Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
931,529,111 RECORDS BREACHED
(Please see explanation about this total.)
from 4,467 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
July 23, 2010 Thomas Jefferson University Hospitals
Philadelphia, Pennsylvania
EDU PORT

21,000

A password-protected laptop was stolen from the office of an employee on June 14.  The computer should not have contained protected health information, but did.  It also contained the name, birth date, gender, ethnicity, diagnosis, Social Security number, insurance information, and hospital account number of approximately 24,000 patients.

 
Information Source:
Databreaches.net
records from this breach used in our total: 21,000

July 25, 2012 Oregon State University
Corvallis, Oregon
EDU INSD

21,000

An unnamed check printing vendor for the University copied data from the University's cashier's office during software upgrades.  The information included 30,000 to 40,000 checks that contained student and employee names, University IDs, check numbers, and check amounts.  Current and former student, faculty, and staff records older than 2004 may have included Social Security numbers. it does not appear that the vendor acted with malicious intent.

 
Information Source:
Media
records from this breach used in our total: 21,000

April 15, 2005 California Department of Health Services
Sacramento, California
GOV PORT

21,600

A laptop containing the names, Social Security numbers, and medical information of Medi-Cal beneficiaries was stolen from the car trunk of an employee.  The Department of Health Services began notifying beneficiaries in late May.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,600

September 15, 2005 Miami University
Hamilton, Ohio
EDU DISC

21,762

A report containing Social Security numbers and grades of students was accessible online for three years.  The University is attempting to contact those affected via letters and emails.  A graduate alerted the University to the exposure after running a Google.com search of her name.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,762

August 30, 2010 Aon Consulting
Chicago, Illinois
BSF DISC

22,000

The Social Security numbers, genders and dates of birth of retirees in Delaware were accidentally posted online for four days as part of a Request for Proposal for the State of Delaware. Names were not included.

UPDATE (9/2/10): A woman affected by Aon's failure to remove personal information from the request has filed a class action lawsuit against Aon Consulting.

 
Information Source:
Dataloss DB
records from this breach used in our total: 22,000

May 8, 2007 University of Missouri
Columbia, Missouri
EDU HACK

22,396

(866) 241-5619

A hacker accessed a computer database containing the names and Social Security numbers of employees of any campus within the University system in 2004 who were also current or former students of the Columbia campus.

 
Information Source:
Dataloss DB
records from this breach used in our total: 22,396

November 13, 2006 Connors State College
Warner, Oklahoma
EDU PORT

Considerably more than 22,500

(918) 463-6267, perline@connorsstate.edu

On Oct. 15, a laptop computer was discovered stolen from the college. (It has since been recovered by law enforcement). The computer contains Social Security numbers and other data for Connors students plus 22,500 high school graduates who qualify for the Oklahoma Higher Learning Access Program scholarships.

 
Information Source:
Dataloss DB
records from this breach used in our total: 22,500

December 14, 2007 Deloitte & Touche, IKON Office Solutions
New York, New York
BSF PORT

22,634

A laptop was stolen from a contractor working on scanning Deloitte's pension fund documents.  The laptop contained names, Social Security numbers, dates of birth, start and end dates and other personnel information of Deloitte partners, principals and other employees.  The laptop was stolen sometime around Thanksgiving.  Deloitte no longer works with the service provider.

 
Information Source:
Dataloss DB
records from this breach used in our total: 22,634

May 22, 2013 Vendini, Inc.
San Francisco, California
BSO HACK

22,900

Those with questions may call Vendini at 800-836-0473.

Vendini's blog statement can be read here: http://blog.vendini.com/

Anyone who used Vendini for ticket purchases may have had their financial information exposed during a March breach.  A hacker accessed Vendini's server and may have obtained customer names, addresses, email addresses, credit card numbers, and credit card expiration dates.  A total of 22,900 customers from Augusta, Maine may have been affected.  It is unclear if people from other states were also affected.

UPDATE (06/12/2013): The unauthorized intrusion was first detected on April 25.  

 
Information Source:
Media
records from this breach used in our total: 22,900

July 25, 2006 Georgetown University Hospital
Washington, District Of Columbia
MED DISC

between 5,600 and 23,000 patients were affected (23,000 added to total below)

Patient data was exposed online via the computers of an e-prescription provider, InstantDx. Data included names, addresses, SSNs, and dates of birth, but not medical or prescription data. GUH suspended the trial program with InstantDX.

 
Information Source:
Dataloss DB
records from this breach used in our total: 23,000

July 17, 2008 University of Maryland
College Park, Maryland
EDU DISC

23,000

University of Maryland accidentally released the addresses and Social Security numbers of thousands of students. A brochure with on-campus parking information was sent by U.S. Mail to students. The University discovered the labels on the mailing had the students' Social Security numbers on it.

 
Information Source:
Dataloss DB
records from this breach used in our total: 23,000

June 11, 2012 University of North Florida (UNF)
Jacksonville, Florida
EDU HACK

23,246

UNF Housing has set up a webpage to distribute information about the breach. It can be found here.

UNF became aware of a server breach that exposed Social Security numbers and other sensitive information.  Students who submitted housing contracts between 1997 and spring 2011 may have had their information exposed. Multiple servers were affected and secured upon discovery. The information may have been accessed as early as spring of 2011.

 
Information Source:
Databreaches.net
records from this breach used in our total: 23,246

June 21, 2006 Cumberland County Emergency Medical Service
Fayetteville, North Carolina
MED PORT

24,350

Portable computer containing personal information of more than 24,000 people was stolen from ambulance of Cumberland Co. Emergency Medical Services on June 8th. It contained information on people treated by the EMS, including names, addresses, and birthdates, plus SSNs of 84% of those listed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 24,350

November 26, 2013 Anthem Blue Cross
, California
MED DISC

24,500

The breach affected doctors across California.

The Social Security numbers and tax identification numbers of around 24,500 California doctors were accidentally posted in Anthem's online provider directory.  The information was available online at the end of October for about 24 hours.

 
Information Source:
Media
records from this breach used in our total: 24,500

April 30, 2010 Our Lady of Peace
Louisville, Kentucky
MED PHYS

24,600

A flash drive containing personal information on 24,600 patients is missing from Our Lady of Peace psychiatric hospital. The drive contained the following information on patients admitted since 2002: patient names, room numbers, insurance company names and admission and discharge dates. It didn’t include diagnoses or treatments, Social Security numbers, dates of birth, telephone numbers or addresses for these patients. The drive also included the following information on patients assessed since 2009 but never admitted: name, date of assessment, date of birth and the time they left the hospital. For these patients, the information on the drive didn’t include diagnoses or treatments, Social Security numbers, telephone numbers, addresses or insurance information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 24,600

March 22, 2011 Laredo Independent School District
Laredo, Texas
EDU PORT

24,903

A disk that contained the Social Security numbers of all students in the Laredo Independent School District was lost or stolen sometime prior to February of 2011.

UPDATE (4/7/2011): Between August 2010 and January 2011, CDs that were mailed to the Texas Education Agency (TEA) were lost.  The CDs were unencrypted and contained student Social Security numbers, dates of birth and ethnicity.  The CDs were sent to TEA so that identifying information could be removed and the information could be passed along to the University of Texas at Dallas Education Research Center.  According to a TEA spokesperson, Laredo ISD’s data set is missing from a set of other district information that was sent. Though the TEA claims that only Laredo student information was exposed, the information of 164,406 students from eight Texas school districts was sent. The information on the unencrypted disks goes back 20 years.  This information includes current and former students in the top 10% of their class who graduated between 1992-2010 from Crowley, Harlingen, Round Rock, Killeen, Richardson, Irving, Mansfield, and Grand Prairie school districts.

 
Information Source:
Databreaches.net
records from this breach used in our total: 24,903

September 8, 2006 Berks County Sheriff's Office via contractor Canon Technology Solutions
Reading, Pennsylvania
GOV DISC

25,000

A confidential list of some of the County's 25,000 gun permit holders was exposed on the Web by the contractor that is developing a Web-based computer records program for the Sheriff's Office. Personal information included names, addresses and SSNs.

UPDATE (10/6/06): The Berks County solicitor's office says the entire list of more than 25,000 gun permit holders was exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 25,000

May 25, 2007 North Carolina Department of Transportation
Raleigh, North Carolina
GOV UNKN

25,000

https://apps.dot.state.nc.us/pio/releases/details.aspx?r=1179

A computer server used to back up employee identification badge records that included the names and Social Security numbers of NCDOT employees, contractors and other state employees was compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 25,000

September 10, 2008 Franklin Savings and Loan
Cincinnati, Ohio
BSF HACK

25,000

(877) 579-2267, (513) 605-4378

An unauthorized person gained access to a database on a company web site containing personal information such as names, addresses, phone numbers, account numbers, account balances and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 25,000

October 17, 2008 The Planet
Houston, Texas
BSO UNKN

25,000

A security breach that may have affected the customer portal account and server passwords, was discovered. The Planet identified the methods by which the systems were compromised and have closed those holes. Only two user accounts were definitely affected, and no credit card information is believed to have been compromised.

 
Information Source:
Media
records from this breach used in our total: 25,000

November 9, 2008 City of Charlottesville
Charlottesville, North Carolina
GOV PORT

25,000

Two laptops containing voter registration information were stolen from a building at Tonsler Park in Charlottesville sometime after the polls closed. The information on the computers included names, addresses, date of birth and DMV customer number.

 
Information Source:
Media
records from this breach used in our total: 25,000

January 1, 2010 collective2.com
Tenafly, New Jersey
BSO HACK

25,000

Users of the do-it-yourself trading site collective2.com received an “urgent” e-mail notifying them that the company's computer database had been breached by a hacker and that all users should log in to change their passwords immediately. That e-mail stated that the information accessed by the hacker included names, e-mail addresses, passwords and credit card information.

 
Information Source:
Media
records from this breach used in our total: 25,000

August 7, 2010 Fort Worth Allergy and Asthma Associates
Fort Worth, Texas
MED STAT

25,000

The June 29th theft of four computers resulted in patient records being exposed. The patient records contained addresses, Social Security numbers and dates of birth.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 25,000

September 19, 2010 Albrecht Discount (ALDI)
Chicago, Illinois
BSR CARD

25,000

Several ATMs inside or near grocery stores in the Chicago area were outfitted with skimming devices.  ALDI checked machines nationwide and removed a number of debit card terminals after discovering the problem.

UPDATE (10/1/10): A notice on the ALDI Inc. website reveals that customers in Hartford, Atlanta, Chicago, Indianapolis, Maryland, New Jersey, New York state, North Carolina, Pennsylvania, Charlotte (South Carolina), and Washington D.C. were affected by the breach.  The terminals were in stores between June 1 and August 31 of 2010.

UPDATE (12/2/10): Eight thousand Maryland residents and 17,000 New York residents were affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 25,000

September 15, 2011 United States Army
Alexandria, Virginia
GOV PORT

25,000

A CD with sensitive Non-Appropriated Fund retiree information was lost in the mail between Alexandria, Virginia and San Antonio, Texas.  The CD never officially arrived after being sent during the last week of August.  It contained retiree records with names, Social Security numbers, retirement date, type of retirement, amount of life insurance carried, term data, dates of service, and other retirement data.

 
Information Source:
Databreaches.net
records from this breach used in our total: 25,000

March 16, 2013 Salem State University
Salem, Massachusetts
EDU HACK

25,000

A server was found to be infected with a virus.  The University computer contained information related to paychecks distributed by the University.  Current and former employees who may have been students or staff may have been affected.

 
Information Source:
Media
records from this breach used in our total: 25,000

August 28, 2013 Infocrossing Inc, MO HealthNet, Missouri Department of Social Services
Jefferson City, Missouri
MED DISC

25,000

An error by Infocrossing, Inc. caused the personal information of a group of patients to be mailed to incorrect addresses.  The incident was discovered on June 6, 2013 and impacted correspondence sent between October 16, 2011 and June 7, 2013.  Names, dates of birth, MO HealthNet identification account numbers, county names, phone numbers, and the last four digits of Social Security numbers were exposed.

UPDATE (09/23/2013): The breach was originally thought to have affected fewer than 2,000 individuals and last between 2011 and 2013.  The Missouri Department of Social Services reported that the breach began when information was sent out in December of 2009. More than 25,000 Missouri residents were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 25,000

March 5, 2014 Sally Beauty Supply
Denton, Texas
BSR HACK

25,000

As reported by Krebs on Security, it appears that Sally Beauty Supply may be one of the latest victims of a string of credit card data breaches affecting their payment systems.

"On March 2, a fresh batch of 282,000 stolen credit and debit cards went on sale in a popular underground crime store.  Three different banks contacted by KrebsOnSecurity made targeted purchases from this store, buying back cards they had previously issued to customers".

The banks used a "common point of purchase" or "CPP" to determine where the cards were used over the same period of time. "Each bank independently reported that all of the cards (15 in total) had been used within the last ten days at Sally Beauty Supply locations across the United States".

The company had also detected some kind of intrusion into their network at or around the same time that the stolen card mapping or "CPP" dates that the banks found associated with Sally Beauty Supply. The company's initial investigation did not show any evidence that data was compromised at the store level. The company hired Verizon Enterprise Solutions for the initial and continued investigation.

UPDATE (3-17-2014): Sally Beauty has confirmed that the breach they suffered was due to hackers breaking into their network, stealing credit card data from stores. Originally the retailer would not confirm that they suffered a breach as they had no evidence that any credit card data was stolen. The company confirmed that "fewer than 25,000 records containing card present (track 2) payment card data have been illegally accessed on our systems and we believe have been removed." The company also states " As experience has shown in prior data security incidents at other companies, it is difficult to ascertain with certainty the scope of a data security breach/incident prior to the completion of a comprehensive forensic investigation. As a result, we will not speculate as to the scope or nature of the data security breach."

 
Information Source:
Media
records from this breach used in our total: 25,000

April 7, 2014 Deltek Inc.
Herndon, Virginia
GOV HACK

80,000

Software developer Deltek Inc. informed approximately 80,000 employees of a breach that occured in Deltek's GovWin IQ system.

The company confirmed that on March 13, 2014 they suffered a cyberattack where hackers obtained usernames, passwords and credit card information for individuals who use the GovWin IQ system. Of the 80,000 individuals affected, 25,000 of those may have had credit card information breached.

Those individuals who did have credit card information affected, the company is offering a membership to TransUnion Monitoring services for free.

It has also been reported that authorities have already made an arrest in this case.

Deltek has set up an email address for users to submit questions: protect@deltek.com.

 
Information Source:
Media
records from this breach used in our total: 25,000

August 22, 2014 US Investigations Services (USIS)
Falls Church, Virginia
GOV HACK

25,000

The US Investigations Services (USIS), a firm that performs background checks for U.S government employees had a breach in their data base. Cyber criminals were able to hack their system to gain personal information on employees with the Department of Homeland Security, U.S Immigration and Customs Enforcement and U.S Customs and Border Protection units.

The information breached included Social Security numbers, education and criminal history, birth dates, information on spouses, other relatives and friends including names and addresses.

Officials say the number may increase as the investigation continues.

More Information: http://www.reuters.com/article/2014/08/22/us-usa-security-contractor-cyb...

UPDATE (9/18/2014): "The Office of Personnel Management will not renew any of its contracts with USIS, the major Falls Church, Va., contractor that provides the bulk of background checks for federal security clearances and was the victim of a recent cyberattack, officials confirmed Tuesday evening".

USIS conducted over 21,000 background checks per month for the US government and has been under scrutiny since the data breach in August.

More Information: http://www.washingtonpost.com/business/economy/opm-to-end-usis-contracts...

UPDATE (11/14/2014) It appears that the breach affecting the Department of Homeland Security goes beyond just this US governmental agencies. The Ex-DHS official warns of more USIS breach victims and is warning that the breach likely affected other federal workers beyond DHS.

 
Information Source:
Media
records from this breach used in our total: 25,000

December 1, 2014 Highlands-Cashier Hospital
Highlands, North Carolina
MED DISC

25,000

Highlands-Cashier hospital in North Carolina informed patients of a data breach to their servers that contained patient data. The disclosure of the data was due to an error by one of their third party vendors, TruBridge a subsidiary of Computer Programs and Systems, Inc. when they were contracted to complete some specialized computer services.

A data security screening caught the disclosure on September 29, 2014 that exposed patient information between May 2012 through September 2014.

The information exposed included patient names, addresses, dates of birth, treatment information, diagnosis, helath insurance information and Social Security numbers. All of this information could be accessed via the Internet.

For those who might have been affected you can call 1-888-227-14161-888-227-1416  Monday through Friday between 9:00 a.m and 9:00 p.m Eastern Time.

More Information: http://www.phiprivacy.net/highlands-cashiers-hospital-discovers-patient-...

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 25,000

August 12, 2011 Reznick Group, AssureCare Risk Management Inc, Colonial Healthcare Inc, Gypsum Management and Supply
Plymouth, Minnesota
BSF HACK

25,330

The location listed is that of Assurecare Risk Management Inc.  Though 25,330 Gypsum employees were affected, the total number of individuals affected across companies was not reported.

Reznick's former service provider AssureCare reported a breach of a server that contained Reznick information.  The information from employee benefits plans from 2001 to 2006 could have been accessed by outside parties.  Current and former employees and their spouses may have had their names, Social Security numbers, addresses, dates of birth and medical information exposed.  The server was accessed by external intruders on May 9 and May 10 of 2011.

UPDATE (10/13/2011): Employees enrolled in Gypsum's health and dental care plans were also affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 25,330

June 22, 2006 U.S. Department of Agriculture (USDA)
Washington, District Of Columbia
GOV HACK

26,000

http://www.firstgov.gov/usdainfo.shtml

During the first week in June, a hacker broke into the Department's computer system and may have obtained names, Social Security numbers and photos of current and former employees and contractors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 26,000

December 8, 2005 J-Sargeant Reynolds Community College
Richmond, Virginia
EDU DISC

26,000

The names, Social Security numbers and addresses of students taking non-credit classes from 2000 to 2003 were posted online for months.  The information was compiled for a mailing list, but an employee posted it on the College's server.  A student informed officials of the mistake after accessing the information online.  The College began the process of removing the information from the web.

 
Information Source:
Dataloss DB
records from this breach used in our total: 26,000

August 9, 2006 Hoffman-La Roche Inc, McCladrey and Pullen LLP
Washington, District Of Columbia
BSR PORT

26,000

A laptop computer belonging to an employee of McCladrey and Pullen LLP was stolen on July 18. McCladrey conducts audits of Roche Savings and Pay Deferral Plan. The laptop included names, Social Security numbers, affiliation with the plan, plan account balance and 2005 plan withdrawal amounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 26,000

June 25, 2012 Towards Employment
Cleveland, Ohio
NGO PORT

26,000

Those with questions may call 216-297-4470 or go to the Towards Employment website: towardsemployment.org

The May theft of a laptop that contained Towards Employment client data may have exposed personal information.  The laptop was password protected and contained the names, Social Security numbers, and addresses of clients. Towards Employment is altering its policy so that only the last four digits of clients' Social Security numbers are tracked and used.

 
Information Source:
Media
records from this breach used in our total: 26,000

July 21, 2010 Lincoln National Life Insurance
Radnor, Pennsylvania
BSF DISC

26,840

A vendor printed a user name and password for agents and authorized brokers in a brochure.  The brochure was also posted on an agent's public website.  The login information enable access to a website containing medical records and other personal information from individuals seeking life insurance.  Applicant name, Social Security number, address, policy number, driver's license number and credit information is also on the website. 

 
Information Source:
Databreaches.net
records from this breach used in our total: 26,840

July 7, 2005 Michigan State University
East Lansing, Michigan
EDU HACK

27,000

Student information was compromised during an attack on the College of Education server.  The information included Social Security numbers, names, addresses, student courses, and personal identification numbers.  The breach occurred in April and students were emailed in July.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

February 16, 2006 Blue Cross and Blue Shield
Jacksonville, Florida
MED INSD

27,000

A contractor sent names and Social Security numbers of current and former employees, vendors and contractors to his home computer in violation of company policies.  A judge ordered the former computer consultant to reimburse the Jacksonville-based health insurer $580,000 for expenses related to his theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

June 29, 2006 AllState Insurance Huntsville branch
Huntsville, Alabama
BSF STAT

27,000

Over Memorial Day weekend, a computer containing personal data including images of insurance policies, correspondence and Social Security numbers was stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

July 17, 2007 Kingston Technology Co.
Fountain Valley, California
BSO HACK

27,000

A security breach may have compromised the names, addresses and credit card details of online customers. Kingston Technology is a computer memory vendor. The breach may have gone undetected for nearly 2 years.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

August 3, 2009 National Finance Center
Washington, District Of Columbia
GOV DISC

27,000

An employee with the National Finance Center mistakenly sent an Excel spreadsheet containing the employees' personal information to a co-worker via e-mail in an unencrypted form. The names and Social Security numbers of at least 27,000 Commerce Department employees were exposed.

 
Information Source:
Media
records from this breach used in our total: 27,000

February 4, 2010 Ceridian Corporation
Bloomington, Minnesota
BSF HACK

27,000

A hacker attack at payroll processing firm Ceridian Corp. of Bloomington has potentially revealed the names, Social Security numbers, and, in some cases, the birth dates and bank accounts of 27,000 employees working at 1,900 companies nationwide. In a Jan. 29 letter to an affected worker obtained by the Star Tribune, Ceridian said a hacker attacked its Internet payroll system Dec. 22 and 23.

UPDATE (6/1/2011): The Federal Trade Commission reached a settlement agreement with Ceridian.  According to the FTC, Ceridian did not adequately protect its network from reasonably foreseeable attacks and failed to encrypt the sensitive personal information that was stored on its network.  The settlement requires the company to establish a comprehensive information security program and to undergo 20 years of independent security audits.  Ceridian provides payroll and HR services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

April 18, 2014 University Pittsburgh Medical Center
Pittsburgh, Pennsylvania
MED HACK

27000

The University Pittsburgh Medical Center (UPMC) informed employees of a data breach that compromised employee's personal data, including their Social Security number and  the potential for fraudulent tax returns being filed in their name.

The number of employees affected was approximately 800. The full extent of the information exposed has not been communicated, however, due to the tax fraud, information such as names, addresses and Social Security numbers were assumed to be involved.

UPMC was aware of the breach in February and thought that the breach included only 27 individuals, but soon became aware that the breach was much larger. An investigation is currently being conducted.

UPDATE (4/21/2014): The extent of the data breach at UPMC thought to be around 800 employees, is much more extensive than originally believed. The current numbers are around 27,000 employees affected. UPMC is offering Lifelock for 12 months for those affected. A letter went out to those individuals with the information. For additional questions, UPMC has provided a toll free hotline (1-855-306-8274) or email JohnHouston@upmc.edu. A class action lawsuit has been filed against UPMC.

UPDATE (5/14/2014): On Friday May 9, 2014 the law firm of Kraemer, Manes & Associates sued University Pittsburgh Medical Center (UPMC) and Ultimate Software Group of Weston, Fla., over the loss of employee data and subsequent identity thefts. They are seeking class-action status in U.S. District Court, and would represent current and former UPMC employees who have been affected by the breach.

 
Information Source:
Media
records from this breach used in our total: 27,000

July 13, 2012 American Express Travel Related Services Company, Inc. (AXP)
Los Angeles, California
BSF CARD

27,257

A man was arrested in his Los Angeles home for allegedly purchasing and using stolen payment card numbers.  The credit and debit card numbers from American Express, Visa, MasterCard, and Discover were in the man's possession between January 11, 2012 and February 26, 2012.  The payment card numbers came from hacking the computer systems of a restaurant and a restaurant supply business in the Seattle area.  Two people who were associated with the hacking incidents had already been arrested. The man who purchased the payment card numbers is charged with conspiracy to access protected computers to further fraud, to commit access device fraud, and to commit bank fraud; eight counts of bank fraud; six counts of access device fraud; five counts of aggravated identity theft; and two counts of accessing a protected computer without authorization.

UPDATE (07/20/2012): Customer names and payment card expiration dates were also compromised.

 
Information Source:
Databreaches.net
records from this breach used in our total: 27,257

June 23, 2006 U.S. Navy
Washington, District Of Columbia
GOV UNKN

28,000

Navy personnel were notified on June 22 that a civilian website contained files with personal information of Navy members and dependents including names, birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

November 7, 2007 Carolinas Medical Center, NorthEast
Concord, North Carolina
MED PORT

28,000

A paramedic left a computer on the back bumper of an ambulance and then drove away. The laptop contains names, addresses, phone numbers and Social Security numbers of approximately 28,000 people who have been cared for by the Cabarrus County EMS over the last four years.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

March 18, 2009 Walgreens Health Initiative
Deerfield, Illinois
MED DISC

28,000

(866) 292-9063

Names, dates of birth and Social Security numbers of roughly 28,000 state retirees were e-mailed to the Kentucky Retirement Systems without being properly encrypted for security purposes by its pharmacy benefit provider. The e-mail contained dates of birth, Social Security numbers and health insurance claim numbers but not personal health information. The file contained information only on members who were both Medicare-eligible and used the retiree pharmacy benefit through Walgreens in 2007.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

May 18, 2009 NJ Department of Labor and Workforce Development
Trenton, New Jersey
GOV DISC

28,000

Unemployed New Jersey residents may have had their name and Social Security number accidentally delivered to an employer for which you did not work. The error occurred when department staff last month sent first-quarter reports to businesses that included a list of former employees receiving unemployment benefits. Because some companies had laid off a significant number of employees, the reports were longer than usual, requiring staff members to stuff the envelopes by hand rather by machine. Some reports were placed in the wrong envelopes.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

May 30, 2012 American Pharmacist Association (APhA), Pharmacist.com
Washington, District Of Columbia
NGO HACK

28,000

Hackers associated with the group Anonymous posted donations, emails, personal account information, server information, and other information from APhA's online database.  The hackers also claim to have accessed the records of 16,000 patients by hacking the website, but did not post that information. Anonymous claims that the organization was targeted due to its connection to government officials.

UPDATE (6/09/2012): Some names and addresses were also posted.  The data posted included information on over 28,000 visitors, donors, and members.

UPDATE (07/18/2012): The website was defaced on May 28.  APhA immediately noticed and shut down the website and related computer servers.  However, names, addresses, and credit card information (excluding security codes) stored on computer servers may have been accessed between April 23 and May 28.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

Breach Total
931,529,111 RECORDS BREACHED
(Please see explanation about this total.)
from 4,467 DATA BREACHES made public since 2005
Showing 3951-4000 of 4467 results


X

Sign In!

Loading