Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
931,357,921 RECORDS BREACHED
(Please see explanation about this total.)
from 4,449 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
December 22, 2006 Utah Valley State College
Orem, Utah
EDU DISC

15,000

Social Security numbers and other personal information of students and faculty were accessible via Yahoo's search engine. The information was removed from UVSC's servers. Some Distance Education instructors and some students enrolled in UVSC courses between January 2002 and January 2005 were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 15,000

December 15, 2010 Social Security Administration Office of Temporary Disability Assistance
New York, New York
GOV INSD

15,000

A subcontractor illegally downloaded around 15,000 Social Security numbers while performing upgrades. People who had made Social Security disability claims may have been affected.

UPDATE (1/4/2011): Dates of birth, addresses and phone numbers may have also been accessed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 15,000

September 19, 2012 Blue Cross Blue Shield of Massachusetts (BCBS)
Boston, Massachusetts
MED INSD

15,000

A BCBS vendor misused BCBS employee information.  The misuse appears to have been limited to one instance.  Names, Social Security numbers, dates of birth, compensation information, and bank account information may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 15,000

November 28, 2012 Advanced Data Processing, Inc. (ADPI), Grady EMS
Roseland, New Jersey
BSF INSD

At least 15,000 people were affected.

Information from certain ambulance agencies was inappropriately accessed and disclosed.  Patient account information such as names, Social Security numbers, dates of birth, and record identifiers were exposed by a dishonest ADPI employee. ADPI learned of the breach on October 1. The dishonest employee was fired and apprehended by authorities.

UPDATE (12/04/2012): The former ADPI employee stole information associated with Grady EMS ambulance service. About 900 Grady EMS patients had their information exposed between June 15, 2012 and October 12, 2012.

UPDATE (01/05/2013): A detailed list of the organizations and number of people who were affected is available on phiprivacy.net herehttp://www.phiprivacy.net/?p=10825

UPDATE (03/08/2013): Osceola County EMS released a notification in March of 2013 here: http://tinyurl.com/a335kak

UPDATE (03/14/2013): The Yuma, Arizona Fire Department was also affected by the breach.  ADP handles the billing for Yuma's emergency medical services.  Names, Social Security numbers, dates of birth, and record identifiers may have been accessed.

UPDATE (08/28/2013): ADPI learned of the tax scheme after being notified by Tampa, Florida police.  The IRS confirmed that Valparaiso Fire Department information was compromised by the breach in July of 2013.  Patients seen at Valparaiso Fire Department or by Valparaiso Fire Department ambulances between January 1 and June 21 of 2012 may have had their names, Social Security numbers, and dates of birth exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 15,000

March 27, 2014 The University of Wisconsin-Parkside
Kenosha, Wisconsin
EDU HACK

15,000

Students were notified by officials from The University of Wisconsin-Parkside of a data breach that occured to their system by hackers that installed malware on one university server.

The information that is at risk includes names, addresses, telephone numbers, email addresses and Social Security numbers. The breach affects students who were either admitted or enrolled at the university since the fall of 2010.

The server was shut down and the hacking was reported to local authorities. After launching an investigation it appears the malware was searching for credit card information and they show no evidence that any Social Security numbers were compromised.

The university has set up a website with information for those who may have been affected http://www.uwp.edu/explore/contactus/index.cfm 

 
Information Source:
Media
records from this breach used in our total: 15,000

October 21, 2009 Roane State Community College
Harriman, Tennessee
EDU PORT

14,783

Hotline (865) 882-4688, (866) 462-7722 ext. 4688

Roane State Community College has announced that the names and Social Security numbers of 9,747 current or former students were on a data storage device stolen from an employee's vehicle, along with 1,194 current/former employees' information. The Social Security numbers alone, with no names, were also stolen for 5,036 additional current or former students. The data was on a 4GB USB drive used for work-related purposes. An employee took it home to do work after hours, and left it in the car. The employee forgot to lock the car doors. The USB drive was stolen along with a personal hand-held device.

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,783

September 29, 2006 University of Iowa Department of Psychology
Iowa City, Iowa
EDU HACK

14,500

A computer containing SSNs of 14,500 psychology department research study subjects was the object of an automated attack designed to store pirated video files for subsequent distribution.

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,500

September 1, 2011 Birdville
Haltom City, Texas
EDU HACK

14,500

Two students may face criminal charges for hacking into the Birdville School District's network server and accessing a file with 14,500 student names and Social Security numbers.  The students are a high school junior and a senior.  Students who attended during the 2008-2009 school year may have been affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 14,500

April 13, 2009 Moses Cone Hospital
Greensboro, North Carolina
MED PORT

14,380

Moses Cone Hospital is offering free credit monitoring to 14,380 patients after a laptop computer containing confidential information was stolen from a VHA employee's car. The information on the laptop, including patients' Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,380

June 3, 2013 Champlain College
Burlington, Vermont
EDU PORT

14,217

Those with questions may call 877-643-2062.

During the weekend of June 3, a hard drive was discovered to have been misplaced.  The device had been left unattended in a computer lab for about two days in March.  The hard drive contained names, Social Security numbers, and other information related to admissions and financial aid for the Fall 2010 through the February 2013 school terms.  Some graduate and continuing professional studies students may have also been affected.

 
Information Source:
Media
records from this breach used in our total: 14,217

October 20, 2009 ChoicePoint
Alpharetta, Georgia
BSO DISC

14,023

http://www.ftc.gov/opa/2009/10/choicepoint.shtm

ChoicePoint has been fined $275,000 by the U.S. Federal Trade Commission for a data breach that exposed personal information of 13,750 people last year. In April 2008, ChoicePoint turned off a key electronic security tool that it used to monitor access to one of its databases and failed to notice the problem for four months, according to an FTC statement. During that period, unauthorized searches were conducted for 30 days on a ChoicePoint database that contained Social Security numbers and other sensitive information.

UPDATE (9/22/10): The Federal Trade Commission mailed checks worth $18.17 to 14,023 ChoicePoint customers.  These checks were meant to cover the money and time customers spent monitoring their credit after ChoicePoint's 2008 breach.  ChoicePoint had been ordered to implement a comprehensive information security program after a 2006 breach.  Due to ChoicePoint's failure to do this, they suffered another breach and were fined.

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,023

March 24, 2006 Vermont State Colleges
Waterbury, Vermont
EDU PORT

14,000

Note: there are several locations in Vermont.  We list the Office of the Chancellor as the primary location.

A laptop containing Social Security numbers and payroll data of students, faculty and staff associated with the five-college system was stolen.  It contained information from as long ago as 2000.

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,000

April 28, 2006 U.S. Department of Defense
Washington, District Of Columbia
GOV HACK

14,000

A hacker accessed a Tricare Management Activity (TMA) public server containing personal information about military employees. TMA is used to provide health care services to military personnel and their families.

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,000

April 18, 2007 Ohio State University
Columbus, Ohio
EDU HACK

14,000

http://www.osu.edu/news/newsitem1673

A hacker accessed the names, Social Security numbers, employee ID numbers and birth dates of 14,000 current and former staff members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,000

October 2, 2007 The Nature Conservancy
Arlington, Virginia
NGO HACK

14,000

Additional locations: Little Rock, Fayetteville, Arkadelphia, Batesville and Ponca, (Arkansas)

A hacker illegally gained access to a computer of The Nature Conservancy containing personal information on current and former employees and their dependents. The stolen information included the names, home addresses, Social Security numbers and birth dates. It also included direct deposit bank account numbers for employees who were on the payroll between 2000 and 2004, as well as the Social Security numbers of those employees' dependents. When employees accessed a particular Web site, the site planted a program on the employees' computers that copied the contents of the hard drives and sent the information to the hacker.

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,000

February 17, 2009 Broome Community College
Binghamton, New York
EDU DISC

14,000

Broome Community College, sent out a mailing last week with Social Security number posted prominently on the back cover. The winter/spring 2009 alumni magazine was mailed to 28,000 people, it assumed that less than 14,000 copies had Social Security numbers on the magazine.

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,000

July 19, 2006 Group 1 Automotive Inc, Weinstein Spira & Company, P.C.
Houston, Texas
BSF PORT

14,000

Five laptops were stolen from a Weinstein Spira office sometime between the night of July 10 and the morning of July 11.  The laptops contained personal information of clients and the employees of clients. Names, addresses, Social Security numbers and financial data were accessed. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,000

September 28, 2011 Fairview and North Memorial Hospitals, Accretive
Minneapolis,
MED PORT

23,500 (14,000 SSNs or financial records reported)

The July 25 theft of a laptop resulted in the exposure of patient information.  It was stolen from a rental car parked in the parking lot of a Minneapolis restaurant.  The laptop was in the possession of an employee of the contractor Accretive.  It contained the names, addresses, dates of birth, medical information, and Social Security numbers of patients.  A total of 14,000 Fairview patients were affected.  Approximately 2,800 North Memorial patients were affected, but did not have their Social Security numbers exposed.

UPDATE (1/20/2012): A lawsuit was filed against Accretive Health, Inc. as a result of the breach. Approximately 23,500 patients in Minnesota were affected by the breach.  The Minnesota Attorney General claims that Accretive failed to protect patient health care records and failed to disclose its extensive involvement in patient health care.  According to the Minnesota Attorney General, Accretive gained access to sensitive patient data through contracts with the two hospitals and numerically scored patients' risk of hospitalization and medical complexity, graded their "frailty," compiled per-patient profit and loss reports, and identified patients deemed to be "outliers." The physical and mental health information included a checklist of 22 different chronic medical conditions that patients did or did not have.  This was without the knowledge or consent of patients and the Attorney General argues that patients had the right to know how their information was being used and to have it kept confidential.

Accretive tells investors that its contracts with hospitals include risk scoring patients, reducing avoidable hospital admissions, identifying the sickest and most impact-able patients for proactive management, and identifying real-time interventions with significant revenue or cost impact. The lawsuit alleges that Accretive violated state and federal health privacy laws, state debt collection laws, and state consumer protection laws.  It seeks an order requiring Accretive to fully disclose to patients: 1) what information it has about Minnesota patients; 2) what information it has lost about Minnesota patients; 3) where and to whom it has sent information about Minnesota patients; and 4) the purposes for which it amasses and uses information about Minnesota patients. In addition, the lawsuit asks Accretive to disclose whether it has sent health data about Minnesota patients to an offshore site in new Delhi, India and requests that restrictions be applied to how Accretive treats and uses patient data.

The press release from the Office of Minnesota Attorney General Lori Swanson can be found here.

UPDATE (08/24/2012): A settlement agreement with Accretive Health was announced at the end of July.  The settlement requires Accretive to stop doing business in Minnesota for two years and to pay approximately $2.5 million to the State of Minnesota, a portion of which will be used to compensate patients.

 
Information Source:
Databreaches.net
records from this breach used in our total: 14,000

March 12, 2012 Impairment Resources, LLC
San Diego, California
MED PORT

14,000

An office burglary on New Year's Eve 2011 resulted in the loss of hardware that contained sensitive personal information.  The full names, addresses, Social Security numbers, and medical information of clients were on the hardware.  Impairment Resources notified patients in February and then filed for bankruptcy in March. The high cost of handling the breach led directly to the decision to file for bankruptcy.

 
Information Source:
California Attorney General
records from this breach used in our total: 14,000

April 30, 2012 Volunteer State Community College
Gallatin, Tennessee
EDU DISC

14,000

Those with questions may call (615) 230-3390.

The University became aware of an unintended disclosure.  Files with the information of current and former faculty and former students were placed on a web server that was not secure.  The information could have been accessed anytime between 2008 and the discovery of the error.  Names and Social Security numbers were exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 14,000

December 5, 2012 California Department of Healthcare Services
Sacramento, California
MED DISC

14,000

Those who may have been affected may call 1-855-297-5064 for assistance from DHCS.

Names and Social Security numbers were discovered on the website of the Department of Health Care Services.  People who sent their information in order to become a provider of In-Home Supportive Services (IHSS) may have had their information exposed online between November 5, 2012 and November 20.  The issue was discovered on November 14 and was not fully addressed until November 20.  

The list should have only contained provider names, addresses, and provider types. It also contained Social Security numbers that were listed in the column for Provider Billing Numbers.  The Social Security numbers were not easily recognizable in this format.

UPDATE (12/11/2012): Nearly 14,000 people were affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 14,000

March 17, 2014 Maryland Department of Health and Mental Hygiene
Baltimore, Maryland
GOV HACK

14,000

"The Department of Health and Mental Hygiene says hackers hit Service Coordination Incorporated of Frederick, which provides case management services to nearly 14,000 Maryland residents.

SCI,in a letter provided to WBAL News, indicates that its computers were hacked between October 20th and October 30th and that access was gained to confidential information.

That potentially includes names, social security numbers, medical assistance numbers, and other vital information, some shared with the Maryland Developmental Disabilities Administration".

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 14,000

June 3, 2013 Office of Dr. Lee D. Pollan, DMD, PC.
Rochester, New York
MED PORT

13,806

The theft of the doctor's laptop may have exposed patient information.  The theft occurred sometime between November 6, 2012 and November 15, 2012.  Information related to patient names, dates of birth, addresses, Social Security numbers, diagnose and surgery billing codes, dates of service, and person responsible for the billing was on the laptop.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 13,806

August 30, 2008 National Technical Institute for the Deaf and Rochester Institute of Technology
Rochester, New York
EDU PORT

13,800

RIT Hotline through 9/26/08 (866) 624-8330, RIT Public Safety (585) 475-2853

http://www.rit.edu/news/?v=46283

A recently stolen laptop contained the names, birth dates and Social Security numbers of about 12,700 applicants to the National Technical Institute for the Deaf and another 1,100 people at Rochester Institute of Technology. The laptop belonged to an employee and was stolen on Monday from an office at NTID. People at RIT, who are not affiliated with NTID, are affected because their personal information was being used as part of a control group in an internal study.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,800

August 16, 2010 Aultman Health Foundation
Canton, Ohio
MED PORT

13,800

On June 7, a laptop was stolen. Patient information from the Aultman Healthcare in Your Home program may have been exposed. This information included names, insurance identification numbers, health information, telephone numbers, addresses, dates of birth and Social Security numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 13,800

February 22, 2012 Coca-Cola Company Family Federal Credit Union
Atlanta, Georgia
BSR PORT

13,800

The theft of two laptops resulted in the exposure of credit union member information. The laptops were stolen on December 21, 2011 and contained names and Social Security numbers, as well as credit card numbers in some cases.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,800

July 25, 2006 Cablevision Systems Corp., ACS, FedEx
Bethpage, New York
BSO PORT

13,700 current and former employees

Additional locations: Dallas, TX, Connecticut, New Jersey and New York

A tape en route to the company's 401(k) plan record-keeper ACS was lost when shipped by FedEx to Dallas, TX. No customer data was on the tape.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,700

January 3, 2013 King Drug & Home Care
Owensboro, Kentucky
MED PORT

13,619

An employee reported that a portable hard drive was missing on November 23, 2010.  The device had last been seen sometime around November 19.  The data on the device included information from before July 31, 2009.  Client names, Social Security numbers, medical record numbers, account numbers, dates of service, race, insurance carriers and insurance numbers, addresses, phone numbers, sex, dates of birth, diagnosis information, allergies, initial referral forms, patient assessments/plans of care, physician orders and/or delivery ticket information may have been on the hard drive.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 13,619

April 3, 2013 United HomeCare Services, Inc., United Home Care Services of Southwest Florida, LLC
Fort Myers, Florida
MED PORT

13,617

A total of 12,299 United HomeCare Services, Inc. clients were affected. Additionally, 1,318 United Home Care Services of Southwest Florida clients were affected. 

The January 8 theft of a billing manager's laptop resulted in the exposure of patient information.  It was stolen from the manager's car.  It contained client names, Social Security numbers, health plan numbers, dates of birth, and addresses dating as far back as 2002.  Some patients may have also had treatment service codes or diagnostic codes on the laptop.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 13,617

April 18, 2011 UMass Memorial Healthcare
Worcester, Massachusetts
MED DISC

13,500

Employees were able to access the pay stub information of other employees at shared workstations.  Any UMass Memorial employee who accessed their HRConnect by using one of the 10 malfunctioning kiosks or shared workstations between October 7 and March 11, 2011 may have been affected.  The problem was fixed as of March 16.  Employees were able to access the names, bank names, bank transit numbers and bank account numbers of previous employees who had used the kiosks to connect to HRConnect. The portion of the 13,500 employees who were affected is unknown.

 
Information Source:
Databreaches.net
records from this breach used in our total: 13,500

July 13, 2009 LexisNexis
Dayton, Ohio
BSO UNKN

13,329

LexisNexis has warned more than 13,000 consumers that a Florida man who is facing charges in an alleged mafia racketeering conspiracy may have accessed some of the same sensitive consumer databases that were once used to track terrorists. The accused would provide names, addresses and account numbers as part of a fake check-cashing operation. But he's also accused of using computer databases to get information on potential extortion or assault targets as well as individuals suspected by the Enterprise members of being involved with law enforcement.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,329

May 6, 2011 E-Pro Tax Service, Emory Healthcare
Chicago, Illinois
BSF INSD

13,079

An investigation into a few stolen Social Security checks that had been fraudulently deposited into Duluth banks uncovered three separate identity theft rings.  At least six conspirators managed to defraud 5,779 people.  A former real estate broker created a tax service company in order to access credit reports from a third-party credit reporting agency.  Names, dates of birth and Social Security numbers were exposed.  The former real estate agent then made about $2.5 million by stealing Social Security checks, filing 393 fraudulent tax returns and passing counterfeit checks.  After police linked her to the stolen Social Security checks, they searched her home and found boxes of financial documents which included old mortgage applications, tax forms and HUD documents.  Investigators have not charged any other conspirators and do not believe that the woman was the head of the operations.

UPDATE (10/24/2011): More organizations were linked to the breach when investigators searched the dishonest employee's home.  The dishonest employee had a connection with a someone who used to work as a clerk at the hospital.  More than 3,000 patient bills containing names, Social Security numbers, dates of birth, and other confidential information were printed by the inside contact.  The hospital bills of at least 32 Emory orthopedic clinic patients were stolen and used to file fraudulent tax returns.  Nine patients became identity theft victims. Emory notified 7,300 employees of the breach and had fired the dishonest clerk in July.

 
Information Source:
Databreaches.net
records from this breach used in our total: 13,079

November 11, 2005 Georgia Tech University Office of Enrollment Services
Atlanta, Georgia
EDU STAT

13,000

On October 16 of 2005 computers were stolen from campus which contained the names, Social Security numbers, addresses and birth dates of current and prospective students. Notifications were sent to those who were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

June 18, 2006 ING U.S. Financial Services, Jackson Health System
Miami, Florida
BSF PORT

13,000

Two ING laptops that carried sensitive data affecting Jackson Health System hospital workers were stolen in December 2005. The computers, belonging to financial services provider ING, contained information gathered during a voluntary life insurance enrollment drive in December and included names, birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

June 18, 2006 ING U.S. Financial Services
Washington, District Of Columbia
BSF PORT

13,000

A laptop was stolen from an employee's home.  It contained retirement plan information including Social Security numbers of D.C. city employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

June 26, 2006 AAAAA Rent-A-Space
Colma, California
BSO DISC

13,000

Customer's account information including name, address, credit card, and Social Security number was easily accessible due to a security gap in AAAAA's online payment system.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

May 11, 2007 Highland Hospital (Rochester, NY)
Rochester, New York
MED PORT

13,000

HighlandHospitalAdmin@urmc.rochester.edu

Two laptop computers, one containing patient information including Social Security numbers, were stolen from a business office. The computers were sold on eBay, and the one containing personal information was recovered.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

August 29, 2008 Louisiana Real Estate Commission
Baton Rouge, Louisiana
GOV DISC

13,000

A glitch during a computer upgrade caused the names, addresses and Social Security numbers of licensed agents to be exposed on the Internet. The commission was transferring its online programs to a new server when the sensitive electronic file, which is not normally posted on the Internet, was left unsecured and slipped in among the commission materials that could be seen online.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

August 30, 2008 Ohio Police & Fire Pension System
Columbus, Ohio
GOV INSD

13,000

A former mailroom supervisor at the Ohio Police & Fire Pension System forwarded the names, addresses and Social Security numbers from his work e-mail address to his personal e-mail address before quitting his job. The file contains information for 13,000 of the approximately 24,000 retired members of the Ohio Police & Fire Pension System, most of whom are former police officers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

January 6, 2010 Eugene School District
Eugene, Oregon
EDU HACK

13,000

Email databreach@4j.lane.edu or call (541) 790-7730 for more information.

Hackers breached the security of a computer server containing the names, phone numbers and employee ID numbers of current and former Eugene School District employees. The server in question did not contain other personal information but was attached to servers that contain Social Security numbers and other sensitive data. It is possible that the individuals responsible may have accessed names, addresses, dates of birth, Social Security numbers, tax identification numbers and direct-deposit bank account information for current and former staff members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

June 25, 2010 University Hospital
Augusta, Georgia
MED PORT

13,000

Two backup tapes containing personal information have gone missing. The hospital does not suspect theft and does believe that there is a very low probability that the personal information on the tapes can be misused. However, credit monitoring services are being offered to those who were affected. The hospital gave up looking for the tapes on May 7th and began notifying patients in late June. 

Per phone interview with University Hospital, Social Security number were involved but they are unaware of any financial data involved in this breach.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

November 13, 2007 Youth Women's Christian Association (YWCA)
New York, New York
NGO STAT

13,000

Staff discovered that a computer had been stolen from the office sometime around October 1.  It contained the names and Social Security numbers of active participants in the YWCA Retirement Fund.  Individuals who participated between January 1, 2002 and September 28 were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

February 23, 2011 Chapman University, Brandman University
Los Angeles, California
EDU DISC

13,000

A student discovered a document with sensitive information in an unsecured folder. It contained names, Social Security numbers, student ID numbers and financial aid information. Around 11,000 current and former Chapman students, 1,900 applicants and an unspecified number of Brandman students were affected. Only students and people affiliated with the University could have accessed the file, and it appears that the student who reported the incident was the only one who accessed the file.

 
Information Source:
Databreaches.net
records from this breach used in our total: 13,000

March 29, 2011 BP Global
New Orleans, Louisiana
BSO PORT

13,000

An employee lost a laptop that contained the personal information of people who were seeking compensation for damages caused by BP's 2010 oil spill. The laptop was lost on March 1 of 2011 while the employee was traveling for business. It contained a spreadsheet with claimant names, Social Security numbers, addresses and phone numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 13,000

July 30, 2011 Belmont Savings Bank (BSB)
Boston, Massachusetts
BSF PORT

13,000

Belmont Savings Bank has agreed to pay a fine of $7,500 related to a consumer data breach case with the Massachusetts attorney general's office.  In May, a bank employee left a backup tape on a desk rather than storing it.  A cleaning crew disposed of the tape later that night.  Names, Social Security numbers and account numbers were exposed.  The tape contained the personal information of over 13,000 customers, but is believed to have been incinerated after disposal along with other sensitive materials from BSB.

 
Information Source:
Databreaches.net
records from this breach used in our total: 13,000

September 14, 2012 Feinstein Institute for Medical Research
Manhasset,
MED PORT

13,000

Those with questions may call 888-591-3911.

A laptop stolen on or around September 2, 2012 contained current and former patient names, Social Security numbers, and other personal information.  The laptop was taken from the car of a contractor or employee and may have also contained current and former patient mailing addresses, dates of birth, and medical information. Participants in about 50 different research studies that date back an unknown number of years were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 13,000

September 6, 2013 Conexis, State of Virginia
Blacksburg, Virginia
EDU DISC

13,000

Employees of the state of Virginia who are enrolled in the Commonwealth's 2014 Flexible Spending Account had their information exposed.  Conexis erroneously sent summary reports of Blue Cross/Blue Shield Flexible Spending Account Services to 11 state human resources and payroll employees.  The reports included participants from across the state rather than from specific locations related to the human resources and payroll employees' work.  The human resources and payroll employees who received information that was not intended for them signed a certification confirming that they had deleted or destroyed the information.

 
Information Source:
Media
records from this breach used in our total: 13,000

February 10, 2014 University of Miami Health System
Miami, Florida
MED PHYS

13,000

The University of Miami Health System (UHealth) notified patients of a data breach when an offsite storage vendor communicated that the records could not be located. The Health System, which is one of the largest health providers in Southern Florida, discovered the breach on June 27, 2013. They have just recently begun notifying patients of the breach.

The information in the missing files included patient names, dates of birth, physician names, insurance company names, medical record names, facility visited, procedures, diagnostic codes, and Social Security numbers.

More Information: http://blogs.miaminewtimes.com/riptide/2014/02/security_breach_at_jackso...

UPDATE (8/26/2014): The University of Miami Health System has agreed to a class-action settlement for the data breach that occurred in 2013 when records went missing from an offsite storage facility the medical system used.

Under the settlement agreement, the UHealth will be required to conduct various risk assessments, remediate any identified problems, and ensure vendors have adequate security controls in place. The agreement states that the university will pay $100,000 in individual claims, $90,000 in attorneys’ fees, and $1,500 to the named plaintiff that initiated the lawsuite. Both parties have asked the federal district court to approve the recently-filed proposed settlement agreement.  http://www.phiprivacy.net/wp-content/uploads/Carsten_proposedsettlement.pdf

 

 
Information Source:
Media
records from this breach used in our total: 13,000

April 3, 2007 Commerce Banc Insurance Services (CBIS)
Cherry Hill, New Jersey
BSF PORT

12,876

A CBIS vendor had a laptop stolen.  CBIS employees may have had their names, Social Security numbers, and possibly health information exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,876

December 9, 2011 Logan County Emergency Ambulance Service Authority (LEASA)
Logan, West Virginia
MED PORT

12,563

Affected patients may call (304) 792-0191 (ext. 201) or email psheppard@leasa.org for more information.

A laptop was discovered missing on October 1, 2011.  It was either lost or stolen.  It contained names, Social Security numbers, addresses, and health information from patients. The laptop appears to have not been used to connect to the internet since October 1 and LEAS is attempting to block potential use of the device.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 12,563

Breach Total
931,357,921 RECORDS BREACHED
(Please see explanation about this total.)
from 4,449 DATA BREACHES made public since 2005
Showing 601-650 of 4449 results


X

Sign In!

Loading