Security Breach Notices

Any business or government agency that owns or licenses personal information of residents of Hawaii is obligated to give written notice of security breaches to the Office of Consumer Protection (OCP) when one-thousand (1000) or more Hawaii residents are affected by the security breach. § 487N-2(f), Hawaii Revised Statutes.

The table below lists OCP cases where a business or government agency reported a security breach, where one-thousand or more Hawaii residents were affected. The OCP categorizes security breaches by type (in order of frequency): Hackers/Unauthorized Access; Stolen Laptops, Computers & Equipment; Release/Display of Information; Data Theft by Employee or Contractor; Lost in Transit; and Phishing.

For more information, please see the overall security breach statistics for Hawaii.

Date Notified Case Number Breached Entity Name Breach type Hawaii Residents Impacted Link to Letter
11/8/2018 OCP-2018-0599 Thesy, LLC Hackers/Unauthorized Access 2,642 Letter PDF
10/30/2018 OCP-2018-0552 Bankers Life Hackers/Unauthorized Access 4,328 Letter PDF
07/25/2018 OCP-2018-0314 ComplyRight, Inc. Hackers/Unauthorized Access 3,747 Letter PDF
05/30/18 OCP-2018-0303 Global University Hackers/Unauthorized Access 1,333 Letter PDF
05/18/18 OCP-2018-0206 TaskRabbit, Inc. Hackers/Unauthorized Access 4,062 Letter PDF
4/26/2018 OCP-2018-0161 Delta Air Lines, Inc. Hackers/Unauthorized Access 2,831 Letter PDF
04/04/18 OCP-2018-0133 Orbitz, LLC Hackers/Unauthorized Access 1,078 Letter PDF
7/7/2017 OCP-2017-0302 Aqua-Aston Hospitality, LLC Hackers/Unauthorized Access 1,056 Letter PDF
4/28/2017 OCP-2017-0304 Jackson Hewitt Tax Services, Inc. Hackers/Unauthorized Access 5,659 Letter PDF
4/11/2017 OCP-2017-0179 Nutrex Hawaii, Inc. Hackers/Unauthorized Access 1,168 Letter PDF
4/11/2017 OCP-2017-0180 Tempur-Pedic Hackers/Unauthorized Access 1,302 Letter PDF
4/11/2017 OCP-2017-0181 Plow & Hearth Hackers/Unauthorized Access 1,834 Letter PDF
3/9/2017 OCP-2017-0118 prAna Hackers/Unauthorized Access 1,553 Letter PDF
1/19/2017 OCP-2017-0034 Spiraledge, Inc. Hackers/Unauthorized Access 1,823 Letter PDF
8/22/2016 OCP-2016-0445 Active Outdoors Hackers/Unauthorized Access 3,984 Letter PDF
5/11/2016 OCP-2016-0247 doTERRA International, LLC Hackers/Unauthorized Access 17,315 Letter PDF
3/18/2016 OCP-2016-0145 BaileysOnline.com Hackers/Unauthorized Access 1,319 Letter PDF
2/9/2016 OCP-2016-0087 Gyft, Inc. Hackers/Unauthorized Access 1,706 Letter PDF
12/31/2015 OCP-2016-0044 Matson Navigation Company, Inc. Stolen Laptops, Computers & Equipment 1,150 Letter PDF
11/12/2015 OCP-2015-0692 Digital Theatre, LLC Hackers/Unauthorized Access 1,453 Letter PDF
10/12/2015 OCP-2015-0631 Scottrade Hackers/Unauthorized Access 32,778 Letter PDF
09/29/2015 OCP-2015-0605 Costco Photo Center Hackers/Unauthorized Access 4,436 Letter PDF
09/25/2015 OCP-2015-0602 Yapstone, Inc. Hackers/Unauthorized Access 3,486 Letter PDF
09/03/2015 OCP-2015-0543 Hawaii First Federal Credit Union Hackers/Unauthorized Access 5,965 Letter PDF
07/22/2015 OCP-2015-0447 UCLA Health Services Hackers/Unauthorized Access 5,446 Letter PDF
07/09/2015 OCP-2015-0419 Automotive Recovery Services, Inc. dba Vehicle Donation Processing Center Hackers/Unauthorized Access 1,163 Letter PDF
3/24/2015 OCP-2015-0207 Premera Blue Cross Hackers/Unauthorized Access 19,174 Letter PDF
02/20/2015 OCP-2015-0104 Oahu Publications Hackers/Unauthorized Access 3,543 Letter PDF
02/12/2015 OCP-2015-0082 Anthem, Inc. Hackers/Unauthorized Access 18,206 Letter PDF
12/19/2014 OCP-2014-1045 IBEW, Local 1357 Lost in Transit 4,360 Letter PDF
09/23/2014 OCP-2014-0884 Viator Hackers/Unauthorized Access 2,500 Letter PDF
09/10/2014 OCP-2014-0839 The Home Depot, Inc. Hackers/Unauthorized Access Unknown Letter PDF
07/29/2014 OCP-2014-0767 Time Northern Trust Company Release/Display of Information 1,267 Letter PDF
02/27/2014 OCP-2014-0113 AIG Life and Retirement, The Variable Annuity Life Insurance Co. Data Theft by Employee or Contractor 4,015 Letter PDF
01/25/2014 OCP-2014-0039 Neiman Marcus Group Hackers/Unauthorized Access 9,680 Letter PDF
12/20/2013 OCP-2014-0790 Target Corporation Hackers/Unauthorized Access 121,000 Letter PDF
12/13/2013 OCP-2013-0775 Maricopa Community College Hackers/Unauthorized Access 3,828 Letter PDF
12/09/2013 OCP-2013-0770 J.P. Morgan Chase Bank, N.A. Hackers/Unauthorized Access 3,903 Letter PDF
10/09/2013 OCP-2013-0653 Adobe Systems Hackers/Unauthorized Access 9,439 Letter PDF
11/28/2012 OCP-2012-1358 State of South Carolina, Dept. of Revenue Phishing 2,394 Letter PDF
02/21/2012 OCP-2012-0353 Trident University c/o Baker Hostetler, LLP Hackers/Unauthorized Access 1,423 Letter PDF
04/19/2011 OCP-2011-0599 ABM Industries Incorporated Stolen Laptops, Computers & Equipment 1,523 Letter PDF
03/17/2011 OCP-2011-0545 Health Net, Inc. Lost in Transit 1,175 Letter PDF
01/3/2011 OCP-2011-0153 Pentagon Federal Credit Union Hackers/Unauthorized Access 2,916 Letter PDF
01/05/2010 OCP-2010-0017 Lincoln Financial Advisors Corporation (LFA & LFS) Hackers/Unauthorized Access 2,100 Letter PDF
08/05/2009 OCP-2009-1374 Network Solutions, Inc. Hackers/Unauthorized Access 2,350 Letter PDF
10/14/2008 OCP-2008-1040 Wyndham Hotels and Resorts, LLC Hackers/Unauthorized Access 1,000 Not available
06/27/2008 OCP-2008-0755 Punahou School Stolen Laptops, Computers & Equipment 2,067 Not available
07/11/2008 OCP-2008-0692 24 Hour Fitness USA, Inc. Stolen Laptops, Computers & Equipment 1,506 Not available
06/26/2008 OCP-2008-660 National Western Life Insurance Company Release/Display of Information 1,011 Not available
04/18/2008 OCP-2008-0426 Lending Tree Data Theft by Employee or Contractor 8,368 Not available
12/27/2007 OCP-2008-0002 GE Money-Americas Data Theft by Employee or Contractor 1,181 Not available
09/28/2009 OCP-2007-1537 Gap Inc. Stolen Laptops, Computers & Equipment 2,100 Not available
09/14/2007 OCP-2007-1357 TD Ameritrade Hackers/Unauthorized Access 33,157 Not available
07/13/2007 OCP-2007-1017 Walt Disney Company, The dba Buena Vista Catalogue Company Data Theft by Employee or Contractor 2,457 Not available
07/04/2007 OCP-2007-0991 Fidelity National Information Services, Inc. dba FIS Data Theft by Employee or Contractor 6,000 Not available