Iowa Attorney General

Security Breach Notifications

Anyone who encounters a security breach that affects at least 500 Iowa residents must provide written notice to the Attorney General’s Consumer Protection Division Director within five business days after notifying affected people.

Iowa law (Iowa Code Chapter 715C) defines a security breach as any unauthorized acquisition of personal information “maintained by a person in any medium, including on paper, that was transferred by the person to that medium from computerized form and that compromises the security, confidentiality, or integrity of the personal information.”

Personal information includes a Social Security number, driver’s license or unique government identification number, financial account number, credit or debit card number in combination with a required expiration date or other password or security code that would permit access to a person’s financial account, and unique biometric data.

Personal information includes information that is encrypted, redacted, or somehow altered so that it is unreadable, if the keys to unencrypt, remove redactions, or otherwise read the information, have also been obtained through the breach.

The Consumer Protection Division maintains all security breach notifications filed since the law took effect on July 1, 2014. 





Consumer Protection Division
Security Breach Notifications
Office of the Attorney General of Iowa
1305 E. Walnut Street
Des Moines, Iowa 50319-0106



2016 21st Century Oncology
  Advance Auto Parts
  Atlantis, Paradise Island
  Banner Health
  CiCi Enterprises, LP
  Costco Photo Center
  Eddie Bauer, LLC
  Empathia, Inc.
  EqualizeRCM Systems
  Gyft, Inc.
  HK Financial Services
  Hyatt Hotels Corporation
  JB Autosports
  Katherman Kitts & Co. LLP
  Kimpton Hotels & Restaurants
  Landry's, Inc.
  Luther College
  Madison Square Garden Company (MSG)
  Mercy Iowa City
  Michigan State University
  Molo Companies
  New Jersey Spine Center
  Noodles & Company
  Olympia Hotel Management, LLC
  Omni Hotels & Resorts
  Quality Food Service, Inc. [Wendy's]
  Schwaab, Inc.
  Schwan's Home Service Inc. [Schwan's]
  Seim Johnson, LLP
  Stamford Podiatry Group
  Vera Bradley
  Western Union Financial Services
2015 Anthem Blue Cross Blue Shield
  Anthem Blue Cross Blue Shield Supplement 1
  Anthem Blue Cross Blue Shield Supplement 2
  Automotive Recovery Services, Inc.
  Bulk Reef Supply, Inc.
  Bulk Reef Supply, Inc. Supplement
  CICS Employment Services, Inc.
  Copart Inc.
  CVS Pharmacy
  Delaware Department of Justice, Investor Protection Unit
  EyeBuyDirect, Inc.
  Hard Rock Hotel & Casino Las Vegas
  Hilton Worldwide, Inc.
  Honig's Whistle Stop
  HSBC Finance Corporation
  Medical Informatics Engineering
  Medical Informatics Engineering Supplement
  Montefiore Health System
  Park 'N Fly
  Premera Blue Cross
  Premera Blue Cross Supplement
  Sally Beauty Holdings
  Service Systems Associates, Inc.
  Shell Vacations Club LLC
  Snappy Popcorn
  Staples, Inc.
  Sterling Backcheck
  Sterling Backcheck Supplement
  The Lifetime Healthcare Companies
  T-Mobile USA, Inc.
  T-Mobile USA, Inc. Supplement
  Trustmark Mutual Holding Company
  UCLA Health
  The Wendy's Company
2014 AB Acquisition LLC
  Blue Zebra
  Heartland Bank
  The Home Depot
  International Dairy Queen, Inc.
  Jimmy John's Franchises LLC
  Service Alternatives
  Visionworks 1
  Visionworks 2
2013 DaVita
  Mass Mutual Financial Group 1
  Mass Mutual Financial Group 2
  Mass Mutual Financial Group 3
  Quayside Publishing Group
  TerraCom Wireless
  WorldVentures Marketing, LLC
2012 Akliz, Inc.
  Great River Entertainment, LLC
  Impairment Resources
  Nationwide Insurance Co.
  Transcend Capital
  University of North Carolina at Charlotte
2011 Citibank (South Dakota), N.A.
  Epsilon Data Management, LLC
  Health Net
  Nordstrom, Inc.
  Sony Online Entertainment


© 2017 State of Iowa Office of the Attorney General. All rights reserved.