BUSINESS

Indiana’s top 10 data breaches so far this year

Seth Slabaugh, seths@muncie.gannett.com
The Star Press
As many as 80 million customers of the nation's second-largest health insurance company, Anthem Inc., had their account information stolen in February 2015.

MUNCIE — More than 250 businesses have notified Indiana customers of security breaches jeopardizing their personal information so far this year.

Beauty supply retailer/distributor Sally Beauty Holdings and French Lick Resort were two of the largest, notifying the Indiana attorney general that their data breaches affected 62,210 Hoosiers and 54,624 Hoosiers, respectively.

Malware deployed by criminals put Sally Beauty customers’ payment card information at risk. The company distributes through 4,900 international stores including sites in Muncie, New Castle, Richmond and elsewhere in Indiana.

The attorney general’s office received notice of 396 data breaches involving Hoosiers last year.

The top 10 security breach notifications in Indiana so far this year, the number of Hoosiers affected, and the cause are:

• Sally Beauty Holdings, 62,210, malware.

French Lick Resort, 54,624, malware captured credit card data.

Indiana State Medical Association, 28,124, laptop computer and two hard drives stolen out of the parked car of ISMA’s information technology administrator.

• SRI Inc., conducts tax sales, deed sales and foreclosure sales to recoup delinquent taxes for local government, 5,393, someone added new files to the software behind SRI’s auction website, allowing the user to access, post and delete files stored on the website.

• Heartland Dental Care, 3,197, hackers gained access to patient information including Social Security Numbers.

• Apple American Group (Applebee’s), 3,058, unencrypted, portable USB flash drive lost by an outside consultant at an airport.

• HSBC Finance Corp., 2,507, information about customer mortgage accounts inadvertently made accessible over the Internet.

• Lokai Holdings, 1,673, unauthorized person gained access to server that hosts the bracelet company’s website and installed a program to record information entered by customers.

• St. Mary’s Health, 1,299, employee email accounts containing patients’ information hacked.

• Indiana Department of Revenue, 1,262, cause unavailable.

The attorney general’s data breach database still doesn’t include the number of Hoosier customers impacted by the Anthem cyber attack, but AG spokeswoman Molly Gillaspie says the company has estimated that 4.5 million records belonging to Indiana residents might have been compromised.

“It was basically everybody,” Gillaspie told The Star Press.

A security breach does not necessarily mean you will become a victim of identity theft. However, to reduce your risk of becoming a victim, the attorney general encourages people to determine what type of breach has occurred, notify the credit bureaus and establish a fraud alert, order your credit reports and review carefully, consider a credit freeze, and continue to monitor your accounts, mail, and credit reports.

Contact (Muncie) Star Press reporter Seth Slabaugh at (765) 213-5834.