This incident has 0 proposed changes. Know of details that have changed? Submit them Showing Incident 1230

SUMMARY

SQL Injection Hack exposes names, credit card numbers, CVV codes, of hundreds.
Records	4,943
Record Types	CCN
Breach Type	Hack
Data Family	Electronic
Source	Outside
Organization	The Image Group of Toledo, Inc.
Other Affected/Involved Organizations	None
Lawsuit?	NO/UNKNOWN
Data Recovered?	NO/UNKNOWN
Arrest?	NO/UNKNOWN
Submitted By:	d2d

Date	Event
2008-08-06	Incident Occurred
New Timeline Item For Incident Occurred Date Reference URL Spam Check: Are you human?
2008-08-26	Incident Discovered By Organization
New Timeline Item For Incident Discovered By Organization Date Reference URL Spam Check: Are you human?
2008-09-29	Organization Reports Incident
New Timeline Item For Organization Reports Incident Date Reference URL Spam Check: Are you human?
2008-10-06	Organization Mails Notifications
New Timeline Item For Organization Mails Notifications Date Reference URL Spam Check: Are you human?
None. Add Data	Records Recovered
New Timeline Item For Records Recovered Date Reference URL Spam Check: Are you human?
None. Add Data	Lawsuit Filed
New Timeline Item For Lawsuit Filed Date Reference URL Spam Check: Are you human?
None. Add Data	Arrest Made
New Timeline Item For Arrest Made Date Reference URL Spam Check: Are you human?

records	date	organizations
2,800	2005-12-12	Aid To The Church In Need
3,800	2005-12-19	Guidance Software
14,277	2006-04-28	U.S. Department of Defense, Tricare Management Activity
9,300	2006-05-19	Unknown Organization, Frost Bank

Address: United States
Have a better address for this incident? Suggest it!

No known costs for this incident.

Ponemon Institute Direct Costs Estimate ¹

$296,580.00

Note that these estimates are based on the Ponemon Institute's 2009 direct costs figures from their 2009 Annual Study: Cost of a Data Breach. We multiply $60.00 by the number of records to obtain this figure. Keep in mind that depending on the breach, the direct costs are not always suffered by the breached organizations. In the case of credit card number breaches, the direct costs can often be suffered by banks and card issuers. Also note that this is only an estimate.

add details to this primary source Description
Breach notification letter from the Image Group.
Filename	Source	Researcher	Incident IDs
MD_ITU159174.pdf	Maryland Attorney General	kirniki	<a href='/incidents/show/1230'>1230</a>
Records	File Date	Uploaded	Updated
258	2008-09-29	2008-12-04	23 Sep 12:46
Excerpt
Toledo-Cleveland·P1ffsburgh·AnnArb¤rg€ Ip .,` stm D `.,.,._ Mg ,,,..,,..,.,,,$_m @,&~...

add details to this primary source Description
Breach notification letter sent from the Image Group to New Hampshire.
Filename	Source	Researcher	Incident IDs
NH_imagegroup.pdf	New Hampshire Consumer Protection & Antitrust Bureau	kirniki	<a href='/incidents/show/1230'>1230</a>
Records	File Date	Uploaded	Updated
37	2008-09-29	2008-12-04	23 Sep 14:55
Excerpt
o .. ,WW. . . ..Q.. ®‘??¥? ?*i H #?·i Z v.»W —.w.»w.1iweirrio<;eaqr<;»o:;¤ne? i‘:ii~¢d»> L.!·av<·v3::¤ September 29, EGGS Cnrysmahzzaiyn...

add details to this primary source Description
Personal information about name, address, social security number accessed by a hacker, using SQL injection
Filename	Source	Researcher	Incident IDs
20080929-Image_Group.pdf	Maine Attorney General	d2d	<a href='/incidents/show/1230'>1230</a>
Records	File Date	Uploaded	Updated
Not yet entered	2008-09-29	2009-01-12	29 Jan 14:36
Excerpt
fsé ig; »: V; ··V. 3 s A, _ Tolecio·Cle»¤ ond · M rglvftnn A rb r $ E; VV\N\NvThSlmGgQgrOUp`n€i September 29, 2008 [urp¤mt¤He¤dqumters: liiitmpnmtetlma in anu: I "°““"l·l’“ *3528 Mr. Steven Rowe...

add details to this primary source Description

Filename	Source	Researcher	Incident IDs
VA_09292008_the_image_group.pdf	Virginia Attorney General	jkouns	<a href='/incidents/show/1230'>1230</a>
Records	File Date	Uploaded	Updated
Not yet entered	2008-09-29	2009-02-03	09 Feb 01:13
Excerpt
· 2 · 0‘ fi; i J, __ fg · " * ine: rt t;:;;=5;;;_;n_i;g t¤:g· Septe1nher29,200S Ji: ri`. r:r;J.;..` ` l t ' ’‘ Mr. Robert McDonnell ’” ' " Office ofthe Attorney General l`...

there is/are 1 updates pending moderation for this source Description
New York Data Breach Notification : SQL injection attack on database resulted in name and credit card information being disclosed.
Filename	Source	Researcher	Incident IDs
Image-Group-of-Toledo-OTHER.pdf	New York State Consumer Protection Board	cwalsh	<a href='/incidents/show/1230'>1230</a>
Records	File Date	Uploaded	Updated
202	2008-09-29	2009-05-07	06 Jul 08:37
Excerpt
X Q- ` . » Q- N Q» J lm »w»»x·v.iiwezeim<;:;;gogsr>air>_not September 29, 2008 omnnrrmdqmnm l25SC¤m¤mze0m¤ anna: “°‘°'“·°“ 35** Ms. Mindy Bockstein “"°*""·”“·““’ New York Consumer Prote...

add details to this primary source Description
Massachusetts Data Breach Notification : Website hack allowed access to personal information.
Filename	Source	Researcher	Incident IDs
20080929_the_image_group.pdf	Massachusetts Attorney General	d2d	<a href='/incidents/show/1230'>1230</a>
Records	File Date	Uploaded	Updated
106	2008-08-29	2009-08-08	19 Aug 17:01
Excerpt
Vl/VV\N.lll9lmOg€gfOUp.D€l September 29, 2008 (mpumellmdmmus t25SC¤p¤u•eum E0.Bnxll47 ‘""‘°“ ‘”’“ Ms. Martha Coakley ‘°°"’·"“·”°° Office of the Attorney General ‘°'”°“°°°·°‘°·"" One Ashburton Pla...

add details to this primary source Description
Massachusetts Data Breach Notification : Hack of website allowed access to personal information.
Filename	Source	Researcher	Incident IDs
20080929_the_image_group_MA.pdf	Massachusetts Attorney General	d2d	<a href='/incidents/show/1230'>1230</a>
Records	File Date	Uploaded	Updated
106	2008-08-29	2009-08-08	19 Aug 17:01
Excerpt
September 29, 2008 tnpmH¤ml¤p¤n¤=; l2SS€upn¤¤eDn¤ RD.BuxlI4T “‘"l“" 35** Ms. Martha Coakley “'°°"’·“‘“°° Office of the Attorney General ‘°'F”°°”°°·“"°·“"‘ One Ashburton Place *"""·“"~”°" Boston,...