Home Tell a Friend! Contact ICFE Link Exchange Search ICFE Subscribe ICFE About the ICFE
ICFE News Releases ICFE in the News Children and Money Financial Education Personal Financial Counseling with Paul S. Richard, RFC Credit Card Tips Credit File Correction Mending Spending Links and Resources Order Options

ICFE eNEWS #19-11 - March 28th 2019

Recent Data Breach Summaries

617M Accounts for Sale on Dark Web

Date of Incident: Late 2017 through 2018
Date Made Public: February 11, 2019
Records Affected: 617 million
Data Compromised: 617 million online account details stolen from 16 hacked websites were discovered for sale on the dark web. Sample account records consisted primarily of account holder names, email addresses, and hashed or one-way encrypted passwords. Depending on the website, other information may include: location, personal details, and social media authentication tokens. There appears to be no leaked payment or bank card details. The account details were reportedly stolen during various data incidences from late 2017 and 2018, including: Dubsmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), HauteLook (28 million), Animoto (25 million), EyeEm (22 million), 8fit (20 million), Whitepages (18 million), Fotolog (16 million), 500px (15 million), Armor Games (11 million), BookMate (8 million), CoffeeMeetsBagel (6 million), Artsy (1 million), and DataCamp (700,000). At least three of the data breaches were announced previously by the companies (Animoto, MyFitnessPal, MyHeritage).
Click here to learn more

Image-I-Nation Technologies

Date of Incident: November 1, 2018 - November 15, 2018
Date Made Public: February 13, 2019
Records Affected: Unknown
Data Compromised: On December 20, 2018, Image-I-Nation Technologies discovered that there had been unauthorized access to its database containing the personal information of individuals who had a consumer report through its system at some point in the past. Image-I-Nation Technologies, Inc. provides software and related computer hosting services to consumer reporting agencies, including the three nationwide credit bureaus Equifax, Experian, and TransUnion. Based upon its investigation, Image-I-Nation Technologies, Inc. determined that the incident began on or about November 1, 2018 and that its systems were secure as of November 15, 2018. Equifax has confirmed that no Equifax data was part of the Image-I-Nation event.
Click here to learn more


Date of Incident: Beginning August 2017
Date Made Public: January 25, 2019
Records Affected: 42,161
Data Compromised: AdventHealth has reported unauthorized third-party access to systems at AdventHealth Medical Group Pulmonary & Sleep Medicine in Florida, formerly known as Lake Pulmonary Critical Care, beginning in August 2017. The exposed information may have included: patient name, Social Security number, gender, race, address, email, phone number, date of birth, health insurance information, height, weight, and medical history. Letters will be sent by March 10 to patients who were potentially affected. AdventHealth is also offering credit monitoring, fraud consultation, and identity theft restoration free for one year to affected customers.
Click here to learn more

Holiday Inn, Dunn Brothers Coffee, and More Hotels & Restaurants

Date of Incident: January 3-24, 2019
Date Made Public: February 15, 2019
Records Affected: Unknown
Data Compromised: Customers of Dunn Brothers Coffee, Holiday Inn, Zipps Sports Grill, and many other hotels and restaurants may have had payment card information exposed. North Country Business Products, a company that manages payments for a number of hotels and restaurants, announced that a data breach may have compromised payment information of customers who used credit or debit cards at certain restaurant or hotel locations. According to the company's investigations, a cyberattacker placed malware on some point-of-sale systems, potentially exposing the cardholder's name, credit card number, expiration date, and CVV. The company published a list of affected businesses, locations, and dates and provided a consumer hotline at 1-877-204-9537.
Click here to learn more

UW Medicine

Date of Incident: December 4-26, 2018
Date Made Public: February 20, 2019
Records Affected: 974,000
Data Compromised: The health information of 974,000 patients of Seattle-based UW Medicine was exposed online due to a database error that caused internal files to be accessible on the public Internet. The files contained patients' names, medical record numbers, and information on groups UW Medicine had shared patient information with (i.e., Child Protective Services and public health authorities), and the reason for the disclosure. In some cases, the files also identified health conditions and the names of lab tests performed (but not the results of the tests). No financial information, insurance information, or Social Security numbers were exposed. UW Medicine is mailing breach notifications to affected patients.
Click here to learn more

Taco Bueno

Date of Incident: March 22-November 22, 2018
Date Made Public: February 14, 2019
Records Affected: Unknown
Data Compromised: Customers of one of 150 Taco Bueno locations may have had payment card information compromised as a result of malware placed on some point-of-sale devices. The malware could have exposed the cardholder's name, card number, expiration date, and internal verification code. The company has provided a searchable list of affected Taco Bueno locations available here. Customers interested in more information can visit the Taco Bueno Web site or call 1-877-845-7568 Monday through Friday from 8:00 a.m. and 8:00 p.m. CST.
Click here to learn more


Date of Incident: Unknown
Date Made Public: February 25, 2019
Records Affected: Unknown
Data Compromised: An undisclosed number of TurboTax accounts may have been accessed by an unauthorized party using credential stuffing to target specific users. Credential stuffing is when attackers leverage username and password combinations exposed in past data breaches in an attempt to access usersí accounts on other websites. If the login was successful, attackers may have been able to access information within that TurboTax user account, including tax returns from the prior year, current tax returns in progress, names, Social Security numbers, addresses, dates of birth, driverís license numbers, and financial information such as salaries and deductions. Intuit, parent company and creator of TurboTax, notified affected users and temporarily disabled their accounts. The company is providing free identity protection, credit monitoring, and identity restoration services for one year to impacted users. In a statement, Intuit emphasized that there was no breach of its systems or third-party systems, and the incident was related only to specific accounts.
Click here to learn more

UConn Health

Date of Incident: December 24, 2018
Date Made Public: February 22, 2019
Records Affected: 326,629
Data Compromised: Personal information of more than 326,000 patients at UConn Health may have been compromised by an unauthorized third party who illegally accessed employee email accounts. The email accounts reportedly contained some patient information, including names, dates of birth, addresses, limited medical information such as billing and appointment information, and an estimated 1,500 Social Security numbers. UConn Health mailed notification letters to affected patients for whom they had a valid mailing address, and the company is offering free identity theft protection services to individuals whose Social Security numbers may have been compromised.
Click here to learn more


Date of Incident: November 8, 2018-December 28, 2018
Date Made Public: March 18, 2019
Records Affected: 277,319
Data Compromised: ZOLL, a provider of emergency medical devices, reported that some data from its email archives was exposed during a third-party server migration, potentially compromising the personal and medical information of 277,319 patients. Information that may have been exposed includes patient names, addresses, dates of birth, limited medical information, and a small percentage of Social Security numbers. The company is offering free credit and identity monitoring services for one year to affected patients.

Oregon Dept. of Human Services

Date of Incident: January 8, 2019
Date Made Public: March 21, 2019
Records Affected: More than 350,000
Data Compromised: A phishing incident compromised the email accounts of several employees at the Oregon Department of Human Services (ODHS), potentially exposing the personal and medical information of more than 350,000 patients. Exposed information may include names, addresses, dates of birth, Social Security numbers, and other information used to administer ODHS programs. ODHS will send breach notification letters by mail and will offer complimentary credit monitoring and identity theft recovery services as soon as it has identified all affected patients.

Facebook Password Storage

Date of Incident: Beginning estimated 2012
Date Made Public: March 21, 2019
Records Affected: Estimated between 200-600 million
Data Compromised: Facebook discovered through a routine security review that some user passwords were being stored in a plain text and searchable format on its internal systems for an unknown amount of time, possibly since 2012. The company states that it has found no evidence to date that any employees improperly accessed the information. Facebook will be notifying all users whose passwords were stored in this way, but currently no password reset is expected to be required.

Paul S Richard PhotoICFE eNEWS is available FREE upon request by visiting our Web site and filling out the contact form, and selecting "Yes" for "Add to Mailing List. Please pass this eNEWS on to your peers and interested others and invite them to subscribe for free. Also, visit the ICFE's new Web site: StudentDebtHelp.org

Sent by:

Paul S. Richard
President - Executive Director
Institute of Consumer Financial Education (ICFE)

About the ICFE:

The Institute of Consumer Financial Education (ICFE) was founded in 1982 by the late Loren Dunton (creator of the Certified Financial Planner (CFP) designation and founder of the College for Financial Planning in Denver, CO.) The ICFE is dedicated to helping consumers of all ages to improve their spending practices, increase savings and use credit more wisely.

The ICFE is an award winning, nonprofit, consumer education organization that has helped millions of people through its financial continuing education courses programs and resources. In addition to eight Certification courses covering identity theft, credit files, credit repair and credit scoring, among others, it also publishes the Do-It-Yourself Credit File correction Guide, which is updated annually. The ICFE has distributed over one million Credit/Debit Card Warning Labels and Credit/Debit Card Sleeves world wide.

The ICFE is a partner with the national Jump$tart Coalition for Financial Literacy and the California Jump$tart chapter. The ICFE staff is also active with San Diego Saves and Military Saves, both offshoots of America Saves.

The ICFE is also an on-line help for consumers who spend too much. ICFE's spending help was featured in PARADE Magazine in the Intelligence Report section. The money helps and tips are from the ICFE's Money Instruction Book, our course in personal finance.

The ICFE helps consumers and students with mending spending, learning about the proper use of credit, budget and expense guidelines, how to set up and implement a spending-plan and also how to access financial education courses and how to teach children about money. Other ICFE services include: Ask Mr. G library, a free eNews service, and an online resource center for students, parents and educators, plus financial education learning tools in the ICFE Book Store.

Home ] ICFE News Releases ] ICFE in the News ] Children and Money ] Financial Education ] Resource Center ] Credit Card Tips ][ Credit File Correction ] Mending Spending ] Links and Resources ]  [ Online Store ]


Copyright ©  1997 - by Paul S. Richard
and the Institute of Consumer Financial Education, All Rights Reserved.
View our
Privacy Policy Our Terms and Conditions

Institute of Consumer Financial Education
PO Box 34070
San Diego, Ca 92163
Paul S. Richard, Executive Director
Phone 619-239-1401

FAX 619-923-3284

Questions for www.financial-education-icfe.org Click to go to Website Contact Us or 

Website Design Donated by Daniel G Hughes Fresno and Half Price Toner Refills

Please Tell An Associate, Friend or Family Member About the ICFE