Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
931,529,111 RECORDS BREACHED
(Please see explanation about this total.)
from 4,467 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
January 24, 2014 Coca-Cola Company
Atlanta, Georgia
BSO PORT

Unknown

The Coca-Cola Company announced the theft of several computers from one of their locations that contained personal information on employees and other individuals. The company did not detail the specific information that was stored on the stolen computers. The theft was discovered on December 19, 2013.

UPDATE (11/13/2014): "A class action lawsuit has been filed against the Coca-Cola company and its regional distribution subsidiaries on behalf of 70,000 people whose information and identities have been allegedly compromised by the theft of 55 laptops from the company's Atlanta headquarters over a six year period."

The company did not notice the theft of these laptops until November of 2013 prompting the company to send notices to those affected in January 2014. According to the company 18,000 individuals had Social Security numbers affected, and an additional 56,000 individuals that may have had their drivers license information compromised. The laptops were not encrypted and along with the above information, the laptops may have also included names, addresses, ethnicity and other personal information.

The class action suit alleges that the company failed to protect personal data, but failed in adequately notifying victims of the breach.

More Information: http://pennrecord.com/news/15093-class-action-filed-against-coca-cola-fo...

 
Information Source:
California Attorney General
records from this breach used in our total: 18,000

January 24, 2014 St. Francis Hospita and Medical Centers
Hartford, Connecticut
MED PHYS

Unknown

St. Francis Hospital announced a breach of 858 patient records when physical patient files were stolen from a contracted emergency room physicians car. The files included patient names, patient medical record numbers and dates of birth. No Social Security numbers or financial records were compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 858

January 23, 2014 W.J Bradley
Centennial, Colorado
BSF INSD

Unknown

W.J Bradley Mortgage Capital, LLC announced in a letter to customers that information disclosed to the Emery Team at W.J Bradley Mortgage Capital, LLC in connection with numerous loan transactions had been breached. According to the company, information on specific loan transactions had been taken from their computer systems and copied by several former loan officers of the company. This information was then shared with another mortgage company not associated with W.J Bradley.

The company communicated that the information taken included income, marital status, and loan information. There is no evidence that the information was released to the public at large.

A court order was obtained by W.J Bradley requiring the return of all private customer information to the company, prohibiting the defendants from sending that information to others, and requiring that the defendants destroy all copies of the information in their possession.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 20, 2014 Dartmouth-Hitchcock
Lebanon, New Hampshire
BSO HACK

Unknown

Dartmouth-Hitchcock informed patients of a security breach involving their personal information that is maintained by the company.

On or around December 3, 2013, the company discovered that, as a result of a phishing incident, certain employee user accounts had unauthorized activity in the Employee Self Service Direct Deposit Payroll system.

The company launched an investigation and found further unauthorized access to this same system from October 6, 2013 through December 2, 2013. The information accessed included full names, bank account information (routing and checking account numbers), Social Security numbers along with other information the employee supplied to the self service system.

Employees are asked to call IS Security Manager, Charles Goff at 1-603-653-1380 or email IS-Security@hitchcock.org.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

January 17, 2014 Easton-Bell Sports Inc.
Van Nuys, California
BSR HACK

Unknown

Easton Bell Sports Inc., out of Van Nuys California informed customers of a data breach in December. The company has stated that one of their vendors servers was the attack of vicious malware and was breached on or around December 1, 2013.

The breach may have impacted online purchases made from December 1, 2013 to December 31, 2013. The customer information breached may have included names, addresses, phone numbers, email addresses, credit card numbers, along with the 3 or 4 digit security code on the back of cards.

Once the breach was discovered, the company immediately shut the server down and took steps to stop any further infiltration of the system. The company has hired a computer forensics expert to conduct an investigation.

The amount of customers affected is currently unknown.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 17, 2014 E-Benefits Department of Veteran Affairs
, District Of Columbia
GOV UNKN

Unknown

As reported by a local T.V station in Moore County North Carolina, a Navy veteran  reported to have been utilizing the E-Benefits portal through the Department of Veteran Affairs to check his own benefits. He was on the VA's E-Benefits website trying to track down his own history for a bank loan. Instead, windows kept popping up displaying other veterans' medical and financial information. He has since reported the issue to the Department of Defense, the VA and Senator Kay Hagan's office.

The VA has responded with a statement to ABC11 on Friday January 17, 2014 with the following:

"The Department of Veterans Affairs (VA) takes seriously our obligation to properly safeguard personal information.  Wednesday evening, during a process to improve software supporting the joint VA and Department of Defense benefits web portal eBenefits, VA discovered a software defect. During that limited timeframe, some Veterans and Servicemembers who had registered and logged into eBenefits were able to see a combination of their own information as well as data from other eBenefits users.  VA took immediate action upon discovering the software defect and shut the eBenefits system down in order to limit any problems.  VA is conducting a full review to be certain the underlying technological issues have been resolved before the system is returned to operation.

VA's independent Data Breach Core Team (DBCT) is reviewing this issue and believes a relatively limited number of Veterans have been affected. Once the DBCT determines the number of users impacted, their identities and other pertinent facts, VA will take the appropriate response, which may include free credit monitoring for the affected individuals, consistent with VA's standard practice".

 
Information Source:
Media
records from this breach used in our total: 0

January 15, 2014 South Carolina Department of Employment and Workforce
Columbia, South Carolina
GOV INSD

4,658

 A South Carolina Department of Employment and Workforce human resources employee allegedly downloaded the personal information of 4,658 current and former DEW employess to a personal device, according to authorities.

The data downloaded may have included payroll information, Social Security numbers and bank account information. The employee has since been fired. The incident allegedly occurred on December 18, 2013.

 
Information Source:
Media
records from this breach used in our total: 4,658

January 15, 2014 City of Burlington
Burlington, Vermont
GOV DISC

Unknown

The Office of The Clerk/Treasurer for the City of Burlington informed individuals that their names and Social Security numbers were inadvertently left unredacted as part of the individuals request for a tax abatement that was provided to the Burlington Board of Tax Abatement (which is made up of the City Council, Mayor and CIty Assessor).

The information was part of a clickable agenda item that was posted on the City Council's website on January 9, 2014, the information was redacted on January 13, 2014.

Those affected with questions can call Bob Rusten, Chief Administrative Officer at 1-802-865-7000.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

January 14, 2014 Southwest General Health Center
Middleburg Heights, Ohio
MED PHYS

480

Southwest General Hospital notified approximately 480 patients who were part of a obstetrics study that some of their private information was recently lost, including names, data on births, clinical information and medical record numbers. The data was included in one binder and the binder was discovered missing early in December 2013. The binder did not include Social Security numbers or financial information.

 
Information Source:
Media
records from this breach used in our total: 0

January 14, 2014 NORCOM-North East King County Regional Public Safety Communication Agency
Bellevue, Washington
GOV HACK

6,000

The North East King County Regional Public Safety Communication Agency (NORCOM) has announced a security breach of a server that stored records of an estimated 6,000 medical responses for Duvall Fire District 45, Skykomish Fire Department and Snoqualmie Pass Fire & Rescue. Currently, the investigation has revealed that the medical response records breached included names, addresses, dates of birth, nature of emergency call and initial medical condition.

The breach also included personnel data for 231 full-time and volunteer firefighters who work or have worked for the three agencies. This information could include drivers license informatin, date of birth, Social Security numbers, emergency contact and limited medical information.

 
Information Source:
Media
records from this breach used in our total: 231

January 13, 2014 Update Legal
San Francisco, California
BSO INSD

Unknown

On or around September 9, 2013, Update Legal was informed by San Francisco Police that a suspect in custody had digital photographs of I-9 forms on the smartphone in this persons possession. This individual potentially obtained Social Security numbers, date of birth, driver's license numbers, email addresses, passport identification, state ID cards, military dependent's ID cards, US Citizen's ID cards, Certification of Birth Abroad, Birth Certificates and addresses.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 10, 2014 Neiman Marcus
Dallas, Texas
BSR HACK

1.1 million

Neiman Marcus confirmed that its database of customer information was hacked last month, around mid-December, the same time that Target stores were targeted. The case is similar to the Target case in that only retail shoppers were affected, no online shoppers were affected.

The cause, size and duration of the attack are not yet known and should start to be revealed once a third party investigation is completed. The company is also working with the Secret Service, which is customary in these types of attacks.

UPDATE (1/16/2014): It has been reported that the breach at Neiman Marcus could as far back as July 2013 and that the breach was not fully contained until Sunday January 12, 2014. Neiman Marcus is still not communicating the total amount of individuals affected, but did comment that "some of their customers" payment cards were used fraudulently and have taken steps to notify those customers. They still do not believe that Social Security numbers or birth dates were affected.

UPDATE (1/25/2014): Neiman Marcus released a statement that approximately 1.1 million individuals have been affected by the recent data breach to their system.

 
Information Source:
Media
records from this breach used in our total: 1,100,000

January 10, 2014 Alamance County Department of Social Services
Burlington, North Carolina
GOV INSD

33

Rakecia Matrese Brame, a former social worker for the Alamance County Department of Social Services in North Carolina, pled quilty to identity theft, tax, and fraud charges. According to court documents, Brame was employed as a social worker from 2009 to 2011 and was responsible for investigating claims of abuse and neglect against minors and disabled adults. She had authorized access to their system which included names, dates of birth and Social Security numbers of Alamance DSS clients.

Brame used her access to identifying information contained in Alamance DSS records to illegally obtain the personal identifying information of clients and others. She would then sell that information to two tax preparers at the Greensboro branch of Nothing But Taxes, a tax return preparation firm.  They used the stolen identities to claim false dependents on tax returns they prepared for Nothing But Taxes clients, inflating tax refunds on their clients' behalf.

 

 
Information Source:
Media
records from this breach used in our total: 33

January 10, 2014 Barry University
Portland, Oregon
EDU HACK

Unknown

Barry University informed individuals of a security incident that may have affected personal information maintained by the university.

On May 14, 2013, Barry University detected malware which infected a laptop owned and used by Barry University. The files infected included full names, dates of birth, Social Security numbers, driver's license numbers, bank account numbers.

The university is offering a free one-year credit monitoring service. They've supplied a phone number to those affected at 1-800-981-7571 and to reference number 47911.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

January 7, 2014 Risk Solutions International LLC, Loudoun County Public Schools
Ashburn, Virginia
EDU DISC

Unknown

Loudoun County school officials have responded to a data breach that made publicly available personal information about students and staff members, along with detailed emergency response plans for each school.

More than 1,300 links could be accessed through a Google search, thought to be password protected, unveiled thousands of detailed documents as to how each school in the district will respond to a long list of emergencies, which included the staging areas for response teams as well as where the students and staff would be located during an emergency.

Additional documents that could be accessed included students' courrse schedules, locker combinations, home addresses, phone numbers and birthdates along with the address and cell phone numbers for many school administrators.

The contractor Risk Solution International acknowledged that the breach was caused by "human error" on their part, which is said to be the cause of the data breach.

 

UPDATE: Loudoun County Public Schools administrators released a more detailed statement about the information made publicly available on the Internet due to errors committed by the contractor Risk Solutions International (RSI).

According to school officials, the investigation is continuing as to how the webpage, which was made accessible through online search engines without any password protection happened. The page included 1,286 links detailing information on 84 Loudoun schools. It is unknown how long the information was exposed or how many links were opened by unauthorized individuals.

Locker combinations were revealed for one school and only one parent contact information was revealed for fewer than 10 schools according to the spokesperson for the district. The statement also made clear that RSI's website was not hacked and that it never lost its password security. Instead, the breach occurred when RSI employees were doing technical testing on November 4th , December 19th and December 24th 2013. (1/9/2014)

 
Information Source:
Media
records from this breach used in our total: 0

January 3, 2014 Agency of Human Services
Williston, Vermont
GOV DISC

Unknown

Vermont Agency of Human Services notified individuals of a data breach containing names and Social Security numbers of individuals. The email distribution list inadvertently included all AHS employees and some contractors. According to the agency, the email was opened by numerous AHS employees, a subsequent email was promptly sent that instructed recipients of the email to "hard delete" it so it did not remain in their email delete box.

For those with questions or concerns can call Joanne Dunster, Benefit Programs Assistant Administrator/ESD HIPAA Liaison at 1-802-769-6155.

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

January 2, 2014 Straight Dope Message Board
Chicago, Illinois
BSO HACK

Unknown

The security team at The Straight Dope discovered hackers broke into their online message board forum. This resulted in unauthorized access of members usernames, emails and passwords. The message board does not store Social Security numbers or credit card information. The company is suggesting all users change their password in their system.

 
Information Source:
Media
records from this breach used in our total: 0

January 2, 2014 Eye Surgery Education Council
Fairfax, Virginia
MED HACK

4,748

Reportedly, the Eye Surgery Education Councils system was hacked and user accounts with partial email addresses, user names and clear text passwords were dumped onto the Internet.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 1, 2014 Snapchat
Venice, California
BSO HACK

Unknown

The hacker or group known as "Lightcontact" is claiming to have hacked Snapchat.com. Reportedly, the group published a database containing Snapchat user names and phone numbers and posted it to several public forums such as Reddit.com.

UPDATE: Snapchat has announced a security update to their mobile image sharing services to include an opt out option to the Find Friends system. This update is said to prevent others from looking up their account information through address books. This update will allow a person to no longer appear if this type of search is initiated. According to security vendor AdaptivMobile, the compromised accounts are concentrated mostly in California and New York, with the two states accounting for nearly 2.3 million accounts. Other regions affected include Illinois, Colorado and Florida(1/4/2014)

 
Information Source:
Media
records from this breach used in our total: 0

January 1, 2014 Skype breach
Redmond, Washington
BSO HACK

Unknown

On January 1st, the Syrian Electronic Army is reportedly taking credit for hacking into user accounts on Skype. The amount of users affected is unknown. Reportedly, the hackers infiltrated a users account and monitors the activity and sells the data.

 
Information Source:
Media
records from this breach used in our total: 0

December 30, 2013 T-Mobile Supplier
Unknown,
BSO HACK

Unknown

A  supplier  for T-Mobile reported a breach of files stored on their servers. This breach included the breach of names, addresses, Social Seurity numbers and/or Driver's License numbers. This access was discovered in late November 2013.  They believe that the primary goal of the hackers was to obtain credit card data, but credit card information was not included in these files.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 30, 2013 Wichcraft Operating LLC
New York, New York
BSO HACK

Unknown

An unauthorized third party accessed their systems compromising payment card information of certain customers in possibly two of their locations, New York and San Francisco. The breached occured from approximately August 11, 2013 to October 2, 2013.

Based on their investigation, the information accessed by the unauthorized party may have included names, payment card numbers, security codes and expiration dates. They are claiming that not all of these data elements were accessed for each customer.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 29, 2013 American Express Company
New York, New York
BSF UNKN

Unknown

American Express announced, as part of an investigation by law enforcement and/or American Express, the company discovered a data breach that involved customer information. The data recovered included American Express cardholder acount numbers, names and other card information such as the expiration date. They have stated that Social Security numbers were not impacted and their systems did not detect any unauthorized activity on card holders accounts as related to this incident.

UPDATE: (1/16/2014): American Express has sent out a new letter addressed to customers affected by the data breach. This new communication entailed information that one of the merchants that they purchased goods with was affected by the breach. The information breached did not change, in that card holder account numbers, names and other card information such as expiration date were compromised. No Social Security numbers were impacted.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 29, 2013 Riverside Health System
Newport News, Virginia
MED INSD

919

Riverside Health System has announced an electronic records health breach discovered in November. The breach involved one employee who accessed 919 medical records over a four-year period. The system wide breach included patients Social Security numbers, patient history and other information that appears in the system's electronic medical record.

 
Information Source:
Media
records from this breach used in our total: 919

December 27, 2013 Briar Group
Brighton, Massachusetts
BSO HACK

Unknown

Briar Group confirms it was the source behind a Seaport data breach. After an investigation by the Briar Group, who runs eight restaurants and bars in the city, confirmed that their systems were compromised causing the data breach that affected hundreds of individuals who visited the Seaport area of Boston sometime in November.

Currently, a number has not been released as the investigation regarding the breach is ongoing. The breach included unauthorized access to card data at their restaurants sometime between October and November 2013.

 
Information Source:
Media
records from this breach used in our total: 0

December 27, 2013 Colorado Community Health Alliance (CCHA)
Denver, Colorado
MED INSD

Unknown

1,918 Medicaid patients data was breached after a temporary employee from an outside contractor Colorado Community Health Alliance (CCHA) sent the information to his/her own personal email address according to media reports. The Colorado Department of Health Care Policy and Financing believes this information may have been intended for the employee's use in another business.

The information included patient names, date of birth, addresses, telephone numbers, health conditions and Medicaid identification numbers. Social Security numbers were not involved.

 
Information Source:
Media
records from this breach used in our total: 0

December 25, 2013 Inspira Medical Center Vineland
Vineland, New Jersey
MED STAT

Unknown

The December 23 theft of a computer from the radiology department of Inspira Medical Center Vineland may have resulted in the exposure of patient information.  The computer was kept in an unsecured filing room.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 24, 2013 Lakes Liquor
Detroit Lakes, Minnesota
BSR UNKN

Unknown

Hundreds of debit and credit cards were compromised after customers used them at Lakes Liquor between October 27 and November 25.  Customer names, payment card numbers, expiration dates, and security codes may have been accessed for fraudulent purposes.  It is unclear how the information was obtained from Lakes Liquor.

 
Information Source:
Media
records from this breach used in our total: 0

December 22, 2013 Office of Dr. Rob Meaglia, DDS
Rocklin, California
MED STAT

Unknown

The December 15 office burglary of a computer resulted in the exposure of patient information.  Medical records, dental insurance information, and Social Security numbers may have been exposed. The computer was encrypted and password-protected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 21, 2013 Affinity Gaming
Las Vegas, Nevada
BSO HACK

Unknown

Facilities owned by Affinity Gaming may have been exposed to a cyber attack between March 14 and October 16.  Customer information associated with credit and debit cards may have been taken.  Affinity Gaming owns Silver Sevens Hotel & Casino, Rail City Casino, Buffalo Bill's Resort & Casino, Primm Valley Resort & Casino, Whiskey Pete's Hotel & Casino, Golden Mardi Gras Casino, Golden Gates Casino, Golden Gulch Casino, Mark Twain Casino & RV Park, Lakeside Hotel & Casino, and St. Jo Frontier Casino.

 
Information Source:
Media
records from this breach used in our total: 0

December 21, 2013 DeLoach & Williamson, South Carolina Health Insurance Pool
Columbia, South Carolina
MED PORT

Unknown

The October 16, 2013 theft of a laptop from a DeLoach & Williamson employee's car may have resulted in the exposure of an unspecified number of South Carolina Health Insurance Pool patients' information.  Full names with middle initials, Social Security numbers, dates of service, and provider identification numbers may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0

December 20, 2013 Tennova Cardiology
Nashville, Tennessee
MED PORT

2,777

Those with questions may call (866) 369-0422.

The October 22 theft of a laptop from a transcription contractor working with Tennova Cardiology resulted in the exposure of patient information.  The laptop was not encrypted and included names, dates of birth, physician names, and health information (No Social Security numbers or financial information reported).

 
Information Source:
Media
records from this breach used in our total: 0

December 20, 2013 Discover Financial Services
Riverwoods, Illinois
BSF UNKN

Unknown

An unspecified number of Discover customers had their account numbers changed and were issued a new card.  It is unclear what type of security breach prompted the notification and when it may have occurred.  Several customers in California received the notification letter; residents of other states may have been notified as well.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 20, 2013 Techmedia Network
Ogden, Utah
BSO HACK

Unknown

An unauthorized person or persons gained access to Techmedia Network's systems.  Customer names, credit card numbers, expiration dates, CVV security codes, mailing addresses, email addresses, and phone numbers may have been exposed.  The breach was discovered on November 20.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 20, 2013 W.J. Bradley Mortgage Capital, LLC
Centennial, Colorado
BSF INSD

Unknown

A former loan officer took files from WJB's computer systems while she was still employed.  The loan officer then left WJB and another mortgage company ended up with the information in late July and early August of 2013.  Client names, Social Security numbers, credit reports, bank account information, tax information, and other sensitive information related to loan applications was taken.  The information was eventually retrieved and removed from the systems of the unnamed mortage company.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 20, 2013 Walgreens
Baltimore, Maryland
BSR INSD

Unknown (eight people confirmed to have been affected)

Walgreens became aware of a breach involving an employee on November 4, 2013.  The employee was fired and prosecuted.  The incident was reported to the Maryland Attorney General's office on November 27 and credit card numbers were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 8

December 20, 2013 Washington Department of Social and Health Services (DSHS)
Tacoma, Washington
MED DISC

2,600

The personal information of between 2,600 and 7,000 households receiving assistance from the Washington DSHS was accidentally mailed to old or incorrect addresses between August 19 and October 26.  The information included names, Social Security numbers, dates of birth, phone number and other contact information, medical diagnosis information, chemical dependency or treatment information, income, and any public-assistance services that the household received.  The issue was discovered on October 22.

UPDATE: Acting Medicaid Director releases information on the incorrect mailing of Medicaid cards by NCDHHS: The Director states; "After a review of the incident, it has been determined that some Medicaid cards were incorrectly sent because of human error in computer programming and the quality assurance process in printing the new Medicaid identification cards.  These new cards were printed for children switched from NC Health Choice to Medicaid because of new eligibility rules and requirements under the Affordable Care Act (Obamacare).  A program was developed to extract the information from the eligibility database to generate the mailing, but utilized the incorrect name and address for the parent or responsible adult.

The incorrect card shows the child’s name, Medicaid identification number, date of birth and primary care physician’s name and physician’s address. No Social Security numbers were released.

The parent or responsible adult who received an incorrect card is being advised to immediately destroy it by shredding or cutting it into small pieces. They are also being advised that they can turn in the card to their county department of social services if they prefer. A directory of the county social services offices can be found here: http://www.ncdhhs.gov/dss/local/." (1-06-2014)

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 2,600

December 20, 2013 StakerLaw Tax and Estate Planning Law
Camarillo, California
BSF PHYS

Client files which included social security numbers and other asset information.

On Friday December 20, 2013 the owner of the firm had his home burglarized in which the firms back-up hard drive was stolen which contained the firms customer files containing sensitive personal information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 18, 2013 Washington Post
Washington, District Of Columbia
BSO HACK

Unknown

Hackers were able to access Washington Post employee usernames and passwords through an attack on the paper's servers.  The attack began through access to a server used by the Washington Post's foreign staff and then spread to more Washington Post servers.  The Washington Post and several other national papers were attacked in 2011 as well.

 
Information Source:
Media
records from this breach used in our total: 0

December 18, 2013 CITGO Petroleum Corporation
Houston, Texas
BSO DISC

Unknown

A folder with personal information was discovered in a location that made it accessible on CITGO's intranet to unauthorized employees.  The issue was discovered on October 9.  Social Security numbers, financial information, and other personal information could have been accessed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 17, 2013 Colorado Governor's Office of Information Technology
Denver, Colorado
GOV PORT

18,800

A Colorado state employee lost a flash drive that contained the information of current and former Colorado state employees.  It contained names, Social Security numbers, and a limited number of home addresses.  The flash drive was discovered missing in late November and is believed to have been lost while the employee traveled between work sites.  Approximately 8,000 of those who were affected were current employees while 10,800 were former employees.

 
Information Source:
Media
records from this breach used in our total: 18,800

December 17, 2013 U.S. Federal Election Commission (FEC)
Washington, District Of Columbia
GOV HACK

Unknown

The U.S. Federal Election Commission's computer system was accessed by unauthorized parties sometime in October of 2013 during the government shutdown.  The system appears to have been infiltrated by hackers located in China.  The attack occurred at a time when no staff members were on duty to identify the issue.

 
Information Source:
Media
records from this breach used in our total: 0

December 17, 2013 Jonathan M. Wainwright Memorial VA Medical Center
Walla Walla, Washington
MED DISC

1,519

Some veterans may have had their information accidentally emailed to an external source on November 1.  An email sent to an external education partner contained an attachment with veteran information that included names and Social Security numbers.  The issue was contained within 10 minutes of the email being sent.

 
Information Source:
Media
records from this breach used in our total: 1,519

December 17, 2013 Radnor School District
Radnor, Pennsylvania
EDU DISC

2,000

An employee performing a transfer of personnel data accidentally left the data accessible and a middle school student viewed it.  The student also shared the information.  Current and former employees may have had their names, addresses, phone numbers, dates of birth, and Social Security numbers accessed as early as June and as late as the end of the 2012-2013 school year.  The breach was discovered in November.

 
Information Source:
Media
records from this breach used in our total: 2,000

December 17, 2013 Comprehensive Psychological Services LLC
Columbia, South Carolina
MED PORT

3,500 (No Social Security numbers or financial information reported)

The October 28 office theft of a laptop resulted in the exposure of patient information.  The laptop was password-protected and the patient files on it were not encrypted.  Neuropsychological testing, educational testing, custody evaluations, and other assessments and evaluations may have been exposed.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 17, 2013 UHS-Pruitt Corporation
Norcross, Georgia
MED PORT

1,300

Those with questions may call (678) 533-6437 or 1-800-222-0321.

Current and former residents of Heritage Healthcare of Ashburn, UniHealth Post-Acute Care Augusta Hills, Heritage Healthcare of Fitzgerald, Heritage Healthcare at Osceola, Palmyra Nursing Home and Sylvester Healthcare may have been affected by the September 26 theft of a laptop from an employee's car.  The laptop contained patient names, Social Security numbers, Medicare numbers, dates of birth, and resident ID numbers.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 1,300

December 17, 2013 UniHealth SOURCE
Austell, Georgia
MED PORT

2,500 (No Social Security numbers or financial information reported)

The October 8 theft of an employee's laptop resulted in the exposure of current and former client information.  The laptop was taken from the employee's car while it was parked at home.  Full names and potential diagnoses may have been exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 16, 2013 Tennessee Department of Treasury
Nashville, Tennessee
GOV INSD

6,300

An employee downloaded the information of 6,300 Nashville teachers in order to work from a personal computer and account at home.  A Tennessee Consolidated Retirement System file that contained teacher names, Social Security numbers, and dates of birth was uploaded by the employee around the time that he resigned from his position.  His personal computer and other electronic devices were seized by investigators.

 
Information Source:
Media
records from this breach used in our total: 6,300

December 16, 2013 Massachusetts Mutual Life Insurance Company
Springfield, Massachusetts
BSF DISC

Unknown

A MassMutual account manager accidentally included information about retirement plans in an email that was sent to an individual at a MassMutual retirement services client.  The client representative confirmed that the email was deleted. It contained an unspecified number of client information that included names, Social Security numbers, addresses, dates of birth, retirement plan names, and group numbers.  The incident occurred on December 3.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 16, 2013 Colorado Health & Wellness, Inc.
Colorado Springs, Colorado
MED INSD

651 (No Social Security numbers or financial information exposed)

Those with questions may call 1 (719)-576-2225.

A former doctor took patient information after ending his practice at Colorado Health & Wellness, Inc.  The breach was discovered on September 4, 2013 and involved patient names, addresses, telephone numbers, and email addresses. A notice was sent by Colorado Health & Wellness in November.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

Breach Total
931,529,111 RECORDS BREACHED
(Please see explanation about this total.)
from 4,467 DATA BREACHES made public since 2005
Showing 301-350 of 4467 results


X

Sign In!

Loading