Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
872,715,019 RECORDS BREACHED
(Please see explanation about this total.)
from 4,392 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
December 27, 2013 Colorado Community Health Alliance (CCHA)
Denver, Colorado
MED INSD

Unknown

1,918 Medicaid patients data was breached after a temporary employee from an outside contractor Colorado Community Health Alliance (CCHA) sent the information to his/her own personal email address according to media reports. The Colorado Department of Health Care Policy and Financing believes this information may have been intended for the employee's use in another business.

The information included patient names, date of birth, addresses, telephone numbers, health conditions and Medicaid identification numbers. Social Security numbers were not involved.

 
Information Source:
Media
records from this breach used in our total: 0

December 25, 2013 Inspira Medical Center Vineland
Vineland, New Jersey
MED STAT

Unknown

The December 23 theft of a computer from the radiology department of Inspira Medical Center Vineland may have resulted in the exposure of patient information.  The computer was kept in an unsecured filing room.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 24, 2013 Lakes Liquor
Detroit Lakes, Minnesota
BSR UNKN

Unknown

Hundreds of debit and credit cards were compromised after customers used them at Lakes Liquor between October 27 and November 25.  Customer names, payment card numbers, expiration dates, and security codes may have been accessed for fraudulent purposes.  It is unclear how the information was obtained from Lakes Liquor.

 
Information Source:
Media
records from this breach used in our total: 0

December 22, 2013 Office of Dr. Rob Meaglia, DDS
Rocklin, California
MED STAT

Unknown

The December 15 office burglary of a computer resulted in the exposure of patient information.  Medical records, dental insurance information, and Social Security numbers may have been exposed. The computer was encrypted and password-protected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 21, 2013 Affinity Gaming
Las Vegas, Nevada
BSO HACK

Unknown

Facilities owned by Affinity Gaming may have been exposed to a cyber attack between March 14 and October 16.  Customer information associated with credit and debit cards may have been taken.  Affinity Gaming owns Silver Sevens Hotel & Casino, Rail City Casino, Buffalo Bill's Resort & Casino, Primm Valley Resort & Casino, Whiskey Pete's Hotel & Casino, Golden Mardi Gras Casino, Golden Gates Casino, Golden Gulch Casino, Mark Twain Casino & RV Park, Lakeside Hotel & Casino, and St. Jo Frontier Casino.

 
Information Source:
Media
records from this breach used in our total: 0

December 21, 2013 DeLoach & Williamson, South Carolina Health Insurance Pool
Columbia, South Carolina
MED PORT

Unknown

The October 16, 2013 theft of a laptop from a DeLoach & Williamson employee's car may have resulted in the exposure of an unspecified number of South Carolina Health Insurance Pool patients' information.  Full names with middle initials, Social Security numbers, dates of service, and provider identification numbers may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0

December 20, 2013 Tennova Cardiology
Nashville, Tennessee
MED PORT

2,777

Those with questions may call (866) 369-0422.

The October 22 theft of a laptop from a transcription contractor working with Tennova Cardiology resulted in the exposure of patient information.  The laptop was not encrypted and included names, dates of birth, physician names, and health information (No Social Security numbers or financial information reported).

 
Information Source:
Media
records from this breach used in our total: 0

December 20, 2013 Discover Financial Services
Riverwoods, Illinois
BSF UNKN

Unknown

An unspecified number of Discover customers had their account numbers changed and were issued a new card.  It is unclear what type of security breach prompted the notification and when it may have occurred.  Several customers in California received the notification letter; residents of other states may have been notified as well.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 20, 2013 Techmedia Network
Ogden, Utah
BSO HACK

Unknown

An unauthorized person or persons gained access to Techmedia Network's systems.  Customer names, credit card numbers, expiration dates, CVV security codes, mailing addresses, email addresses, and phone numbers may have been exposed.  The breach was discovered on November 20.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 20, 2013 W.J. Bradley Mortgage Capital, LLC
Centennial, Colorado
BSF INSD

Unknown

A former loan officer took files from WJB's computer systems while she was still employed.  The loan officer then left WJB and another mortgage company ended up with the information in late July and early August of 2013.  Client names, Social Security numbers, credit reports, bank account information, tax information, and other sensitive information related to loan applications was taken.  The information was eventually retrieved and removed from the systems of the unnamed mortage company.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 20, 2013 Walgreens
Baltimore, Maryland
BSR INSD

Unknown (eight people confirmed to have been affected)

Walgreens became aware of a breach involving an employee on November 4, 2013.  The employee was fired and prosecuted.  The incident was reported to the Maryland Attorney General's office on November 27 and credit card numbers were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 8

December 20, 2013 Washington Department of Social and Health Services (DSHS)
Tacoma, Washington
MED DISC

2,600

The personal information of between 2,600 and 7,000 households receiving assistance from the Washington DSHS was accidentally mailed to old or incorrect addresses between August 19 and October 26.  The information included names, Social Security numbers, dates of birth, phone number and other contact information, medical diagnosis information, chemical dependency or treatment information, income, and any public-assistance services that the household received.  The issue was discovered on October 22.

UPDATE: Acting Medicaid Director releases information on the incorrect mailing of Medicaid cards by NCDHHS: The Director states; "After a review of the incident, it has been determined that some Medicaid cards were incorrectly sent because of human error in computer programming and the quality assurance process in printing the new Medicaid identification cards.  These new cards were printed for children switched from NC Health Choice to Medicaid because of new eligibility rules and requirements under the Affordable Care Act (Obamacare).  A program was developed to extract the information from the eligibility database to generate the mailing, but utilized the incorrect name and address for the parent or responsible adult.

The incorrect card shows the child’s name, Medicaid identification number, date of birth and primary care physician’s name and physician’s address. No Social Security numbers were released.

The parent or responsible adult who received an incorrect card is being advised to immediately destroy it by shredding or cutting it into small pieces. They are also being advised that they can turn in the card to their county department of social services if they prefer. A directory of the county social services offices can be found here: http://www.ncdhhs.gov/dss/local/." (1-06-2014)

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 2,600

December 20, 2013 StakerLaw Tax and Estate Planning Law
Camarillo, California
BSF PHYS

Client files which included social security numbers and other asset information.

On Friday December 20, 2013 the owner of the firm had his home burglarized in which the firms back-up hard drive was stolen which contained the firms customer files containing sensitive personal information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 18, 2013 Washington Post
Washington, District Of Columbia
BSO HACK

Unknown

Hackers were able to access Washington Post employee usernames and passwords through an attack on the paper's servers.  The attack began through access to a server used by the Washington Post's foreign staff and then spread to more Washington Post servers.  The Washington Post and several other national papers were attacked in 2011 as well.

 
Information Source:
Media
records from this breach used in our total: 0

December 18, 2013 CITGO Petroleum Corporation
Houston, Texas
BSO DISC

Unknown

A folder with personal information was discovered in a location that made it accessible on CITGO's intranet to unauthorized employees.  The issue was discovered on October 9.  Social Security numbers, financial information, and other personal information could have been accessed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 17, 2013 Colorado Governor's Office of Information Technology
Denver, Colorado
GOV PORT

18,800

A Colorado state employee lost a flash drive that contained the information of current and former Colorado state employees.  It contained names, Social Security numbers, and a limited number of home addresses.  The flash drive was discovered missing in late November and is believed to have been lost while the employee traveled between work sites.  Approximately 8,000 of those who were affected were current employees while 10,800 were former employees.

 
Information Source:
Media
records from this breach used in our total: 18,800

December 17, 2013 U.S. Federal Election Commission (FEC)
Washington, District Of Columbia
GOV HACK

Unknown

The U.S. Federal Election Commission's computer system was accessed by unauthorized parties sometime in October of 2013 during the government shutdown.  The system appears to have been infiltrated by hackers located in China.  The attack occurred at a time when no staff members were on duty to identify the issue.

 
Information Source:
Media
records from this breach used in our total: 0

December 17, 2013 Jonathan M. Wainwright Memorial VA Medical Center
Walla Walla, Washington
MED DISC

1,519

Some veterans may have had their information accidentally emailed to an external source on November 1.  An email sent to an external education partner contained an attachment with veteran information that included names and Social Security numbers.  The issue was contained within 10 minutes of the email being sent.

 
Information Source:
Media
records from this breach used in our total: 1,519

December 17, 2013 Radnor School District
Radnor, Pennsylvania
EDU DISC

2,000

An employee performing a transfer of personnel data accidentally left the data accessible and a middle school student viewed it.  The student also shared the information.  Current and former employees may have had their names, addresses, phone numbers, dates of birth, and Social Security numbers accessed as early as June and as late as the end of the 2012-2013 school year.  The breach was discovered in November.

 
Information Source:
Media
records from this breach used in our total: 2,000

December 17, 2013 Comprehensive Psychological Services LLC
Columbia, South Carolina
MED PORT

3,500 (No Social Security numbers or financial information reported)

The October 28 office theft of a laptop resulted in the exposure of patient information.  The laptop was password-protected and the patient files on it were not encrypted.  Neuropsychological testing, educational testing, custody evaluations, and other assessments and evaluations may have been exposed.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 17, 2013 UHS-Pruitt Corporation
Norcross, Georgia
MED PORT

1,300

Those with questions may call (678) 533-6437 or 1-800-222-0321.

Current and former residents of Heritage Healthcare of Ashburn, UniHealth Post-Acute Care Augusta Hills, Heritage Healthcare of Fitzgerald, Heritage Healthcare at Osceola, Palmyra Nursing Home and Sylvester Healthcare may have been affected by the September 26 theft of a laptop from an employee's car.  The laptop contained patient names, Social Security numbers, Medicare numbers, dates of birth, and resident ID numbers.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 1,300

December 17, 2013 UniHealth SOURCE
Austell, Georgia
MED PORT

2,500 (No Social Security numbers or financial information reported)

The October 8 theft of an employee's laptop resulted in the exposure of current and former client information.  The laptop was taken from the employee's car while it was parked at home.  Full names and potential diagnoses may have been exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 16, 2013 Tennessee Department of Treasury
Nashville, Tennessee
GOV INSD

6,300

An employee downloaded the information of 6,300 Nashville teachers in order to work from a personal computer and account at home.  A Tennessee Consolidated Retirement System file that contained teacher names, Social Security numbers, and dates of birth was uploaded by the employee around the time that he resigned from his position.  His personal computer and other electronic devices were seized by investigators.

 
Information Source:
Media
records from this breach used in our total: 6,300

December 16, 2013 Massachusetts Mutual Life Insurance Company
Springfield, Massachusetts
BSF DISC

Unknown

A MassMutual account manager accidentally included information about retirement plans in an email that was sent to an individual at a MassMutual retirement services client.  The client representative confirmed that the email was deleted. It contained an unspecified number of client information that included names, Social Security numbers, addresses, dates of birth, retirement plan names, and group numbers.  The incident occurred on December 3.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 16, 2013 Colorado Health & Wellness, Inc.
Colorado Springs, Colorado
MED INSD

651 (No Social Security numbers or financial information exposed)

Those with questions may call 1 (719)-576-2225.

A former doctor took patient information after ending his practice at Colorado Health & Wellness, Inc.  The breach was discovered on September 4, 2013 and involved patient names, addresses, telephone numbers, and email addresses. A notice was sent by Colorado Health & Wellness in November.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 16, 2013 Dr. Martin Luther King Jr. Health Center, Bahoo.net, Professional Transcription Company
Bronx, New York
MED DISC

37,000 (No Social Security numbers or financial information exposed)

Those with questions may call 1-(877)-451-9361.

Dr. Martin Luther King Jr. Health Center learned that a transcription vendor named Professional Transcription Company hired a subcontractor named Bahoo.net to work on data transcription.  Bahoo.net inadvertently made patient information viewable through public internet search engines.  The breach occurred in 2009. Patient names, treatments, procedures, diagnosis information, and dates of services may have been accessed.  Bahoo closed its website and destroyed the hard drive so that the public could no longer view the personal information.  It is unclear what types of data were on the hard drive and when it was posted because the hard drive was destroyed.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 16, 2013 Greater Dallas Orthopaedics, PLLC
Dallas, Texas
MED STAT

5,840 (No Social Security numbers or financial information reported)

Patients of Dr. Allaaddin Mollabashy and Dr. Nathan F. Gilbert may have had their information exposed by the September 1 office theft of two computers.  Patient names and medical information were on the password-protected laptops.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 14, 2013 Bailey's Health Center
Falls Church, Virginia
MED DISC

1,499

Patient information was kept on an unsecured computer server.  Names, Social Security numbers, addresses, pharmacy identification numbers, medication dosages, payment information, and names and addresses of prescribers may have been accessed by unauthorized parties.  The pharmaceutical records were discovered online on October 18 through a routine forensic audit.

 
Information Source:
Media
records from this breach used in our total: 1,499

December 14, 2013 Lanap and Implant Center of Pennsylvania
Collegeville, Pennsylvania
MED DISC

11,000

Those who want to know if they were affected may call 1-(570)-704-5854.

The Lanap and Implant Center learned of a breach on September 17, 2012.  Patient information had been uploaded to websites in February of 2010 where it could be downloaded by anyone.  Names, Social Security numbers, addresses, dates of birth, phone numbers, dates of appointments, types of services provided, dental insurance information, and other patient records were available.  At least 5,000 patients were informed of the breach sometime around November 1, 2012.  The information appears to still be available for download.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 11,000

December 13, 2013 The University of Connecticut (UConn) Health Center
Storrs, Connecticut
MED INSD

164 (No Social Security numbers or financial information exposed)

An employee accessed patient information without cause.  The employee's actions did not appear to be malicious and the employee was placed on administrative leave.  The incident or incidents were discovered on November 4.

 
Information Source:
Media
records from this breach used in our total: 0

December 13, 2013 University of North Carolina - Chapel Hill
Chapel Hill, North Carolina
EDU DISC

6,500

Electronic files that contained names, Social Security numbers, tax identification numbers, addresses, and dates of birth were discovered online on November 11.  The information was taken down on November 23 and appears to have accidentally ended up online after maintenance work on a University computer disabled a privacy feature during the summer.

UPDATE (12/17/2013): Over 6,500 individuals were affected.  The breach affected current and former staff as well as fewer than 200 students.  The data affected may date back as far as 1999.

 
Information Source:
Media
records from this breach used in our total: 6,500

December 13, 2013 Target Corp.
Minneapolis, Minnesota
BSR HACK

40 million

A notice from Target Corp. can be found here: Target's CEO with a message to consumers

Customers with questions may call Target at 866-852-8680866-852-8680 or visit Target's main website.

Target discovered that hackers may have accessed customer debit and credit card information during the Thanksgiving and Christmas shopping season. Customers who used a payment card at any of Target's stores nationwide between November 27, 2013 and December 15, 2013 may have had their payment card information copied for fraudulent purposes. Credit card companies and banks have been notifying customers of the issue and advising them to watch for suspicious charges. Customer names, credit or debit card numbers, card expiration dates, and card security codes were taken and have appeared on the black market.

UPDATE (12/24/2013): Target now faces at least three class-action lawsuits as a result of the breach. A wave of scam artists are attempting to profit from the breach by posing as Target or bank representatives addressing the breach. People who shopped at Target are being warned not to give their information out over the phone. Target is working with the U.S. Department of Justice and the Secret Service to investigate the breach.

UPDATE (12/27/2013): Target customers are also being warned to be suspicious of emails claiming to be from Target or banks that request personal information. It is estimated that the breach may cost Target up to $3.6 billion. It appears that online customers were not affected.

UPDATE (12/28/2013): Target confirmed that PINs associated with payment cards were also exposed.

UPDATE (1/2/2014): East-West bank has issued a letter to their card holders warning that some of their accounts may have been compromised due to the Target data breach. East-West bank has issued new credit cards to their customers who shopped at any Target stores to reduce any potential unauthorized use of a card. (Source CA Attorney Generals' Office)

UPDATE (1/10/2014): Target Corp. says that up to 70 million people were affected by the data breach, significantly more than was originally suspected. Experts predict the numbers could climb even higher than 70 million once the company completes its investigation.

UPDATE (1/13/2014): Target Corp. has confirmed that malware was found on the Point of Sale devices. The malware has been removed. The number of individuals affected are now said to be 110 million individuals, 70 million more than originally thought.

UPDATE (1/13/2014): Security experts are stating that Target may not be alone in the data breach. Neiman Marcus and at least 3 other unnamed retailers (these retailers are thought to be located in Eastern Europe) may also have been compromised as federal investigators track what they believe to be an international crime ring.

UPDATE (1/14/2014): Companies that help Target process payments could be facing millions of dollars in fines and costs as a result of the data breach.

UPDATE (1/16/2014): The malware that infected in the Target POS systems has been found and is known as the Trojan.POSRAM, according to new report by investigators. "The malware is a memory-scraping tool that grabs card data directly from point-of-sale terminals and then stores it on the victims system for later retrieval". The malware was originally thought to have been developed in Russia, known as BlackPOS. This new version is considered to be highly customized so that current anitvirus programs would not have detected it as reported by investigative agencies.

UPDATE (1/20/2014): "A 17 year-old Russian national from St. Petersburg is thought to be responsible for the malicious programming that allowed for data from Target and Neiman Marcus to be compromised," according to a California based security firm.

UPDATE (1/21/2014): Two Mexican citizens were arrested at the border in South Texas for the purchase of thousands of dollars worth of merchandise with information stolen during the Target security breach, as reported by a South Texas police chief.

A spokesman with the Secret Service announced that the investigation is ongoing into the possibility of a link between the Target breach and the two arrested in Texas.

UPDATE (1/29/2014): The malware used in the Target attack could suggest a poorly secured feature built into a popular IT management software product that was running on the retailers internal newtork.

UPDATE (1/29/2014): A Target Corp. investor filed suit in Minnesota federal court Wednesday, against the retailers Executives holding them liable for damage caused by the holiday season data breach that saw hackers steal personal and financial information from tens of millions of customers.

Shareholder Maureen Collier filed the suite with a complaint alleging that Target's board and top executives harmed the company financially by failing to take adequate steps to prevent the cyberattack then by subsequently providing customers with incomplete and misleading information about the extent of the data theft.

"The suit brings claims of breach of fiduciary duty, gross mismanagement, waste of corporate assets and abuse of control, and seeks monetary damages on behalf of the company from the 14 named officers and directors".

UPDATE (2/5/2014): Hackers who broke into Target's computer network and stole customers' financial and personal data used credentials alledgedly  were stolen from a heating and air conditioning subcontractor in Pennsylvania, according to digital security journalist Brian Krebs.

It appears as though the air conditioning company was given access to Target's computer network in order for the vendor to make remote changes to the system to  cut heating and cooling costs. Target has not confirmed the accuracy of this report.

UPDATE (2/6/2014): Target Corporation announced they are fast tracking new credit card security technology in their stores, 6 months earlier than originally planned. Target's CFO announced it is moving up its goal to utilize chip-enabled smart cards, and now plans to have them in stores by early 2015. These cards encrypt point of sale data, rendering the credit card number less useful if stolen. Currently this technology is more prevalent outide of the US, but have resulted in lower card number thefts in other countries, notably Canada and the United Kingdom.

UPDATE (2/15/2014): The breach at the Target Copr. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at the HVAC contractor Fazio Mechanical in Sharpsburg Pennsylvania. According to Krebs on Security, "multiple sources close to the investigation now tell this reporter that those credentials were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers."

UPDATE (5/5/2014): Target's CEO has resigned in the wake of the data breach over the holiday season. He is claiming the breach was his fault. He is the second major executive to resign. Earlier in the year the company's Chief Technology Office resigned as well. The CFO of the company will take over as the interim CEO.

UPDATE (8/7/2014): Target has announced that the data breach will cost it's shareholders $148 million.

 
Information Source:
Media
records from this breach used in our total: 40,000,000

December 12, 2013 inSync, Cottage Hospital, Cottage Health System
Santa Barbara, California
MED DISC

32,755 (No Social Security numbers or financial information exposed)

A Cottage Hospital vendor removed an electronic security device without notifying Cottage Hospital.  The removal may have exposed patient information.  Patients treated at centers in Goleta, Santa Ynez, and Santa Barbara between September 29, 2009 and December 2, 2013 may have had their lab results, procedures performed, and other medical details relating to diagnosis exposed.

UPDATE (12/13/2013): Patient names, dates of birth, addresses, and health information may have been exposed.

UPDATE (12/15/2013): Cottage Hospital's vendor was inSync.

 
Information Source:
Media
records from this breach used in our total: 0

December 12, 2013 Boston Convention and Exhibition Center
Boston, Massachusetts
BSO CARD

300

At least seven employees of Boston Convention and Exhibition Center and 300 people who attended conventions during the fall may have been affected by a credit card breach.  It is unclear how the credit card information may have been accessed and the exact dates when customers would have been vulnerable.

 
Information Source:
Media
records from this breach used in our total: 300

December 11, 2013 University of Iowa
Iowa City, Iowa
EDU HACK

Unknown

An employee called the University of Iowa's help desk after clicking a suspicious link in an email.  It was discovered that the personal information and direct deposit information of over a dozen University of Iowa employees may have been exposed through compromised employee computers and accounts.  At least two employees had an unspecified, but large amount of money stolen from their November paychecks.  Two sets of phishing emails were sent to nearly 2,000 University of Iowa employees and the scam has been contained. 

 
Information Source:
Media
records from this breach used in our total: 0

December 11, 2013 Los Angeles Gay & Lesbian Center
Los Angeles, California
NGO HACK

59,000 (Unknown number of Social Security numbers)

A cyber attack caused the information of clients associated with the L.A. Gay and Lesbian Center to be affected between September 17, 2013 and November 8, 2013.  Names, Social Security numbers, credit card information, dates of birth, contact information, medical information, and health insurance account numbers may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0

December 10, 2013 Office of Dr. Stephen Imrie
San Jose, California
MED PORT

8,900

Those with questions may call 1-888-407-4736.

The September 23 home burglary of a password-protected laptop and other items may have exposed patient information.  The laptop contained patient first and last names, Social Security numbers, dates of birth, telephone numbers, surgical information, medical history, and other information related to patient records.

 
Information Source:
California Attorney General
records from this breach used in our total: 8,900

December 9, 2013 Southern Illinois University (SIU) HealthCare
Springfield, Illinois
MED PORT

1,891 (No Social Security numbers or financial information reported)

The loss or theft of a former SIU orthopedic surgeon's computer resulted in the exposure of patient information.  The loss or theft was discovered on October 15.  Information included patient names, dates of birth, admission dates, medical record numbers, diagnoses, procedural codes, and other health information from patients treated by Dr. Mark P. McAndrew.

 
Information Source:
Media
records from this breach used in our total: 0

December 6, 2013 B&G Foods North America, Inc., Maple Grove Farms
St. Johnsbury, Vermont
BSR HACK

Unknown

Those with questions may call 1-888-887-3268 between 8:00 a.m. and 4:30 p.m., Eastern Time, Monday through Friday.

On November, 16, B&G Foods North America, Inc. discovered that an unauthorized party accessed Maple Grove Farms' website.  Customers who made online purchases may have had their names, addresses, telephone numbers, and payment card numbers exposed.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 6, 2013 Horizon Healthcare Services, Inc. (Horizon Blue Cross Blue Shield)
Newark, New Jersey
BSF PORT

840,000

Sometime between November 1 and 3, two unencrypted laptops were stolen from employee workstations.  The laptops were password-protected and cable-locked to the workstations.  Names, Social Security numbers, addresses, dates of birth, Horizon Blue Cross Blue Shield New Jersey identification numbers, and demographic information may have been exposed.  Almost 840,000 Horizon Blue Cross Blue Shield members were affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 840,000

December 6, 2013 Houston Methodist Hospital
Houston, Texas
MED PORT

1,300

The December 5 theft of an encrypted laptop and files resulted in the exposure of transplant patient information.  Names, Social Security numbers, and dates of birth may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 1,300

December 5, 2013 JPMorgan Chase
New York, New York
BSF HACK

465,000

The information associated with JPMorgan Chase prepaid cash cards (Ucards) that were issued to corporations for employee payments and for government issued tax refunds, unemployment, and other benefits may have been accessed by hackers. The breach happened back in July of 2013 and JPMorgan learned of the breach sometime during the middle of September.  The breach was disclosed after an investigation revealed which customer accounts may have been affected.

UPDATE (12/06/2013): Hackers were able to breach the www.ucard.chase.com website and access personal information.  The passwords appeared in plain text during the course of the attack.

Child support payments may have also been affected.  The Department of Social Services, the Department of Labor, and the Department of Children and Families sent out prepaid cards that were affected.  The breach affected people nationwide. Government agencies in Maine, Utah, Connecticut, and Pennsylvania confirmed they were affected.

UPDATE (12/09/2013): Rhode Island residents were also affected.

UPDATE (12/12/2013): Michigan residents were also affected.  Beneficiaries were affected nationwide.  Each state has a different number of residents who were affected.

 
Information Source:
Media
records from this breach used in our total: 465,000

December 4, 2013 ADP, Facebook, Gmail, LinkedIn, Twitter, Yahoo, YouTube
,
BSO HACK

2 million (No Social Security numbers or financial information reported)

There is no specific location for this breach.

A breach that involved keylogging software affected at least 93,000 websites.  The virus may have originated on a server located in the Netherlands.  It first started collecting passwords and usernames on October 21. Approximately 860 computers in the United States were affected. More than 99% of the computers that were affected were outside of the United States.

 
Information Source:
Media
records from this breach used in our total: 0

December 3, 2013 Chicago Public Schools
Chicago, Illinois
EDU DISC

2,000 (No Social Security numbers or financial information reported)

The vision exam dates, diagnoses, dates of birth, genders, identification numbers, and school names of students were accidentally made available to the public online between June 18 and July 31, 2013.  The breach was discovered on October 7 and the Chicago vision exam program information was removed.  The information was viewed by 14 people during that time.  All cached and archived versions of the information were also removed from the Internet.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 3, 2013 MadeInOregon
Portland, Oregon
BSR HACK

1,700 

MadeInOregon's website may have been accessed by unauthorized parties.  The credit card transaction information of customers may have been accessed between mid-October and mid-November. Seven customers confirmed that they were affected by fraudulent credit card activity after making purchases on MadeInOregon's website.

 
Information Source:
Media
records from this breach used in our total: 1,700

December 2, 2013 Board of Barbering and Cosmetology
Sacramento, California
GOV STAT

Unknown

Those with questions may call 1-(866)-968-7797.

The August 23 office burglary of a desktop computer resulted in the exposure of sensitive information.  Individuals who participated as models during cosmetology, barbering, manicure, esthetician, or electrology exams may have had their names, dates of birth, and California drivers' license or identification card numbers exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 2, 2013 UNICEF ("U.S.Fund")
New York, New York
GOV HACK

Unknown

On December 2, 2013 the United States Fund for UNICEF discovered unauthorized access to one of the U.S Fund's servers on or around November 4, 2013. The initial investigation by the agency showed only one server affected, however the personal information exposed included names, credit card numbers, credit card security codes, expiration dates of the cards, bank account numbers, phone numbers, and email addresses.

 

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

November 29, 2013 University of Washington Medicine
Seattle, Washington
MED HACK

90,000

An employee at UW Medicine opened an email attachment that contained malicious software in early October.  The malware affected the employee's computer and any information on the computer may have been compromised.  Patient names, Social Security numbers, phone numbers, addresses, and medical record numbers may have been affected.  Patients who were seen at UW Medicine dating back to at least 2008 could have had their information exposed.  Notifications of the breach were sent at the end of November.

 
Information Source:
Media
records from this breach used in our total: 90,000

November 28, 2013 Florida Digestive Health Specialists
Bradenton, Florida
MED INSD

4,400

An employee was found to have improperly accessed and photographed patient records.  The issue was discovered when the employee had the images printed at a store and a store employee reported the incident.  Patient names, Social Security numbers, dates of birth, and phone numbers were exposed.  The employee was fired and a criminal investigation has begun.

 
Information Source:
Media
records from this breach used in our total: 4,400

November 28, 2013 The Flamingo Resort and Spa
Santa Rosa, California
BSO HACK

Unknown

Employees with questions may call 1-(800)-848-8300.

A virus was discovered on The Flamingo Resort and Spa payroll computer.  Employee names, Social Security numbers, bank routing numbers for those who used direct deposit, dates of birth, phone numbers, and home addresses may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0

Breach Total
872,715,019 RECORDS BREACHED
(Please see explanation about this total.)
from 4,392 DATA BREACHES made public since 2005
Showing 251-300 of 4392 results


X

Sign In!

Loading