Data Breach Tracker: All the Major Companies That Have Been Hacked
At this point, there have been so many data breaches, it's more likely than not that some of your personal information has been compromised. "There are two kinds of consumers — those who know they've been breached, and those who don't," says Identity Theft Resource Center president and CEO Eva Velasquez.
Many Americans are in the first camp. According to a Gallup poll, 27% of Americans say their credit card information has been stolen in the past year, and 11% say their computer or smartphone has been hacked. And the rest are scared: Almost 70% of Americans worry that hackers will steal their credit card numbers from retailers, and 62% worry that hackers will target their personal devices.
It's hard to say whether there has really been an increase in the number of data breaches, or we've just gotten better at detecting and reporting incidents, Velasquez says. Either way, the outdated magnetic stripe technology in the United States probably makes it too easy for hackers to run off with your credit card number.
"Thieves are going to go where it’s easiest to steal," Velasquez says. "We’ve got the most antiquated technology protecting the actual cards, and we’re the biggest issuer of those cards – we’re a treasure trove."
At Money, we're tracking the major data breaches that may have exposed your personal information in recent months. Read on to see if you've been affected. If so, we'll walk you through what you need to know about protecting yourself from identity theft.
Premera Blue Cross
What kind of data was exposed? Names, birthdays, email addresses, addresses, telephone numbers, Social Security numbers, member identification numbers, bank account information and medical claims information
When was the data exposed? May 5, 2014 to Jan. 29, 2015
Who was affected? Individuals with Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, Vivacity and Connexion Insurance Solutions, Inc. health plans
How many people were affected? 11 million
Get the full story.
Here’s what the company had to say.
If your data could have been exposed, here’s what you should do about your social security number and your address.
Anthem
What kind of data was exposed? Names, birthdays, medical IDs, social security numbers, street addresses, email addresses and employment information, including income data
When was the data exposed? Unknown
Who was affected? Employees and current and former customers of Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare
How many people were affected? 80 million
Get the full story.
Here’s what the company had to say.
If your data could have been exposed, here’s what you should do about your social security number and your address.
Chick-fil-A
The alleged Chick-fil-A data breach, first reported by Brian Krebs, is still under investigation.
What kind of data was exposed? Customer payment card numbers (reportedly)
When was the data exposed? Dec. 2, 2013 to Sept. 30, 2014 (reportedly)
Who was affected? Chick-fil-A customers
How many people were affected? Unknown
Get the full story.
The company is still investigating.
If your data could have been exposed, here's what you should do.
Sony
What kind of data was exposed? Names, addresses, Social Security numbers, internal emails and other personal information
When was the data exposed? November 24, 2014
Who was affected? Current and former employees
How many people were affected? About 47,000
Get the full story.
Here’s what the company had to say.
If your data could have been exposed, here’s what you should do.
U.S. Postal Service
What kind of data was exposed? Names, dates of birth, Social Security numbers, addresses, employment dates and emergency contact information
When was the data exposed? Unknown
Who was affected? U.S. Postal Service employees. Customers who contacted the Postal Service Customer Care Center between Jan. 1, 2014, and Aug. 16, 2014 may have had their names, addresses, telephone numbers, email addresses and other information exposed, but not their Social Security numbers or credit card numbers, so the USPS says affected customers do not need to take any action.
How many people were affected? 800,000 USPS employees
Get the full story.
Here’s what the USPS had to say.
If your social security number could have been exposed, here’s what you should do.
MCX
What kind of data was exposed? Email addresses
When was the data exposed? Late October
Who was affected? CurrentC pilot program participants
How many people were affected? Unknown
Get the full story.
Here’s what the company had to say.
If your data could have been exposed, here’s what you should do.
Staples
What kind of data was exposed? Customer payment card numbers
When was the data exposed? July 20, 2014 through September 16, 2014
Who was affected? Staples customers at 115 stores
How many people were affected? 1.16 million
Get the full story.
Here's what the company had to say.
If your data could have been exposed, here's what you should do.
Kmart
What kind of data was exposed? Customer payment card numbers
When was the data exposed? Early September to early October 2014
Who was affected? Kmart customers
How many people were affected? Unknown
Get the full story.
Here's what the company had to say.
If your data could have been exposed, here's what you should do.
Dairy Queen
What kind of data was exposed? Customer payment card numbers
When was the data exposed? Aug. 1, 2014 to Sept. 10, 2014
Who was affected? Dairy Queen customers at 395 locations
How many people were affected? Unknown
Get the full story.
Here's what the company had to say.
If your data could have been exposed, here's what you should do.
Supervalu
What kind of data was exposed? Customer payment card numbers
When was the data exposed? June 22, 2014 to July 17, 2014; again late August to September 2014
Who was affected? Shoppers at Shop ‘n Save, Shoppers Food & Pharmacy, Cub Foods, Albertson’s, Acme, Jewel-Osco, Shaw’s, Star Market and associated liquor stores
How many people were affected? Unknown
Get the full story.
Here's what the company had to say.
If your data could have been exposed, here's what you should do.
Viator.com
What kind of data was exposed? Customer payment card numbers, email addresses and passwords
When was the data exposed? Sept. 2, 2014
Who was affected? Customers on the travel site Viator
How many people were affected? 1.4 million
Get the full story.
Here's what the company had to say.
If your data could have been exposed, here's what you should do about your card numbers, your email address, and your password.
Jimmy John's
What kind of data was exposed? Customer payment card numbers
When was the data exposed? Between June 16, 2014 and Sept. 5, 2014
Who was affected? Jimmy John's customers at 216 locations
How many people were affected? Unknown
Get the full story.
Here’s what the company had to say.
If your data could have been exposed, here’s what you should do.
Home Depot
What kind of data was exposed? Customer payment card numbers
When was the data exposed? April 2014 to September 2014
Who was affected? Home Depot customers
How many people were affected? 56 million
Get the full story.
Here's what the company had to say.
If your data could have been exposed, here's what you should do.
Community Health Systems / Tennova
What kind of data was exposed? Patient names, addresses, birth dates, telephone numbers and Social Security numbers
When was the data exposed? April and June 2014
Who was affected? Patients at Community Health affiliates
How many people were affected? 4.5 million
Get the full story.
Here's what the company had to say.
If your data could have been exposed, here's what you should do about your social security number and your address.
P.F. Chang's
What kind of data was exposed? Customer payment card numbers
When was the data exposed? Sept. 19, 2013 to June 11, 2014
Who was affected? P.F. Chang's customers at 33 locations
How many people were affected? Unknown
Get the full story.
Here's what the company had to say.
If your data could have been exposed, here's what you should do.
JP Morgan
What kind of data was exposed? Names, phone numbers, addresses and email addresses
When was the data exposed? June 2014 to July 2014
Who was affected? JP Morgan account holders
How many people were affected? 76 million
Get the full story.
Here's what the company had to say.
If your data could have been exposed, here's what you should do.
If your email address has been stolen...
Watch your inbox for messages requesting information or requesting you to click on a link. If you receive a suspicious email from a company you do business with, call the sender to verify that they did indeed send it.
More:
- How you can protect yourself from ID theft
- When it's a good idea to get for credit monitoring
- What to do if you've been the victim of identity theft
If your password has been stolen...
Change your password for that account immediately. If you use the same code for other accounts, change those as well.
More:
- How to create a really secure password you can actually remember
- How you can protect yourself from ID theft
- When it’s a good idea to get for credit monitoring
- What to do if you’ve been the victim of identity theft
If your credit or debit card number has been stolen...
For credit cards: Call the creditor and ask for a new card with a new number. Some creditors will automatically reissue cards to affected customers in wide-scale breaches. Know however that because the number rather than the card itself was stolen, you are not liable for any authorized purchases under the Fair Credit Billing Act.
For debit cards: Since the card was not lost, you are not liable for any unauthorized transactions if you report them within 60 days of receiving your statement. Still, you should cancel the card and change your pin. If the bank account number was also exposed, close the account and open a new one with a new number. Consider asking for a verbal password, too, which prevents bank personnel from discussing your account with anyone unable to provide that password.
More:
- Why you shouldn't worry about shopping at stores that have been hacked
- How to fix a suspicious charge on a credit or debit card
- What to do if you've been the victim of identity theft
If your social security number has been stolen...
Contact one of the three major credit reporting agencies and have them place a fraud alert on your account. That agency will then be legally bound to notify the other two agencies to do the same. An alert lets lenders know to take extra care verifying personal information before issuing credit and entitles you to a complimentary credit report from each agency. Review this for suspicious activity. You should also place a credit freeze on your account, which will prevent a credit reporting company from releasing your credit report or score without your consent.
Sometimes the letters from breached companies also contain offers for free credit report monitoring provided by the company. While these programs are not generally worth paying for—since you can monitor your own credit for free—you may as well accept it if it’s being handed out. Monitoring services will alert you to some uses of your SSN quicker than you may be able to spot through your credit report, meaning you can resolve any problems quicker.
More:
- How to place a security freeze on your credit report
- What to look for on your credit report
- How to dispute errors on your credit report
- When it's a good idea to get for credit monitoring
- What to do if you've been the victim of identity theft