Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,495 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
February 27, 2010 Ameripath
Palm Beach Gardens, Florida
MED PORT

Unknown

A laptop containing sensitive information was stolen from an employee. The data included names, Social Security numbers, and addresses for patients, employees, or both.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 13, 2008 Milwaukee County
Milwaukee, Wisconsin
GOV DISC

Unknown

Milwaukee County officials mistakenly released numerous confidential court records for a citizens group's Web site that detail payments for tests and other costs linked to to mental competency, paternity and guardianship cases. Entries for psychiatric examinations and guardianship fees in which the clients' names were still listed.

 
Information Source:
Media
records from this breach used in our total: 0

February 25, 2010 Logic World Medical
Houston, Texas
MED INSD

Unknown

The owner and operator of Logic World Medical used the names, addresses, and account numbers of Medicaid beneficiaries to file false claims for payment of services and goods that he never provided.  Approximately $1,101,865.37 was fraudulently claimed between April of 2004 and August of 2006.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 15, 2008 Lexmark International
Lexington, Kentucky
BSO DISC

Unknown

The employee personal data was inadvertently exposed, it included Social Security numbers, dates of birth, along with names and addresses. The data was accessed by two unknown parties when the data was loaded to a company file sharing site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 18, 2008 First Magnus Financial
Ft. Lauderdale, Florida
BSF PHYS

Unknown

Outside a University of Phoenix Building in Ft. Lauderdale, files and paperwork belonging to the defunct First Magnus Financial were just lying in stacked boxes inside an industrial garbage container. The paperwork contained Social Security numbers, credit card information, addresses, and properties.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 4, 2010 HyCentral Medical Supplies and Equipment
Derry, New Hampshire
MED INSD

Unknown

The owner of the business used Medicare client information to obtain approximately $1.6 million worth of fraudulent claims.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

March 10, 2008 Texas Department of Health and Human Services
Austin, Texas
MED STAT

Unknown

Information, including Social Security numbers that could be used to steal Medicaid clients' identity may have been stored on two computers stolen during a burglary. Computers could have contained personal information only on e-mails. The e-mails, however, would normally contain only an individual's case number. It is unlikely those e-mails would have listed Social Security numbers.

 
Information Source:
Media
records from this breach used in our total: 0

March 29, 2010 Griffin Hospital
Derby, Connecticut
MED INSD

957 (0 SSNs and financial documents reported)

A former employee appears to have continued accessing patient names, medical information, dates of birth and medical record numbers.  Patients received soliciting phone calls from a physician at another hospital.

UPDATE (06/212012): The physician and radiologist responsible for the breach has been fined $20,000 for downloading patient information and using it to promote radiology services at Advanced Mobile Imaging Radiology.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

March 15, 2008 Utah Division of Finance
Salt Lake City, Utah
GOV HACK

500 - not included in total because it is unclear whether Social Security numbers or financial information was involved

Computer files containing the personal information of approximately 500 individuals may have been accessed by unauthorized persons during a security breach. An initial investigation indicates it is highly unlikely the person who breached the computer system was able to access any personal information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 8, 2010 Huntington Place Senior Community
Chalmette, Louisiana
MED DISC

Unknown

Personal documents were found in the abandoned nursing home. The documents included names, Social Security numbers, medical records and dates of birth of patients.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

March 19, 2008 Affordable Realty
Flint, Michigan
BSO PHYS

Unknown

Social Security numbers and financial records of customers. Affordable Realty occupied office space inside the Ben Agree building on Dort Highway for years. The company was evicted and all of its sensitive customer information ended up outside in a dumpster or on the ground nearby.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 20, 2008 Rampage Marketing Services
Columbus, Ohio
BSO PHYS

Unknown

The company, a licensed insurance agency, threw 14 boxes of files containing sensitive financial and medical information into a trash bin. An insurance agent for another company noticed the boxes in the shared bin and sent them back to the Insurance Department

 
Information Source:
Media
records from this breach used in our total: 0

March 4, 2010 Courage to Change
Houston, Texas
MED INSD

Unknown

The owner of the business used patient Medicaid information to fraudulently claim $968,583 from Medicaid between January of 2003 and September of 2006.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

March 29, 2008 Department of Human Resources
Atlanta, Georgia
GOV PORT

Unknown

A thief has stolen computer records containing identifying information on current and former employees of the state Department of Human Resources, including names, Social Security numbers, birth dates and home contact information. An external hard drive that stored a database was removed by an unauthorized person.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 7, 2008 Redbox
Oakbrook Terrace, Illinois
BSR CARD

Unknown

Redbox rents DVD movies via vending machine in drugstores and supermarkets throughout the country. They announced that they'd found credit card skimmers attached to three of their kiosks.

 
Information Source:
Media
records from this breach used in our total: 0

April 9, 2008 People's United Bank
Bridgeport, Connecticut
BSF PHYS

Unknown

For four months, a dumpster diver searched through trash bins outside People's United Bank branches in Fairfield County. He pulled out bags of paperwork with private information, including customers' Social Security numbers and account information.

UPDATE (5/1/08): The man who discovered bank records in the garbage outside local branches of People's United Bank in Connecticut has been sued to prevent him from informing people about the discovery. The man, discovered financial documents, including customer names, Social Security numbers, and account information. He was a no-show at a scheduled appearance in court. The bank won a restraining order against the man, which ordered him not to talk to bank customers, or disclose what he had discovered. He disregarded the order and made a documentary about the discovery. The man has already been fined $800 USD for refusing to hold his tongue, and now he has also been ordered to pay the bank's legal costs. According to the Connecticut Post, those costs are already up to around $40,000 USD.

 
Information Source:
Media
records from this breach used in our total: 0

April 10, 2008 Joliet West High School
Joliet, Illinois
EDU HACK

Unknown

A student using a school computer last month was able to access personal information about every student enrolled. The student allegedly downloaded a list of names and Social Security numbers to his iPod.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 12, 2008 Allied Waste
Boston, Massachusetts
BSO PHYS

Unknown

A strap on a garage truck snapped and sent reams of intact financial reports over downtown Boston streets.

 
Information Source:
Media
records from this breach used in our total: 0

April 14, 2008 Utah Department of Workforce Services
Salt Lake City, Utah
GOV INSD

Unknown

A former state employee who took applications from people seeking food stamps and other welfare aid worked with three others to steal the identity of Utah residents and charge tens of thousands of dollars in purchases.

 
Information Source:
Media
records from this breach used in our total: 0

April 15, 2008 First Federal Bank of California
Los Angeles, California
BSF UNKN

Unknown

Additional locations: Brookfield, WI (headquarters of Fiserv, Inc)

This bank was not the only financial institute impacted by a security breach that occurred in a banking in a subsystem of a financial data processor, Fiserv, Inc. of Wisconsin last month.The bank said that it was company policy not to reveal any details about the breach including the number of banks involved, how many customers were impacted, the depth of information breached, how extensive the breach was geographically even which federal agencies were involved. However, non-public private account information might be at risk.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 16, 2008 Hexter Elementary School
Dallas, Texas
EDU PHYS

Unknown

Employee and volunteer records were found at a recycling bin near the school. It's unknow what type of documents were found.

 
Information Source:
Media
records from this breach used in our total: 0

April 17, 2008 SunGard, Connecticut State University System, Buffalo State, Northwest Missouri State University
,
BSO PORT

Unknown

http://www.sungardhe.com/custom.aspx?id=1554&LangType=1033

At least 18 colleges are scrambling to inform tens of thousands of students they are at risk of having their identities stolen. A laptop computer that was stolen from a vendor contained the data of current and former students from the four state universities, including Western Connecticut State University. The computer was password-protected but contained unencrypted files with personally identifiable data, including names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 15, 2010 Los Angeles Firemen's Credit Union
Los Angeles, California
BSF DISC

Unknown

An "extremely small percentage" of member files were not properly moved when the CU relocated from an old location. The data that could have been compromised included members names, addresses, phone numbers, account numbers, Social Security numbers and other identifiers. The CU sought to reassure members that it did not believe any of their information had been compromised and that the CU had “state of the art protocols” available to validate member identifies. The CU also arranged for CU members who chose to do so to be able to enroll in a credit monitoring service for the next two years at no cost to them.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 20, 2008 Helping Homeless Veterans and Families Hoosier Veterans Foundation
Indianapolis, Indiana
NGO PHYS

Unknown

Hundreds of files containing medical histories and Social Security numbers were found in the trash on Indianapolis' east side. The records belong to homeless veterans. A lot of the things inside the folders are confidential information about the clients including Social Security numbers.

 
Information Source:
Media
records from this breach used in our total: 0

April 22, 2008 LendingTree
Charlotte, North Carolina
BSF INSD

Unknown

Outside loan companies may have accessed information, including Social Security numbers, between October 2006 and early 2008 and used it to market their own mortgages to LendingTree customers. Several former employees may have shared confidential passwords with a handful of lenders that were not approved by the company.

 
Information Source:
Media
records from this breach used in our total: 0

April 22, 2008 University of Massachusetts, Amherst
Amherst, Massachusetts
MED HACK

Unknown

Hackers breached the computer system used by UMass Amherst's Health Services, potentially gaining access to thousands of medical records. More than half of the student population at UMass Amherst are patients on record at the University Health Services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 22, 2008 HealthNow New York
Buffalo, New York
MED PORT

Unknown

Clients may be at risk for identity theft, after a former employee's laptop computer went missing with confidential information several months ago. The potential information includes names, dates of birth, Social Security numbers, addresses, employer group names, and health insurance identifier numbers.

 
Information Source:
Media
records from this breach used in our total: 0

April 22, 2008 Fishback Financial Corp.
Brookings, South Dakota
BSF HACK

Unknown

There has been an unauthorized access to one of the database servers by a third party. The database includes names, addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 22, 2008 Smithtown Post Office
Smithtown, New York
GOV INSD

Unknown

A Smithtown postal worker was arrested after he stole credit cards from the mail and went on a shopping spree.

 
Information Source:
Media
records from this breach used in our total: 0

April 24, 2008 Harmony Information Systems
Madison, Wisconsin
BSO DISC

Unknown

A computer program housing personal information about Wisconsin seniors and disabled people had a significant security hole. A senior center volunteer in McFarland said he could see hundreds of files of people's private information from across the country in the system run by Virginia-based Harmony Information Systems. The information is entered into an electronic record that includes the person's name and Social Security number.

 
Information Source:
Media
records from this breach used in our total: 0

April 25, 2008 University of Colorado, Boulder
Boulder, Colorado
EDU HACK

9,500 revised to 0

Three computers in the Division of Continuing Education and Professional Studies were compromised, leaving people open to potential identity theft. One of the three computers had personal data, including names, Social Security numbers, addresses and grades.

UPDATE (5/1/08): Upon further analysis, the University concluded that no personal data had been exposed. 9,500 records were initially thought to be comprised, but later this was revised to zero.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 25, 2008 Canton WiseBuys
Canton, New York
BSR HACK

Unknown

Someone apparently hacked into the Canton WiseBuys store computer system during a changeover between December 5, 2007 and December 20, 2007. The hacker obtained personal identification and banking numbers of hundreds of customers.

 
Information Source:
Media
records from this breach used in our total: 0

April 27, 2008 General Internal Medicine of Lancaster
East Hempfield Township, Pennsylvania
MED PORT

Unknown

A laptop was stolen from a doctors' office containing the Social Security numbers of patients.  The clinic is notifying 12,000 potential-affected patients.

 
Information Source:
Media
records from this breach used in our total: 0

May 1, 2008 Cove Creek Mortgage, Front Range Mortgage
Englewood, Colorado
BSF PHYS

Unknown

Sensitive mortgage files with people's personal information were recently found in a Dumpster. The files and computers contained sensitive information on many former customers of Front Range Mortgage, including names and addresses, Social Security numbers and bank, credit card and investment account information.

 
Information Source:
Media
records from this breach used in our total: 0

August 21, 2012 Bellacor.com, Inc.
Mendota Heights, Minnesota
BSR HACK

Unknown

A breach by an unauthorized party was discovered and contained on July 26.  The unauthorized party injected malicious code into the Bellacor website on June 7.  Temporary files including customer names, addresses, phone numbers, and encrypted credit card information may have been exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 5, 2008 Target America Inc., University of California, San Francisco (UCSF)
San Francisco, California
MED DISC

6,313 Not added to total. It is not clear if SSNs or financial account numbers were exposed.

Information on UCSF patients was accessible on the Internet. The information accessible online included names and addresses of patients along with names of the departments where medical care was provided. Some patient medical record numbers and the names of the patients' physicians also were available online.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 6, 2008 Northeast Security
West Haven, Massachusetts
BSO PHYS

Unknown

News Channel 8 found Social Security numbers, bank account numbers and even canceled checks inside a dumpster. The files appear to belong to Northeast Security, a subcontractor for Safe Home Security, based out of Rocky Hill. Northeast Security recently moved out of a West Haven storefront, and it seems they left their clients personal information behind.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 12, 2008 Pfizer
New York, New York
BSO PORT

13,000 (No SSNs or financial information reported)

(866) 274-3891

About 13,000 employees at Pfizer Inc., including about 5,000 from Connecticut, had their personal information compromised when a company laptop and flash drive were stolen. No Social Security numbers were on the laptop, but names, home addresses, home telephone numbers, employee ID numbers, positions and salaries were possibly compromised. Other information possibly lost included the department employees worked in, the Pfizer site where the employees worked, the name of employees' managers and descriptions of their jobs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 15, 2008 BB&T Insurance
Harrisonburg, Virginia
BSF PORT

Unknown

A BB&T Insurance laptop containing the personnel information of some Harrisonburg City Schools employees was stolen. The laptop, used by an outside sales representative to develop an insurance proposal for the school system, was stolen from a car. The information contained names, dates of birth, Social Security numbers, and, in some cases, medical history.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 16, 2008 Greil Memorial Psychiatric Hospital
Montgomery, Alabama
EDU PHYS

Unknown

Index cards containing patients personal information, names, dates of birth, even Social Security numbers are gone. Hundreds of records have simply disappeared.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 16, 2008 Amateur Athletic Union
Lake Buena Vista, Florida
NGO PHYS

Unknown

Boxes filled with personal information were found in a dumpster. Information on athletes and their guardians included Social Security numbers and copies of birth certificates.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 26, 2010 South Carolina Department of Health and Environmental Control
Columbia, South Carolina
GOV PHYS

1,824 (0 SSNs and financial information reported)

Over 1,824 people's information was found in a dumpster. It is not known what kind of personal information was included in the documents.

 
Information Source:
NAID
records from this breach used in our total: 0

May 18, 2010 The Vine Tavern and Eatery
Tempe, Arizona
BSR PHYS

Unknown

Personal documents including applicant names, Social Security numbers, and dates of birth were found in a dumpster. Customer checks with banking information and credit card receipts were also found. Reports indicate that thousands of pages of information were located.

 
Information Source:
NAID
records from this breach used in our total: 0

May 22, 2008 AT&T
San Antonio, Texas
BSO PORT

Unknown

A laptop was stolen from the car of an employee. The data on the computer was not encrypted -- a violation of company policy -- and included names, Social Security numbers and in some cases, salary and bonus information.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

June 10, 2008 1st Source Bank
South Bend, Indiana
BSF HACK

Unknown

1st Source Bank is replacing ATM cards this month for all its account holders after cyber-thieves accessed an unknown amount of debit-related data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 10, 2008 Wheeler's Moving Company
Boca Raton, Florida
BSO PHYS

Unknown

Personal files with tax information, Social Security numbers and license numbers, were found in a Boca Raton dumpster.

 
Information Source:
Media
records from this breach used in our total: 0

June 13, 2008 Texas Insurance Claims Services
Dallas, Texas
BSF PHYS

Unknown

Hundreds of files with people's names, Social Security numbers and policy numbers were found in a Richardson dumpster, apparently discarded by Texas Insurance Claims Services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 15, 2008 Conneticut Department of Administrative Services
Hartford, Connecticut
GOV DISC

Unknown

Department of Administrative Services posted the Social Security numbers of individual contractors on a state Web site. An audit also uncovered the Social Security numbers of prospective nursing employees accessible on an agency Web site for 19 months until a complaint was lodged.

 
Information Source:
Media
records from this breach used in our total: 0

June 18, 2008 Domino's Pizza
Tucson, Arizona
BSR PHYS

Unknown

Investigators found credit card numbers blowing in the wind. These piles and papers contained hundreds of old receipts from Domino's Pizza stores. The former owner had been discarding boxes of old records and somehow all those receipts got loose.

 
Information Source:
Media
records from this breach used in our total: 0

June 19, 2008 Citibank
New York, New York
BSF HACK

Unknown

A Citibank server that processes ATM withdrawals at 7-Eleven convenience stores has been breached. The breach of the Citibank server allowed two Brooklyn men to make hundreds of fraudulent withdrawals from New York City cash machines and pocket at least $750,000 in cash.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,495 DATA BREACHES made public since 2005
Showing 301-350 of 4495 results


X

Sign In!

Loading