IdentityForce LogoIdentityForce Logo
Protect What Matters Most.
hacker completes a data breach
Posted on March 31, 2019 by in Data Breach & Technology, Identity & Privacy, Personal

March saw one of the largest single-source data breaches ever recorded, while medical data breaches remained the most prominent among industries affected. Read on to see if you or someone you know was affected.

Here are the recent data breaches that made headlines in March 2019:

Dow Jones

A database that maintained records of politically influential individuals around the world was leaked online. The list was compiled of publicly available information and included identity records of 2,418,862 people who Dow Jones deems at an increased risk for financial fraud.

Rush University Medical Center

Chicago-based Rush University Medical Center experienced a data breach after an employee improperly disclosed a billing document to an unauthorized third party. Approximately 45,000 patients had their names, addresses, dates of birth, Social Security numbers, and health insurance information compromised.

Health Alliance Plan

A total of 120,344 Health Alliance Plan patients were affected in a malware attack on Wolverine Solutions Group, a third-party mailing vendor. Protected health information, as well as personally identifiable information, were among the data exposed.

Spectrum Health Lakeland

Another organization affected by the Wolverine Solutions Group breach was Michigan-based, Spectrum Health Lakeland. About 60,000 patients had their names, addresses, health insurance, and billing information involved in the breach.

Rutland Regional Medical Center

Vermont’s Rutland Regional Medical Center exposed patient information after an employee’s email account was compromised. More than 72,000 patients were affected in the breach, which also included 3,683 Social Security numbers.

Zoll Medical

The Massachusetts-based medical device manufacturer announced that more than 277,000 patients had their data leaked during an email server migration. The information included names, addresses, dates of birth, and medical information. A limited number of Social Security numbers were also involved.

MyPillow and Amerisleep

Two direct-to-consumer mattress and bedding retailers, MyPillow and Amerisleep fell victim to a Magecart hack which compromised their online payment portal.


In its latest security blunder, Facebook admitted to not properly securing user passwords dating back to 2012. As many as 600 million user passwords sat in plain text, and were accessible by more than 20,000 of the social media giant’s employees.

Oregon Department of Human Services (DHS)

Nine Oregon DHS employees fell for a phishing scam, clicking on a link that compromised nearly 2 million emails stored on the agency’s system. From those emails, the information of approximately 1.6 million people that the department serves is now at risk, including full names and Social Security numbers.

Federal Emergency Management Agency (FEMA)

As many as 2.5 million survivors who sought shelter assistance after hurricanes Maria and Irma, and the 2017 California wildfires, have had their sensitive personal information improperly shared in a FEMA privacy breach. The organization unnecessarily shared people’s names, addresses, birth dates, and bank account information with a contractor.

Family Locator

A spying app built by Australia’s React Apps, Family Locator leaked data revealing the real-time locations of at least 238,000 users after the company failed to secure a server. The records exposed also included users’s names, emails, photos, and unencrypted passwords.

Buca di Beppo

Security expert KrebsOnSecurity discovered evidence that 2 million customers of Italian restaurant chain, Buca di Beppo, had their payment card information stolen and put up for sale on the Dark Web. It turns out that malware was installed on dozens of Earl Enterprises (Buca di Beppo’s parent company) restaurants, capturing credit and debit card data between May of 2018 and March 2019.

In one of the largest single-source data breaches ever recorded,, a now defunct email validation company, left nearly 2 billion email accounts and personal identity records on an unsecured server that was accessible to anyone who knew where to look. A breach of this scale could provide cybercriminals a seemingly endless source of emails to commit phishing attacks and identity crimes.

Data Breach Response Plan