | Includes data from services such as electronic check-in and baggage management, check-in counter data, and data from resources used by passengers such as automated kiosks. | Supplier of business and commercial aviation services | Collins Aerospace(RTX) | |
September | Includes accounts, opportunities, cases, business contact information, product licensing and commercial detail, support case information. | Chatbot service provider | Drift (Salesloft) | |
September | Includes customer contact information, account data, and text from certain customer support cases. | Chatbot service provider | Drift (Salesloft) | |
September | Includes customer business contact information, company attributes, basic customer engagement information. | Chatbot service provider | Drift (Salesloft) | |
September | Includes business contact details (names, professional email addresses, phone numbers, job titles), basic organizational information, account status information, Salesforce object metadata, and field summaries. | Chatbot service provider | Drift (Salesloft) | |
September | Includes business contact information and basic customer support case information. | Chatbot service provider | Drift (Salesloft) | |
September | Includes business contact information and support ticket metadata of a limited number of clients. | Chatbot service provider | Drift (Salesloft) | |
September | Includes limited support case data | Chatbot service provider | Drift (Salesloft) | |
September | Includes, names, business email addresses, job titles, phone numbers, regional/location details, service arrangement data, plain text content from support cases | Chatbot service provider | Drift (Salesloft) | |
September | Includes business information about customer renewals and internal sales account data from CRM system. | Chatbot service provider | Drift (Salesloft) | |
September | Not specified. | Chatbot service provider | Drift (Salesloft) | |
September | Includes business contact information, basic support case information, basic tenant related attributes such as tenant name, data center name, product names and services, training courses and certificates, and event logs. | Chatbot service provider | Drift (Salesloft) | |
September | Includes names, titles, professional contact information, LinkedIn profile URLs, training requests and course completion details, support case data (such as requester email address, phone number, and case description). | Chatbot service provider | Drift (Salesloft) | |
September | Includes a limited set of business contact information, including names, email addresses, phone numbers, and support ticket content. | Chatbot service provider | Drift (Salesloft) | |
September | Includes subject lines and initial descriptions provided by customers when opening a Tenable support case, and commonly available business contact information (such as names, business email addresses, phone numbers, and regional/location references). | Chatbot service provider | Drift (Salesloft) | |
September | Not specified. | Chatbot service provider | Drift (Salesloft) | |
September | Includes, business email addresses, some business phone numbers, business addresses, names | Chatbot service provider | Drift (Salesloft) | |
September | Not specified. | Chatbot service provider | Drift (Salesloft) | |
September | Not specified. | Chatbot service provider | Drift (Salesloft) | |
September | Includes mostly business contact information, internal sales account and basic case data related customers. | Chatbot service provider | Drift (Salesloft) | |
September | Not specified. | Chatbot service provider | Drift (Salesloft) | |
September | Includes names, business email addresses, job titles, phone numbers. | Chatbot service provider | Drift (Salesloft) | |
September | Includes email addresses | Chatbot service provider | Drift (Salesloft) | |
September | Includes business contact information, including first and last names of customer contacts and company identifiers. | Chatbot service provider | Drift (Salesloft) | |
September | May includes business contact information, account and conversation metadata, and summary fields. | Chatbot service provider | Drift (Salesloft) | |
September | Includes customer contact information and basic support case data contain sensitive information such as certain customer support interactions and access tokens. All information a customer may have shared with Cloudflare in the support system (including logs, tokens, or passwords) should be considered compromised. | Chatbot service provider | Drift (Salesloft) | |
September | Includes customer business contact information, company attributes, and basic customer case information. | Chatbot service provider | Drift (Salesloft) | |
September | Includes commonly available business contact details (such as employee name, business email address, and business phone number), billing addresses, old credentials for test accounts, product pricing and quotations, and notes which may have been stored in accounts. | Chatbot service provider | Drift (Salesloft) | |
September | Includes business contact information. | Chatbot service provider | Drift (Salesloft) | |
September | Includes PyPI API keys, npm API keys, DockerHub credentials, AWS access keys. | Chatbot service provider | GitHub Workflows | |
August | Includes name and e-mail address, if collected, phone number, company name, job title, and billing address, and initial ticket information from a limited number of support requests, including similar personal data as listed above. | Chatbot service provider | Drift (Salesloft) | |
August | Includes names and titles, business email addresses, business phone numbers. | Chatbot service provider | Drift (Salesloft) | |
August | Not specified. | Chatbot service provider | Drift (Salesloft) | |
August | Includes names, phone numbers, and email addresses, as well as support case data. | Chatbot service provider | Drift (Salesloft) | |
August | Includes names, business email addresses, job titles, phone numbers, regional/location details, zscaler product licensing and commercial information, plain text support case header content from certain cases limited to the following fields: Case Number, Opened, Preferred Contact Number, Description, Priority, Case Owner, Preferred Time Zone, Case Status, Type, Customer Case Reference, Product, Last Activity, Subject, Resolution Notes, Reason for Hand Off, Current Status / Next Plan of Action, Data Collected, Issue Summary / Business Impact, and Requestor | Chatbot service provider | Drift (Salesloft) | |
August | Includes names, business email addresses, phone numbers, regional/location references | Chatbot service provider | Drift (Salesloft) | |
August | Includes contact information, text in a support case potentially including tokens or passwords. | Chatbot service provider | Drift (Salesloft) | |
August | Includes names and email addresses | Donation plugin | GiveWP WordPress | |
August | Includes basic personal information, as well as passport, driving license, and national insurance details | Software provider | Intradev | |
August | Email addresses and more | Ground services for flights | Inflite The Jet Centre Ltd | |
August | For example, medical certificates, rehabilitation plans, work-related injuries, and more. | Software provider | Miljödata | |
August | Includes names, Social Security numbers, driver’s license numbers, financial account information, medical information, and health insurance information. | Support services provider | DermCare Management | |
July | Includes names, Social Security numbers, birth dates, medical record numbers, driver’s license numbers, health insurance numbers, Medicare numbers, Medicaid numbers, health insurance information, and medical and treatment information. | Billing services provider | Third-party vendor | |
July | United Healthcare, Aetna Life Insurance Company (CVS Health) and 46 more | Includes full names, Social Security number, tax ID number, date of birth, medical information, health insurance information, and financial account information. | Provider of benefits consulting, enrollment technology, payroll administration, HRIS, compliance support, and carrier management. | Kelly & Associates Insurance Group |
July | Includes names, email addresses, phone numbers, and IP addresses, chat interaction log. | Artificial intelligence chatbot support provider | Paradox, Inc. | |
July | Includes names, email addresses, phone numbers, dates of birth, frequent flyer numbers, and in some cases, addresses, gender, meal preferences, as well as loyalty program details such as tier levels and point balances. | Customer service provider | Third-party vendor | |
July | Includes personal data belonging to clients, financial professionals, and certain employees. | Cloud-based customer relationship management system provider | Third-party vendor | |
June | No specific information has been provided about the types of data that were leaked. | Health promotion and project management services | Radix (Zurich based and non-profit organization) | |
June | Includes social Security numbers, health insurance ID numbers, Medicaid-Medicare ID numbers, medical records including doctor info, diagnoses, test results, images, care, and treatment details. | Healthcare services provider | Episource | |
June | Includes card names, numbers, and expiration dates. | Unknown | Third-party vendor | |
June | It is not confirmed whether data was leaked; possible customer and resident data may have been compromised. | Server management provider | Third-party vendor | |
June | Includes names, email addresses, partial financial information and SSNs, transaction history, and scanned identity documents. | Outsourced customer support | TaskUs | |
May | Includes full names, email addresses, phone numbers, dates of birth, and physical addresses. | Customer services provider | Third-party vendor | |
May | Not specified publicly; compromise of systems managing GIS asset/work‑order data | Asset management and work order management software | Trimble Cityworks | |
May | 2,000 providers, including barristers, solicitor firms, and non-profit organizations | Includes full name, contact details, date of birth, National Insurance number, criminal records, employment status, financial information such as debts and payments. | Legal aid service provider | Legal Aid Agency (LAA) |
May | Certain customer information leaked via compromised Magento extensions. | E-commerce websites software development and customization services | Tigren, Meetanshi and MGS | |
May | Includes names, home and email addresses, and phone numbers | IT helpdesk and support services | Tata Consultancy Services (TCS) | |
May | Includes name, Social Security number, date of birth, medical record number, patient account number, medical/health information, health insurance information, prescription/treatment information, clinical information, provider name, provider location, and email/username and password. | Technology provider | Serviceaide | |
May | Includes contact information, Social Security numbers, financial account details, and medical information. | Patient debt collection and recovery services, including bankruptcy, litigation, and estate resolution support | Nationwide Recovery Services (NRS) | |
May | Includes contact information, Social Security numbers, financial account details, and medical information. | Patient debt collection and recovery services, including bankruptcy, litigation, and estate resolution support | Nationwide Recovery Services (NRS) | |
May | Includes contact information, Social Security numbers, financial account details, and medical information. | Patient debt collection and recovery services, including bankruptcy, litigation, and estate resolution support | Nationwide Recovery Services (NRS) | |
May | Includes contact information, Social Security numbers, financial account details, and medical information. | Patient debt collection and recovery services, including bankruptcy, litigation, and estate resolution support | Nationwide Recovery Services (NRS) | |
May | Includes contact information, Social Security numbers, financial account details, and medical information. | Patient debt collection and recovery services, including bankruptcy, litigation, and estate resolution support | Nationwide Recovery Services (NRS) | |
May | Includes contact information, Social Security numbers, financial account details, and medical information. | Patient debt collection and recovery services, including bankruptcy, litigation, and estate resolution support | Nationwide Recovery Services (NRS) | |
May | Includes contact information, Social Security numbers, financial account details, and medical information. | Patient debt collection and recovery services, including bankruptcy, litigation, and estate resolution support | Nationwide Recovery Services (NRS) | |
May | Includes contact information, Social Security numbers, financial account details, and medical information. | Patient debt collection and recovery services, including bankruptcy, litigation, and estate resolution support | Nationwide Recovery Services (NRS) | |
May | Includes contact information, Social Security numbers, financial account details, and medical information. | Patient debt collection and recovery services, including bankruptcy, litigation, and estate resolution support | Nationwide Recovery Services (NRS) | |
May | Includes contact information, Social Security numbers, financial account details, and medical information. | Patient debt collection and recovery services, including bankruptcy, litigation, and estate resolution support | Nationwide Recovery Services (NRS) | |
May | Includes contact information, Social Security numbers, financial account details, and medical information. | Patient debt collection and recovery services, including bankruptcy, litigation, and estate resolution support | Nationwide Recovery Services (NRS) | |
May | Includes contact information, Social Security numbers, financial account details, and medical information. | Patient debt collection and recovery services, including bankruptcy, litigation, and estate resolution support | Nationwide Recovery Services (NRS) | |
May | Includes contact information, Social Security numbers, financial account details, and medical information. | Patient debt collection and recovery services, including bankruptcy, litigation, and estate resolution support | Nationwide Recovery Services (NRS) | |
May | Includes contact information, Social Security numbers, financial account details, and medical information. | Patient debt collection and recovery services, including bankruptcy, litigation, and estate resolution support | Nationwide Recovery Services (NRS) | |
April | Includes name, address, phone number(s), email address, date of birth, race, gender, Social Security number (SSN), inpatient clinical information including place of service, physician name, admission and discharge dates, diagnosis and billing codes, medical record number, and insurance company name. | Third-party software provider for healthcare IT/EHR operations | Former business partner | |
April | Name or other personal identifier | Personalized third party administrative (TPA) solutions | Landmark Admin | |
April | Includes names, addresses, planned delivery dates, Mailchimp mailing lists, delivery and post office location datasets, WordPress SQL database exports, internal Zoom meeting recordings, and other confidential documents. | Data collection and analytics service provider | Spectos GmbH | |
March | Includes patient information from electronic health records. | Healthcare software provider | Oracle Health (formerly Cerner) | |
March | Includes names, addresses, phone numbers, and email addresses. | Merchandise operations provider | Gooten | |
March | Includes customer name (registered contract name), customer representative’s name, contract number, phone number, email address, physical address, and service usage information. | Telecommunication services provider | NTT Communications Corporation (NTT) | |
March | Includes names, social security numbers, financial account information, and in some cases driver’s license numbers, W-2 information, medical billing information, and tax filings. | Third-party administrator and retirement savings services provider to public school districts | Carruth Compliance Consulting | |
February | Specific personal or corporate data compromised has not been disclosed. | Banking, payment and ATM software provider | LANIT Group | |
February | Includes name, social security number, driver’s license number, other government ID numbers, financial account information, and other data elements. | Employee screening provider | DISA Global Solutions | |
February | Names, addresses, phone numbers, email addresses, dates of birth, diagnoses, test results, treatment information, health insurance information, and Social Security numbers. | A nonprofit healthcare provider | Community Health Center | |
February | Full names, dates of birth, Social Security numbers, and patients’ sex, height, and weight. | IT provider | Third-party vendor | |
February | Includes names, addresses, dates of birth, Social Security numbers, medical information, and health insurance information. | Health Medicare supplement insurance provider | Bankers Cooperative Group | |
February | Includes names, addresses, dates of birth, Social Security numbers, medical information, and health insurance information. | Health Medicare supplement insurance provider | PointClickCare | |
February | Includes names, addresses, dates of birth, Social Security numbers, medical information, and health insurance information. | Health Medicare supplement insurance provider | Landmark Admin | |
February | Sensitive personal and financial information, including Grubhub Marketplace customer passwords, merchant login information, full payment card numbers, bank account details, Social Security numbers, or driver’s license numbers. | Food delivery provider | Third-party vendor | |
January | Includes the subscriber’s name, email, last-used IP address, business phone number, and home phone number. | Telecommunications Provider | CSG Ascendon | |
January | Included names in addition to one or more of the following: date of birth, Social Security number, medical treatment, procedure, and/or diagnosis information, medical record number, medical provider information, medical prescription information, Medicaid and/or Medicare number, dates of service, health insurance claim and/or policy information. | IT provider | Third-party vendor | |
January | Names, addresses, dates of birth, Social Security numbers, financial account numbers (no access codes), health insurance information, and treatment information such as diagnoses, provider information, treatments/procedures, dates of service, prescription information, and medical device serial numbers. | Cybersecurity and IT solutions provider | IntraSystems LLC | |
January | Customer emails and phone numbers | Russian telecommunications provider | Third-party vendor | |
January | Hotel guest reservations, transactions, employee emails, and other internal data. hotel guests’ names, addresses, phone numbers, and email addresses. | Hotel management provider | Otelier | |
January | Hotel guest reservations, transactions, employee emails, and other internal data. hotel guests’ names, addresses, phone numbers, and email addresses. | Hotel management provider | Otelier | |
January | Hotel guest reservations, transactions, employee emails, and other internal data. hotel guests’ names, addresses, phone numbers, and email addresses. | Hotel management provider | Otelier | |
January | Hotel guest reservations, transactions, employee emails, and other internal data. hotel guests’ names, addresses, phone numbers, and email addresses. | Hotel management provider | Otelier | |
January | Names and addresses. However, for some districts, it could also include Social Security numbers (SSNs), personally identifiable information (PII), medical information, and grades. | Cloud-based software solutions provider | PowerSchool | |
January | Health insurance and billing information, debit/credit card numbers or bank account information, health information such as medical history, medical record number, or prescription information, government identification such as Social Security number, taxpayer ID, driver’s license number, or passport number), and other personal information such as date of birth, email address, address, or phone number. | Practice management software provider | Transform Studios | |
January | Names, addresses, dates of birth, driver license numbers, passport numbers, photographs, age details, medical cannabis cards, signatures on government ID cards, transaction histories, and other details. | Point-of-sale provider | Third-party vendor |