Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
872,602,323 RECORDS BREACHED
(Please see explanation about this total.)
from 4,377 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
October 4, 2013 NHC Healthcare Oak Ridge
Oak Ridge, Tennessee
MED PORT

Unknown

An unencrypted backup tape was discovered missing.  It contained patient names, Social Security numbers, dates of birth, home addresses, and medical information.

 
Information Source:
Media
records from this breach used in our total: 0

October 4, 2013 PLS Financial Services
Chicago, Illinois
BSF DISC

Unknown

A programming error that occurred on July 11, 2013 allowed 34 visitors to PLS Financial Services' website to view the names, Social Security numbers, addresses, and email addresses of PLS Financial Services customers.  The error was discovered on July 26 and quickly fixed.

 
Information Source:
Media
records from this breach used in our total: 0

October 4, 2013 Bell Helicopter
Hurst, Texas
BSO HACK

Unknown

On July 3, Bell Helicopter learned that some people who attended Bell Helicopter Training Academy were receiving phishing emails from a source claiming to be Bell. It appears that Bell's database of attendee information was accessed by a cyber intruder.  Attendees may have had their email addresses and credit card numbers exposed.

 
Information Source:
Media
records from this breach used in our total: 0

October 3, 2013 Comcast Phone
, California
BSO UNKN

Unknown

The story can be found herehttp://delaps1.cpuc.ca.gov/CPUCProceedingLookup/f?p=401:56:92869554792401::NO:RP,57,RIR:P5_PROCEEDING_SELECT:I1310003

The California Public Utilities Commission launched an investigation into the unauthorized disclosure and publication of Comcast subscribers' unlisted names, telephone numbers and addresses to determine whether Comcast violated the laws, rules, and regulations of California.

 
Information Source:
Media
records from this breach used in our total: 0

October 3, 2013 Windhaven Investment Management
Boston, Massachusetts
BSF HACK

419

Windhaven Investment discovered a breach of their server in August of 2013.  Client names, account numbers, custodians, investment positions, and other account information may have been accessed by an unauthorized party.  The breach may have occurred earlier than August.  At least 419 New Hampshire residents were affected.  The total number of people affected nationwide was not revealed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 419

October 3, 2013 Mercy Health Systems, Allscripts
Baltimore, Maryland
MED STAT

25 (No Social Security numbers or financial information reported)

An unencrypted hard drive was discovered missing on January 14, 2013.  It held the names, health plan beneficiary numbers, diagnoses, medical record numbers, and account numbers of 25 Mercy Health Systems patients.  The hard drive was last seen by Mercy Health Systems' transcription contractor, Allscripts. Mercy Health Systems learned of the issue on February 14, 2013.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 3, 2013 Tri-State Surgical Associates
Elkton, Maryland
MED INSD

433

An unauthorized staff member provided a physician with the information of 433 patients on July 18.  The information included names, Social Security numbers, addresses, phone numbers for home and work, dates of birth, sex, languages spoken, employers, emergency contacts, emergency phone numbers, emergency contact relationship, guarantor information, and insurance information.

 
Information Source:
Media
records from this breach used in our total: 433

October 2, 2013 Santa Clara Valley Medical Center
San Jose, California
MED PORT

571 (No Social Security numbers were exposed)

The theft of an unencrypted laptop from the audiology department of Santa Clara Valley Medical Center resulted in the exposure of patient names, medical record numbers, dates of birth, ages, sex, dates of service, and brainwave tests.  The theft was discovered on September 16.

 
Information Source:
Media
records from this breach used in our total: 0

October 2, 2013 UnityPoint Health
West Des Moines, Iowa
MED INSD

1,800 (less than 180 Social Security numbers exposed)

Those with questions may call (877) 223-3817.

A breach was discovered on August 8 during the course of a routine audit.  It was discovered that a contractor accessed UnityPoint's EMR system without a legitimate reason.  An employee gave computer passwords to an employee of another company that provides care to patients.  Names, medical insurance account numbers, home addresses, dates of birth and other health information was accessed between February of 2013 and August of 2013.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 180

October 1, 2013 R.T. Jones Capital Equities Management Inc.
St. Louis, Missouri
BSF HACK

800

R.T. Jones learned of a cyber attack that occurred on July 22, 2013.  On August 7, 2013, it was discovered that an unauthorized party was able to access a database that contained names, Social Security numbers, and dates of birth.  At least 800 people were affected in Maryland.  It is unclear how many were affected nationwide.

 
Information Source:
Media
records from this breach used in our total: 800

October 1, 2013 McHenry County College, Ellucian
Crystal Lake, Illinois
EDU DISC

Unknown

McHenry County College's software vendor Ellucian accidentally sent the personal information of current and former McHenry County College students and staff to three other junior colleges.  Social Security numbers and other information were sent to Morton, Prairie State, and Triton.

 
Information Source:
Media
records from this breach used in our total: 0

October 1, 2013 JP Morgan Chase
New York, New York
BSF DISC

Unknown

JP Morgan Chase customers received a privacy notification in early September. A labeling error caused the Social Security numbers of customers to be printed on the outside of the notification letter.  A lawsuit was filed against JP Morgan Chase on behalf of affected customers.  The lawsuit claims that JP Morgan did not immediately notify its customers and should have prevented the breach from happening.  The case is Alexander Furman et al v JP Morgan Chase & Co et al, No. 13-cv-06749, U.S. District Court, Northern District of Illinois.

 
Information Source:
Media
records from this breach used in our total: 0

October 1, 2013 Atlanta Center for Reproductive Medicine
Atlanta, Georgia
MED DISC

654 (No Social Security numbers or financial information reported)

Atlanta Center for Reproductive Medicine became aware of a breach on July 12.  The breach involved email and it is not clear exactly how patient information was exposed or what type of information was involved.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 1, 2013 Accountable Care Organization of Puerto Rico, Inc. (ACO of Puerto Rico), PHM Healthcare Solutions
San Juan, Puerto Rico
MED UNKN

5,000 (No Social Security numbers or financial information reported)

A breach that involved either unauthorized access to ACO of Puerto Rico's network or an unintentional disclosure of patient information online occurred between March 5 and July 16 of 2013. 

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 1, 2013 Dermatology Associates of Tallahassee
Tallahassee, Florida
MED UNKN

916

A breach caused the exposure of patient information; Dermatology Associates of Tallahassee notified patients on September 4.  Patient names, Social Security numbers, addresses, and dates of birth were compromised.  It is unclear how the breach occurred.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 916

September 30, 2013 The New Teacher Project
Brooklyn, New York
NGO PORT

Unknown

The July 27 or 28 office theft of an unencrypted laptop resulted in the exposure of current and former employee information.  Names, Social Security numbers, dates of birth, and employee ID numbers were exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 30, 2013 Sentry Life Insurance, Department of Labor
Stevens Point, Wisconsin
BSF DISC

Unknown

Sentry Life Insurnace discovered that several forms sent to the Department of Labor contained an attachments with names, Social Security numbers, and in a few cases, 401k account balances.  The Department of Labor uploaded the forms to a public website before Sentry's discovery.  The discovery was made on July 2 and a letter was sent on July 11 to the Maryland Attorney General's Office on behalf of Sentry.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 30, 2013 Denny's
Phoenix, Arizona
BSR PHYS

200

Job applications from a Denny's in Phoenix were found in a dumpster behind the Denny's.  The paperwork dated back to August of 2012.  The information included addresses, Social Security numbers, and other information normally found on job applications.  The manager said there was a mistake and that similar paperwork is usually shredded.

 
Information Source:
Databreaches.net
records from this breach used in our total: 200

September 28, 2013 Virginia Polytechnic Institute and State University (Virginia Tech)
Blacksburg, Virginia
EDU HACK

144,963 (No Social Security numbers or financial information reported)

The University's statement can be found here: http://www.vtnews.vt.edu/articles/2013/09/092413-hr-hrserver.html

The computer server of Virginia Tech's Department of Human Resources was accessed on August 28.  The information of people who applied online to Virginia Tech between 2003 and 2013 may have been accessed.  No Social Security numbers or financial information was exposed. A total of 16,642 job applicants had their driver's license numbers exposed.  The remaining job applicants had not submitted this information.

 
Information Source:
Media
records from this breach used in our total: 0

September 28, 2013 State Farm
Bloomington, Illinois
BSF INSD

687 (11 customers confirmed affected)

State Farm became aware of fraudulent charges on a customer's credit card a few days after the card was used to pay for insurance policies.  A former employee at an after-hours call center was found to have misused the credit card information of at least 11 customers.  The dishonest employee had also worked with 687 other customers.

 
Information Source:
Media
records from this breach used in our total: 11

September 28, 2013 ICG America (Amazing Clubs, Games2U, Flying Noodle, Monster Brew, Texas Irons, California Reds)
Austin, Texas
BSO HACK

Unknown

ICG America Learned that its payment processing system was the target of a cyber attack.  The attack began on January 2, 2013 and continued until August 2, 2013.  Customers who made purchases from companies operated by ICG America may have had their names, credit card and debit card numbers, expiration dates, CVV codes, addresses, and email addresses exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 28, 2013 Unique Vintage
Burbank, California
BSR HACK

Unknown

A breach letter can be found herehttps://oag.ca.gov/system/files/Customer%20Notification%20Letter%20%2892312rv%292_0.pdf?

Unique Vintage's website was accessed by malware between January of 2012 and September 14, 2013.  Customer names, emails, credit card numbers, and phone numbers may have been accessed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 26, 2013 LexisNexis, Dun & Bradstreet, Kroll Background America
Short Hills, New Jersey
BSO HACK

Unknown

Hackers were able to access an underground database of stolen consumer information.  It was discovered that the network was set up to receive information from internal systems at several large data brokers.  LexisNexis was one of the data brokers that was affected and discovered that their networks may have been compromised for at least five months.  Dun & Bradstreet discovered that their systems had been compromised as far back as March 27, 2013.  The breach of Kroll Background America, Inc. had began as far back as June 2013.

UPDATE (11/26/2013): Kroll Background America informed California that 548 California residents were affected by the breach.

 
Information Source:
Media
records from this breach used in our total: 0

September 23, 2013 Columbia University Medical Center (CUMC)
New York, New York
MED DISC

407

An Excel file with the names and Social Security numbers of 407 medical students was accidentally attached to an email that was sent to medical students interested in a residency match list.  The Excel column that contained the Social Security numbers was hidden and still accessible.  The issue was discovered in March for the 2013 list and it was later discovered that the same issue had occurred in 2008 and 2009.

 
Information Source:
Databreaches.net
records from this breach used in our total: 407

September 23, 2013 Stanford University
Stanford, California
EDU HACK

Unknown

Stanford University ID holders (SUNet) users had their account passwords and other information exposed.  The breach occurred sometime during the summer of 2013 and continued into the fall.  The full extent of the breach was not revealed.  SUNet users were instructured to change their passwords before accessing the system again.

 
Information Source:
Media
records from this breach used in our total: 0

September 23, 2013 Summit Community Care Clinic
Frisco, Colorado
MED DISC

921 (No Social Security numbers or financial information reported)

An administrative error led to the exposure of patient email addresses.  Email addresses were placed in the visible "TO:" field instead of the blind "BCC:" field.  The email was an invitation to a monthly patient advisory meeting and was sent on July 22.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 20, 2013 Murphy USA
Little Rock, Arkansas
BSR CARD

Unknown

Murphy USA stations in Conway Arkansas and Durant, Oklahoma were also affected.  It is unclear if this is related to the breach that occurred at Murphy USA gas stations in 2011 in Virginia.

Two men pleaded guilty to one count each of conspiracy to commit wire fraud.  They placed skimming devices on gas pumps at Murphy USA station in Conway and Little Rock, Arkansas as well as Durant, Oklahoma.  This allowed them to collect credit card information and create fraudulent credit cards.  The breach occurred between April 2012 and January 2013 and led to fraudulent charges of about $400,000. It's estimated that between 50 and 500 people were affected.

 
Information Source:
Media
records from this breach used in our total: 0

September 19, 2013 DiscountMugs.com (BEL USA LLC)
Medley, Florida
BSR HACK

Unknown

Customers who placed an order online or by phone between March 1, 2013 and July 15, 2013 may have had their information exposed.  Customer names, debit and credit card numbers, addresses, phone numbers, expieration dates and CVV codes may have been accessed by hackers.

 
Information Source:
Media
records from this breach used in our total: 0

September 19, 2013 Edgewater Hospital
Chicago, Illinois
MED PHYS

Unknown

A curious resident entered an abandoned building that used to be Edgewater Hospital and found a room filled with thousands of patient records.  A local news team investigated and found that photos had been taken of the situation four years earlier in 2009 by the Illinois State Health Department.  The records included patient names, Social Security numbers, dates of birth, and addresses.  Edgewater Hospital had been abandoned for more than a decade.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 18, 2013 Logan Community Resources, Inc.
South Bend, Indiana
MED UNKN

2,900 (No SSNs or financial information reported)

An August 24, 2012 breach resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 18, 2013 Minne-Tohe Health Center/Elbowoods Memorial Health Center
New Town, North Dakota
MED UNKN

10,000 (No SSNs or financial information reported)

An October 1, 2011 breach resulted in the exposure of protected health information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 18, 2013 St. Francis Health Network, Advantage Health Solutions
Indianapolis, Indiana
MED UNKN

2,575 (No SSNs or financial information reported)

Advantage Health Solutions and St. Francis Health Network (Franciscan Alliance ACO) were affected by a breach.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 15, 2013 International SOS Assistance, Inc.
Philadelphia, Pennsylvania
GOV HACK

Unknown

An unauthorized user or users accessed at least one U.S. system that hosts traveler information.  The type of information that may have been accessed was not reported and International SOS is still investigating the incident.

UPDATE (10/23/2013): The breach occurred on August 24 and was confirmed on August 28.  Names and passport numbers were exposed.  Some travelers also had their Social Security numbers exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 13, 2013 MNsure
St. Paul, Minnesota
MED DISC

2,400 

An agency employee accidentally sent the information of 2,400 insurance agents to two other MNsure employees via email.  MNsure instructed the employees to delete the information.  Names, Social Security numbers, and addresses were part of the breach.

UPDATE (12/12/2013): It was also discovered that the health insurance exchange has vulnerabilities that may allow hackers to see information travelling between a user's computer to the MNsure website.

 
Information Source:
Media
records from this breach used in our total: 2,400

September 13, 2013 Argotec
Greenfield, Massachusetts
BSR UNKN

Unknown

An unspecified incident occurred on or around July 26 that may have exposed the confidential information of current and former employees.  Names, Social Security numbers, and bank account information may have been exposed.  Current employees were sent notification on August 6.

 
Information Source:
Media
records from this breach used in our total: 0

September 11, 2013 Edgewood Partners Insurance Center (EPIC)
San Mateo, California
BSF PORT

Unknown

Five laptops were stolen during a July 16 office burglary.  The laptops contained confidential information and were password-protected but unencrypted.  Current and former employees and their beneficiaries and dependents, contractors, and job applicants were affected. Names, Social Security numbers, addresses, dates of birth, drivers' license numbers, benefits information, bank account information, and health information were exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 11, 2013 Kaiser Permanente
Oakland, California
MED DISC

Unknown

Participants in a Wellness Screening competition pilot may have had their information exposed.  A Kaiser Permanente employee accidentally included confidential information in an email sent to a member of the pilot planning team. In addition to a summary of the competition, it included names, Kaiser Permanente medical record numbers, phone numbers, email addresses, names of employers, department names, and dates and times of health screenings.  The pilot planning team member was not authorized to receive the confidential information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 11, 2013 FSV Payment Systems, Paymast'r Services
Boulder, Colorado
BSF HACK

Unknown

Between July 22 and July 28, an unauthoried party accessed a website that contained sensitive information.  Names, Social Security numbers, addresses, drivers' license numbers, and Payroll Card numbers may have been accessed.  The website was shutdown once the breach was discovered. Paymast'rServices, PaycheckPLUS! Payroll cards issued by MetaBank were affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 10, 2013 Pierce County Housing Authority
Tacoma, Washington
BSO DISC

979

A human error resulted in the exposure of client information.  A client found a file with Social Security numbers on the website.  The site was shut down while the file was removed.  It is unclear how long the information was available and the error was caused by a former employee. 

 
Information Source:
Media
records from this breach used in our total: 979

September 10, 2013 Outdoor Network, LLC, Boats.net, Partzilla.com
Lake Placid, Florida
BSR HACK

Unknown

Those with questions may call (888) 829-6550.

A website breach exposed an unspecified number of customer names, addresses, credit card numbers, credit card expiration dates, and CVV codes.  Hackers put malware on Outdoor Network's Boats.net and Partzilla.com websites and were able to access information from credit card transactions between December 2012 and July 2013.

 
Information Source:
Media
records from this breach used in our total: 0

September 10, 2013 University of South Florida (USF) Health
Tampa, Florida
EDU INSD

140

Police searched the car of a University custodial employee and found USF Physicians Group patient billing information.  Names, Social Security numbers, and dates of birth had been exposed.  The employee no longer works for the University and patients were sent a notification letter in late July.

 
Information Source:
Media
records from this breach used in our total: 140

September 10, 2013 TrendNet
Torrance, California
BSR HACK

700 (No Social Security numbers or financial information exposed)

The FTC case can be found herehttp://www.ftc.gov/os/caselist/1223090/130903trendnetorder.pdf

FTC fined TrendNet for having inadequate security practices and marketing their products to consumers as secure.  TrendNet's website was breached by a hacker or hackers.  This allowed them to bypass users' login credentials and access wireless camera feeds.  At least 700 people who purchased TrendNet security cameras had their live camera feeds hacked. Some of their feeds were published online by hackers.

 
Information Source:
Media
records from this breach used in our total: 0

September 7, 2013 Rockland Federal Credit Union
Rockland, Massachusetts
BSF HACK

Unknown

Those with questions may call 781-878-0232.

Rockland Federal Credit Union is sending customers new debit cards with new PINs as a result of a merchant who discovered a breach in their computer system.  All old debit cards will be deactivated on September 26.

 
Information Source:
Media
records from this breach used in our total: 0

September 6, 2013 Georgia Department of Labor
Marrieta, Georgia
GOV DISC

4,457

An employee accidentally emailed a document with the names and Social Security numbers of 4,457 Cobb-Cherokee Career Center customers to 1,000 people.  Recipients were notified and instructed to delete the email immediately without reading it.

UPDATE (09/06/2013): The employee who accidentally sent the email attachment was suspended. The Georgia Department of Labor is also reviewing its internal policies for handling sensitive information.

 
Information Source:
Media
records from this breach used in our total: 4,457

September 6, 2013 Office of Dr. Hankyu Chung
San Jose, California
MED PORT

2,182 (No Social Security numbers or financial information reported)

A June 17 office burglary resulted in the theft of two laptops.  One of the laptops contained names, telephone numbers, dates of birth, visit dates, health complaints, physical examination notes, diagnoses, testing information, medication information, and other medical record information.  The thief or thieves were able to get into the office by opening an unlocked door.  No identity theft protection services are being offered to affected patients.

UPDATE (11/08/2013): HHS received a report stating that 2,182 patients were affected by the breach.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 6, 2013 Conexis, State of Virginia
Blacksburg, Virginia
EDU DISC

13,000

Employees of the state of Virginia who are enrolled in the Commonwealth's 2014 Flexible Spending Account had their information exposed.  Conexis erroneously sent summary reports of Blue Cross/Blue Shield Flexible Spending Account Services to 11 state human resources and payroll employees.  The reports included participants from across the state rather than from specific locations related to the human resources and payroll employees' work.  The human resources and payroll employees who received information that was not intended for them signed a certification confirming that they had deleted or destroyed the information.

 
Information Source:
Media
records from this breach used in our total: 13,000

September 6, 2013 James A. Haley Veterans Hospital
Tampa, Florida
MED INSD

106

A volunteer allegedly stole the names and Social Security numbers of 106 patients and used the information to file $550,000 worth of fraudulent tax returns.  The volunteer had a co-conspirator and the breach began in late January of 2012.  

 
Information Source:
Media
records from this breach used in our total: 106

September 6, 2013 Illinois Department of Healthcare and Family Services
Springfield, Illinois
MED DISC

3,100 (No Social Security numbers or financial information reported)

A contractor sent Family Health Network ID cards to the wrong addresses in July of 2013.  A total of 3,100 clients had their names, Medicaid numbers, and dates of birth exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 5, 2013 Medical University of South Carolina (MUSC), Dreyer Medical Clinic, Blackhawk Consulting Group
Charleston, South Carolina
MED HACK

10,000 (about 8,000 from MUSC and Dreyer Medical Clinic)

A hacker from outside of the United States accessed customer information from Blackhawk Consulting Group, a credit card processing vendor.  The information included financial information from customers who paid the Medical Univeristy of Southern Carolina with a credit card online or over the phone between June 30 and August 21. No patient information was accessed. Some of Blackhawk Consulting Group's other customers were affected and a total of 10,000 people may have had their information exposed.

UPDATE (09/09/2013): Specifically, names, billing addresses, email addresses, payment card numbers, expiration dates, and CCV2 numbers were exposed by a Blackhhawk Consulting Group hack in August. 

 
Information Source:
Media
records from this breach used in our total: 8,000

September 5, 2013 Boston Public School (BPS), Plastic Card Systems
Boston, Massachusetts
GOV PORT

20,000 (No SSNs or financial information reported)

Boston Public School students across 36 schools may have had their information compromised by the loss of a flash drive.  The flash drive was misplaced sometime around August 9 by BPS's ID card vendor Plastic Card Systems.

 
Information Source:
Media
records from this breach used in our total: 0

Breach Total
872,602,323 RECORDS BREACHED
(Please see explanation about this total.)
from 4,377 DATA BREACHES made public since 2005
Showing 401-450 of 4377 results


X

Sign In!

Loading