Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
872,701,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,380 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
December 20, 2013 StakerLaw Tax and Estate Planning Law
Camarillo, California
BSF PHYS

Client files which included social security numbers and other asset information.

On Friday December 20, 2013 the owner of the firm had his home burglarized in which the firms back-up hard drive was stolen which contained the firms customer files containing sensitive personal information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 18, 2013 Washington Post
Washington, District Of Columbia
BSO HACK

Unknown

Hackers were able to access Washington Post employee usernames and passwords through an attack on the paper's servers.  The attack began through access to a server used by the Washington Post's foreign staff and then spread to more Washington Post servers.  The Washington Post and several other national papers were attacked in 2011 as well.

 
Information Source:
Media
records from this breach used in our total: 0

December 18, 2013 CITGO Petroleum Corporation
Houston, Texas
BSO DISC

Unknown

A folder with personal information was discovered in a location that made it accessible on CITGO's intranet to unauthorized employees.  The issue was discovered on October 9.  Social Security numbers, financial information, and other personal information could have been accessed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 17, 2013 Colorado Governor's Office of Information Technology
Denver, Colorado
GOV PORT

18,800

A Colorado state employee lost a flash drive that contained the information of current and former Colorado state employees.  It contained names, Social Security numbers, and a limited number of home addresses.  The flash drive was discovered missing in late November and is believed to have been lost while the employee traveled between work sites.  Approximately 8,000 of those who were affected were current employees while 10,800 were former employees.

 
Information Source:
Media
records from this breach used in our total: 18,800

December 17, 2013 U.S. Federal Election Commission (FEC)
Washington, District Of Columbia
GOV HACK

Unknown

The U.S. Federal Election Commission's computer system was accessed by unauthorized parties sometime in October of 2013 during the government shutdown.  The system appears to have been infiltrated by hackers located in China.  The attack occurred at a time when no staff members were on duty to identify the issue.

 
Information Source:
Media
records from this breach used in our total: 0

December 17, 2013 Jonathan M. Wainwright Memorial VA Medical Center
Walla Walla, Washington
MED DISC

1,519

Some veterans may have had their information accidentally emailed to an external source on November 1.  An email sent to an external education partner contained an attachment with veteran information that included names and Social Security numbers.  The issue was contained within 10 minutes of the email being sent.

 
Information Source:
Media
records from this breach used in our total: 1,519

December 17, 2013 Radnor School District
Radnor, Pennsylvania
EDU DISC

2,000

An employee performing a transfer of personnel data accidentally left the data accessible and a middle school student viewed it.  The student also shared the information.  Current and former employees may have had their names, addresses, phone numbers, dates of birth, and Social Security numbers accessed as early as June and as late as the end of the 2012-2013 school year.  The breach was discovered in November.

 
Information Source:
Media
records from this breach used in our total: 2,000

December 17, 2013 Comprehensive Psychological Services LLC
Columbia, South Carolina
MED PORT

3,500 (No Social Security numbers or financial information reported)

The October 28 office theft of a laptop resulted in the exposure of patient information.  The laptop was password-protected and the patient files on it were not encrypted.  Neuropsychological testing, educational testing, custody evaluations, and other assessments and evaluations may have been exposed.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 17, 2013 UHS-Pruitt Corporation
Norcross, Georgia
MED PORT

1,300

Those with questions may call (678) 533-6437 or 1-800-222-0321.

Current and former residents of Heritage Healthcare of Ashburn, UniHealth Post-Acute Care Augusta Hills, Heritage Healthcare of Fitzgerald, Heritage Healthcare at Osceola, Palmyra Nursing Home and Sylvester Healthcare may have been affected by the September 26 theft of a laptop from an employee's car.  The laptop contained patient names, Social Security numbers, Medicare numbers, dates of birth, and resident ID numbers.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 1,300

December 17, 2013 UniHealth SOURCE
Austell, Georgia
MED PORT

2,500 (No Social Security numbers or financial information reported)

The October 8 theft of an employee's laptop resulted in the exposure of current and former client information.  The laptop was taken from the employee's car while it was parked at home.  Full names and potential diagnoses may have been exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 16, 2013 Tennessee Department of Treasury
Nashville, Tennessee
GOV INSD

6,300

An employee downloaded the information of 6,300 Nashville teachers in order to work from a personal computer and account at home.  A Tennessee Consolidated Retirement System file that contained teacher names, Social Security numbers, and dates of birth was uploaded by the employee around the time that he resigned from his position.  His personal computer and other electronic devices were seized by investigators.

 
Information Source:
Media
records from this breach used in our total: 6,300

December 16, 2013 Massachusetts Mutual Life Insurance Company
Springfield, Massachusetts
BSF DISC

Unknown

A MassMutual account manager accidentally included information about retirement plans in an email that was sent to an individual at a MassMutual retirement services client.  The client representative confirmed that the email was deleted. It contained an unspecified number of client information that included names, Social Security numbers, addresses, dates of birth, retirement plan names, and group numbers.  The incident occurred on December 3.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 16, 2013 Colorado Health & Wellness, Inc.
Colorado Springs, Colorado
MED INSD

651 (No Social Security numbers or financial information exposed)

Those with questions may call 1 (719)-576-2225.

A former doctor took patient information after ending his practice at Colorado Health & Wellness, Inc.  The breach was discovered on September 4, 2013 and involved patient names, addresses, telephone numbers, and email addresses. A notice was sent by Colorado Health & Wellness in November.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 16, 2013 Dr. Martin Luther King Jr. Health Center, Bahoo.net, Professional Transcription Company
Bronx, New York
MED DISC

37,000 (No Social Security numbers or financial information exposed)

Those with questions may call 1-(877)-451-9361.

Dr. Martin Luther King Jr. Health Center learned that a transcription vendor named Professional Transcription Company hired a subcontractor named Bahoo.net to work on data transcription.  Bahoo.net inadvertently made patient information viewable through public internet search engines.  The breach occurred in 2009. Patient names, treatments, procedures, diagnosis information, and dates of services may have been accessed.  Bahoo closed its website and destroyed the hard drive so that the public could no longer view the personal information.  It is unclear what types of data were on the hard drive and when it was posted because the hard drive was destroyed.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 16, 2013 Greater Dallas Orthopaedics, PLLC
Dallas, Texas
MED STAT

5,840 (No Social Security numbers or financial information reported)

Patients of Dr. Allaaddin Mollabashy and Dr. Nathan F. Gilbert may have had their information exposed by the September 1 office theft of two computers.  Patient names and medical information were on the password-protected laptops.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 14, 2013 Bailey's Health Center
Falls Church, Virginia
MED DISC

1,499

Patient information was kept on an unsecured computer server.  Names, Social Security numbers, addresses, pharmacy identification numbers, medication dosages, payment information, and names and addresses of prescribers may have been accessed by unauthorized parties.  The pharmaceutical records were discovered online on October 18 through a routine forensic audit.

 
Information Source:
Media
records from this breach used in our total: 1,499

December 14, 2013 Lanap and Implant Center of Pennsylvania
Collegeville, Pennsylvania
MED DISC

11,000

Those who want to know if they were affected may call 1-(570)-704-5854.

The Lanap and Implant Center learned of a breach on September 17, 2012.  Patient information had been uploaded to websites in February of 2010 where it could be downloaded by anyone.  Names, Social Security numbers, addresses, dates of birth, phone numbers, dates of appointments, types of services provided, dental insurance information, and other patient records were available.  At least 5,000 patients were informed of the breach sometime around November 1, 2012.  The information appears to still be available for download.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 11,000

December 13, 2013 The University of Connecticut (UConn) Health Center
Storrs, Connecticut
MED INSD

164 (No Social Security numbers or financial information exposed)

An employee accessed patient information without cause.  The employee's actions did not appear to be malicious and the employee was placed on administrative leave.  The incident or incidents were discovered on November 4.

 
Information Source:
Media
records from this breach used in our total: 0

December 13, 2013 University of North Carolina - Chapel Hill
Chapel Hill, North Carolina
EDU DISC

6,500

Electronic files that contained names, Social Security numbers, tax identification numbers, addresses, and dates of birth were discovered online on November 11.  The information was taken down on November 23 and appears to have accidentally ended up online after maintenance work on a University computer disabled a privacy feature during the summer.

UPDATE (12/17/2013): Over 6,500 individuals were affected.  The breach affected current and former staff as well as fewer than 200 students.  The data affected may date back as far as 1999.

 
Information Source:
Media
records from this breach used in our total: 6,500

December 13, 2013 Target Corp.
Minneapolis, Minnesota
BSR HACK

40 million

A notice from Target Corp. can be found here: Target's CEO with a message to consumers

Customers with questions may call Target at 866-852-8680866-852-8680 or visit Target's main website.

Target discovered that hackers may have accessed customer debit and credit card information during the Thanksgiving and Christmas shopping season. Customers who used a payment card at any of Target's stores nationwide between November 27, 2013 and December 15, 2013 may have had their payment card information copied for fraudulent purposes. Credit card companies and banks have been notifying customers of the issue and advising them to watch for suspicious charges. Customer names, credit or debit card numbers, card expiration dates, and card security codes were taken and have appeared on the black market.

UPDATE (12/24/2013): Target now faces at least three class-action lawsuits as a result of the breach. A wave of scam artists are attempting to profit from the breach by posing as Target or bank representatives addressing the breach. People who shopped at Target are being warned not to give their information out over the phone. Target is working with the U.S. Department of Justice and the Secret Service to investigate the breach.

UPDATE (12/27/2013): Target customers are also being warned to be suspicious of emails claiming to be from Target or banks that request personal information. It is estimated that the breach may cost Target up to $3.6 billion. It appears that online customers were not affected.

UPDATE (12/28/2013): Target confirmed that PINs associated with payment cards were also exposed.

UPDATE (1/2/2014): East-West bank has issued a letter to their card holders warning that some of their accounts may have been compromised due to the Target data breach. East-West bank has issued new credit cards to their customers who shopped at any Target stores to reduce any potential unauthorized use of a card. (Source CA Attorney Generals' Office)

UPDATE (1/10/2014): Target Corp. says that up to 70 million people were affected by the data breach, significantly more than was originally suspected. Experts predict the numbers could climb even higher than 70 million once the company completes its investigation.

UPDATE (1/13/2014): Target Corp. has confirmed that malware was found on the Point of Sale devices. The malware has been removed. The number of individuals affected are now said to be 110 million individuals, 70 million more than originally thought.

UPDATE (1/13/2014): Security experts are stating that Target may not be alone in the data breach. Neiman Marcus and at least 3 other unnamed retailers (these retailers are thought to be located in Eastern Europe) may also have been compromised as federal investigators track what they believe to be an international crime ring.

UPDATE (1/14/2014): Companies that help Target process payments could be facing millions of dollars in fines and costs as a result of the data breach.

UPDATE (1/16/2014): The malware that infected in the Target POS systems has been found and is known as the Trojan.POSRAM, according to new report by investigators. "The malware is a memory-scraping tool that grabs card data directly from point-of-sale terminals and then stores it on the victims system for later retrieval". The malware was originally thought to have been developed in Russia, known as BlackPOS. This new version is considered to be highly customized so that current anitvirus programs would not have detected it as reported by investigative agencies.

UPDATE (1/20/2014): "A 17 year-old Russian national from St. Petersburg is thought to be responsible for the malicious programming that allowed for data from Target and Neiman Marcus to be compromised," according to a California based security firm.

UPDATE (1/21/2014): Two Mexican citizens were arrested at the border in South Texas for the purchase of thousands of dollars worth of merchandise with information stolen during the Target security breach, as reported by a South Texas police chief.

A spokesman with the Secret Service announced that the investigation is ongoing into the possibility of a link between the Target breach and the two arrested in Texas.

UPDATE (1/29/2014): The malware used in the Target attack could suggest a poorly secured feature built into a popular IT management software product that was running on the retailers internal newtork.

UPDATE (1/29/2014): A Target Corp. investor filed suit in Minnesota federal court Wednesday, against the retailers Executives holding them liable for damage caused by the holiday season data breach that saw hackers steal personal and financial information from tens of millions of customers.

Shareholder Maureen Collier filed the suite with a complaint alleging that Target's board and top executives harmed the company financially by failing to take adequate steps to prevent the cyberattack then by subsequently providing customers with incomplete and misleading information about the extent of the data theft.

"The suit brings claims of breach of fiduciary duty, gross mismanagement, waste of corporate assets and abuse of control, and seeks monetary damages on behalf of the company from the 14 named officers and directors".

UPDATE (2/5/2014): Hackers who broke into Target's computer network and stole customers' financial and personal data used credentials alledgedly  were stolen from a heating and air conditioning subcontractor in Pennsylvania, according to digital security journalist Brian Krebs.

It appears as though the air conditioning company was given access to Target's computer network in order for the vendor to make remote changes to the system to  cut heating and cooling costs. Target has not confirmed the accuracy of this report.

UPDATE (2/6/2014): Target Corporation announced they are fast tracking new credit card security technology in their stores, 6 months earlier than originally planned. Target's CFO announced it is moving up its goal to utilize chip-enabled smart cards, and now plans to have them in stores by early 2015. These cards encrypt point of sale data, rendering the credit card number less useful if stolen. Currently this technology is more prevalent outide of the US, but have resulted in lower card number thefts in other countries, notably Canada and the United Kingdom.

UPDATE (2/15/2014): The breach at the Target Copr. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at the HVAC contractor Fazio Mechanical in Sharpsburg Pennsylvania. According to Krebs on Security, "multiple sources close to the investigation now tell this reporter that those credentials were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers."

UPDATE (5/5/2014): Target's CEO has resigned in the wake of the data breach over the holiday season. He is claiming the breach was his fault. He is the second major executive to resign. Earlier in the year the company's Chief Technology Office resigned as well. The CFO of the company will take over as the interim CEO.

UPDATE (8/7/2014): Target has announced that the data breach will cost it's shareholders $148 million.

 
Information Source:
Media
records from this breach used in our total: 40,000,000

December 12, 2013 inSync, Cottage Hospital, Cottage Health System
Santa Barbara, California
MED DISC

32,755 (No Social Security numbers or financial information exposed)

A Cottage Hospital vendor removed an electronic security device without notifying Cottage Hospital.  The removal may have exposed patient information.  Patients treated at centers in Goleta, Santa Ynez, and Santa Barbara between September 29, 2009 and December 2, 2013 may have had their lab results, procedures performed, and other medical details relating to diagnosis exposed.

UPDATE (12/13/2013): Patient names, dates of birth, addresses, and health information may have been exposed.

UPDATE (12/15/2013): Cottage Hospital's vendor was inSync.

 
Information Source:
Media
records from this breach used in our total: 0

December 12, 2013 Boston Convention and Exhibition Center
Boston, Massachusetts
BSO CARD

300

At least seven employees of Boston Convention and Exhibition Center and 300 people who attended conventions during the fall may have been affected by a credit card breach.  It is unclear how the credit card information may have been accessed and the exact dates when customers would have been vulnerable.

 
Information Source:
Media
records from this breach used in our total: 300

December 11, 2013 University of Iowa
Iowa City, Iowa
EDU HACK

Unknown

An employee called the University of Iowa's help desk after clicking a suspicious link in an email.  It was discovered that the personal information and direct deposit information of over a dozen University of Iowa employees may have been exposed through compromised employee computers and accounts.  At least two employees had an unspecified, but large amount of money stolen from their November paychecks.  Two sets of phishing emails were sent to nearly 2,000 University of Iowa employees and the scam has been contained. 

 
Information Source:
Media
records from this breach used in our total: 0

December 11, 2013 Los Angeles Gay & Lesbian Center
Los Angeles, California
NGO HACK

59,000 (Unknown number of Social Security numbers)

A cyber attack caused the information of clients associated with the L.A. Gay and Lesbian Center to be affected between September 17, 2013 and November 8, 2013.  Names, Social Security numbers, credit card information, dates of birth, contact information, medical information, and health insurance account numbers may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0

December 10, 2013 Office of Dr. Stephen Imrie
San Jose, California
MED PORT

8,900

Those with questions may call 1-888-407-4736.

The September 23 home burglary of a password-protected laptop and other items may have exposed patient information.  The laptop contained patient first and last names, Social Security numbers, dates of birth, telephone numbers, surgical information, medical history, and other information related to patient records.

 
Information Source:
California Attorney General
records from this breach used in our total: 8,900

December 9, 2013 Southern Illinois University (SIU) HealthCare
Springfield, Illinois
MED PORT

1,891 (No Social Security numbers or financial information reported)

The loss or theft of a former SIU orthopedic surgeon's computer resulted in the exposure of patient information.  The loss or theft was discovered on October 15.  Information included patient names, dates of birth, admission dates, medical record numbers, diagnoses, procedural codes, and other health information from patients treated by Dr. Mark P. McAndrew.

 
Information Source:
Media
records from this breach used in our total: 0

December 6, 2013 B&G Foods North America, Inc., Maple Grove Farms
St. Johnsbury, Vermont
BSR HACK

Unknown

Those with questions may call 1-888-887-3268 between 8:00 a.m. and 4:30 p.m., Eastern Time, Monday through Friday.

On November, 16, B&G Foods North America, Inc. discovered that an unauthorized party accessed Maple Grove Farms' website.  Customers who made online purchases may have had their names, addresses, telephone numbers, and payment card numbers exposed.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 6, 2013 Horizon Healthcare Services, Inc. (Horizon Blue Cross Blue Shield)
Newark, New Jersey
BSF PORT

840,000

Sometime between November 1 and 3, two unencrypted laptops were stolen from employee workstations.  The laptops were password-protected and cable-locked to the workstations.  Names, Social Security numbers, addresses, dates of birth, Horizon Blue Cross Blue Shield New Jersey identification numbers, and demographic information may have been exposed.  Almost 840,000 Horizon Blue Cross Blue Shield members were affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 840,000

December 6, 2013 Houston Methodist Hospital
Houston, Texas
MED PORT

1,300

The December 5 theft of an encrypted laptop and files resulted in the exposure of transplant patient information.  Names, Social Security numbers, and dates of birth may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 1,300

December 5, 2013 JPMorgan Chase
New York, New York
BSF HACK

465,000

The information associated with JPMorgan Chase prepaid cash cards (Ucards) that were issued to corporations for employee payments and for government issued tax refunds, unemployment, and other benefits may have been accessed by hackers. The breach happened back in July of 2013 and JPMorgan learned of the breach sometime during the middle of September.  The breach was disclosed after an investigation revealed which customer accounts may have been affected.

UPDATE (12/06/2013): Hackers were able to breach the www.ucard.chase.com website and access personal information.  The passwords appeared in plain text during the course of the attack.

Child support payments may have also been affected.  The Department of Social Services, the Department of Labor, and the Department of Children and Families sent out prepaid cards that were affected.  The breach affected people nationwide. Government agencies in Maine, Utah, Connecticut, and Pennsylvania confirmed they were affected.

UPDATE (12/09/2013): Rhode Island residents were also affected.

UPDATE (12/12/2013): Michigan residents were also affected.  Beneficiaries were affected nationwide.  Each state has a different number of residents who were affected.

 
Information Source:
Media
records from this breach used in our total: 465,000

December 4, 2013 ADP, Facebook, Gmail, LinkedIn, Twitter, Yahoo, YouTube
,
BSO HACK

2 million (No Social Security numbers or financial information reported)

There is no specific location for this breach.

A breach that involved keylogging software affected at least 93,000 websites.  The virus may have originated on a server located in the Netherlands.  It first started collecting passwords and usernames on October 21. Approximately 860 computers in the United States were affected. More than 99% of the computers that were affected were outside of the United States.

 
Information Source:
Media
records from this breach used in our total: 0

December 3, 2013 Chicago Public Schools
Chicago, Illinois
EDU DISC

2,000 (No Social Security numbers or financial information reported)

The vision exam dates, diagnoses, dates of birth, genders, identification numbers, and school names of students were accidentally made available to the public online between June 18 and July 31, 2013.  The breach was discovered on October 7 and the Chicago vision exam program information was removed.  The information was viewed by 14 people during that time.  All cached and archived versions of the information were also removed from the Internet.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 3, 2013 MadeInOregon
Portland, Oregon
BSR HACK

1,700 

MadeInOregon's website may have been accessed by unauthorized parties.  The credit card transaction information of customers may have been accessed between mid-October and mid-November. Seven customers confirmed that they were affected by fraudulent credit card activity after making purchases on MadeInOregon's website.

 
Information Source:
Media
records from this breach used in our total: 1,700

December 2, 2013 Board of Barbering and Cosmetology
Sacramento, California
GOV STAT

Unknown

Those with questions may call 1-(866)-968-7797.

The August 23 office burglary of a desktop computer resulted in the exposure of sensitive information.  Individuals who participated as models during cosmetology, barbering, manicure, esthetician, or electrology exams may have had their names, dates of birth, and California drivers' license or identification card numbers exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 2, 2013 UNICEF ("U.S.Fund")
New York, New York
GOV HACK

Unknown

On December 2, 2013 the United States Fund for UNICEF discovered unauthorized access to one of the U.S Fund's servers on or around November 4, 2013. The initial investigation by the agency showed only one server affected, however the personal information exposed included names, credit card numbers, credit card security codes, expiration dates of the cards, bank account numbers, phone numbers, and email addresses.

 

 
Information Source:
Vermont Attorney General
records from this breach used in our total: 0

November 29, 2013 University of Washington Medicine
Seattle, Washington
MED HACK

90,000

An employee at UW Medicine opened an email attachment that contained malicious software in early October.  The malware affected the employee's computer and any information on the computer may have been compromised.  Patient names, Social Security numbers, phone numbers, addresses, and medical record numbers may have been affected.  Patients who were seen at UW Medicine dating back to at least 2008 could have had their information exposed.  Notifications of the breach were sent at the end of November.

 
Information Source:
Media
records from this breach used in our total: 90,000

November 28, 2013 Florida Digestive Health Specialists
Bradenton, Florida
MED INSD

4,400

An employee was found to have improperly accessed and photographed patient records.  The issue was discovered when the employee had the images printed at a store and a store employee reported the incident.  Patient names, Social Security numbers, dates of birth, and phone numbers were exposed.  The employee was fired and a criminal investigation has begun.

 
Information Source:
Media
records from this breach used in our total: 4,400

November 28, 2013 The Flamingo Resort and Spa
Santa Rosa, California
BSO HACK

Unknown

Employees with questions may call 1-(800)-848-8300.

A virus was discovered on The Flamingo Resort and Spa payroll computer.  Employee names, Social Security numbers, bank routing numbers for those who used direct deposit, dates of birth, phone numbers, and home addresses may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0

November 28, 2013 Orange County Anaheim Medical Center, Kaiser Foundation Hospital
Anaheim, California
MED PORT

Unknown

Patients with questions may contact Kaiser Permanente at 1(800)-443-0815.

A flash drive that contained patient information was discovered missing on September 25, 2013.  It contained names, dates of birth, and medical record numbers.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 28, 2013 Amos Medical Services
Laurel, Maryland
MED PHYS

400 (No Social Security numbers or financial information reported)

Amos Medical Services was charged with improper disposal of records after leaving patient records in a dumpster.  The records were left behind when the office of Amos Medical Services moved within Laurel, Maryland.  Amos Medical Services and their associated doctor agreed to pay $20,000.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 28, 2013 CVS Pharmacy, Inc., Maryland CVS Pharmacy, LLC
Gaithersburg, Maryland
MED PHYS

Unknown

The Maryland Attorney General charged CVS Pharmacy, Inc. and Maryland CVS Pharmacy, LLC with failing to protect sensitive financial and medical information.  CVS disposed of patient records in publicly accessible places. CVS agreed to pay $250,000 in a settlement with the Maryland Attorney General.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 27, 2013 Maricopa County Community College District
Phoenix, Arizona
EDU UNKN

2.49 million

An unspecified data breach may have exposed the information of current and former students, employees, and vendors.  Names, Social Security numbers, bank account information, and dates of birth may have been viewed by unauthorized parties.

UPDATE (12/02/2013): Student academic information may have also been exposed.  The Maricopa County Community College District's governing board will spend as much as $7 million to notify and offer credit monitoring to those who may have been affected.

UPDATE (12/07/2013): Estimations for the cost of the breach are as high as $14 million.

UPDATE (4/22/2014): Maricopa County Community College District waited seven months to inform 2.5 millions individuals (students, staff, graduates) of the security breach. The District is now in a class action lawsuit. The lawsuit claims that the "FBI warned the Maricopa County Community College District in January of 2011 that a number of its databases had been breached and made available for sale on the Internet". It was also reported that "the district's Information Technology Services employee also became aware of the security breach in January 2011, and repeatedly reported their findings to Vice Chancellor George Kahkedjian".

 
Information Source:
Media
records from this breach used in our total: 2,490,000

November 27, 2013 University of Pittsburgh Medical Center
Pittsburgh, Pennsylvania
MED INSD

1,300

An employee was found to have accessed patient records without legitimate cause.  The employee worked in a unit coordinator position for about a year and her supervisor was aware of the issue.  Patient names, Social Security numbers, medical records, dates of birth, contact information, treatment information, and diagnosis information were accessed.  The employee was fired.

 
Information Source:
Media
records from this breach used in our total: 1,300

November 27, 2013 California Employment Development Department
Sacramento, California
GOV DISC

Unknown

Unemployment claim filing notices were sent to employers that contained information of people who had never been employed with them.  An undisclosed number of people had their names and Social Security numbers mistakenly exposed.  The issue was discovered when several employers notified EDD that some of the names and Social Security numbers did not match their records.

UPDATE (11/22/2013): The erroneous mailings occurred between September 14, 2013 and October 9, 2013.

 
Information Source:
Media
records from this breach used in our total: 0

November 26, 2013 URM Stores
Spokane, Washington
BSR HACK

Unknown

URM Stores is the wholesaler that processes electronic payments made by customers of Yoke's Fresh Market, Rosauers, Super 1 Foods, Family Foods, Harvest Foods, CenterPlace Market, and Trading Co. Stores.

Customers with questions may call URM's call center at 877-237-7408.

Washington banks and credit unions noticed fraudulent activity on the debit and credit cards of grocery store customers.  The breach was traced to Yoke's Fresh Markets, Rosauers stores, and other grocery stores associated with URM stores.  The hacking incident occurred sometime between September and October.  Customers were encouraged to use cash, check, or an alternative form of payment card processing to pay in stores until the breach was resolved.

UPDATE (12/03/2013): Over 24 stores in Montana and an unspecified number of stores in Oregon were also affected.  URM believes the breach that allowed fraudulent copies of customer payment cards to be created has been contained.  Customers were encouraged to check their bank statements after URM allowed normal payment card purchases to resume.

 
Information Source:
Media
records from this breach used in our total: 0

November 26, 2013 Anthem Blue Cross
, California
MED DISC

24,500

The breach affected doctors across California.

The Social Security numbers and tax identification numbers of around 24,500 California doctors were accidentally posted in Anthem's online provider directory.  The information was available online at the end of October for about 24 hours.

 
Information Source:
Media
records from this breach used in our total: 24,500

November 25, 2013 University of California, San Francisco (UCSF)
San Francisco, California
MED PORT

8,294

The September 25 car theft of a physician's laptop may have resulted in the exposure of patient information.  The laptop may or may not have been encrypted and the physician is based in the Division of Gastroenterology at UCSF's School of Medicine. Patient names, Social Security numbers, dates of birth, and medical record numbers were on the laptop.  

 
Information Source:
Media
records from this breach used in our total: 8,294

November 25, 2013 Crown Castle International Corp
Canonsburg, Pennsylvania
BSO HACK

Unknown

Crown Castle determined on October 31 that their payroll information may have been accessed by hackers.  Employee names, Social Security numbers, and compensation may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0

November 22, 2013 Redwood Memorial Hospital
Fortuna, California
MED PORT

1,039 (No Social Security numbers or financial information reported)

Patients with questions may call 1 (707)-269-3685.

An unencrypted flash drive from Redwood Memorial Hospital's Cardiopumlonary Services Department was discovered missing on November 8.  The flash drive had been missing since at least November 6 and contained patient names, report ID numbers, test indications, ages, heights, weights, test recording and analysis dates and times, facility and address where services were rendered, and clinical summaries of test findings.  Some patients who were seen at Redwood Memorial Hospital between 2001 and 2013 may have had their information exposed.  

 
Information Source:
Media
records from this breach used in our total: 0

November 21, 2013 Clarity Media Group
Denver, Colorado
BSO PORT

Unknown

The October 12 theft of a laptop resulted in the exposure of current and former employee information.  Current and former employees of Clarity Media Group's subsidiaries and of Freedom Communications were also affected.  Names, Social Security numbers, mailing addresses, email addresses, phone numbers, dates of birth, salaries, and 401(k) balances were on the laptop.  The dependents of employees may have also had their information exposed.

 
Information Source:
Media
records from this breach used in our total: 0

Breach Total
872,701,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,380 DATA BREACHES made public since 2005
Showing 251-300 of 4380 results


X

Sign In!

Loading