Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
868,045,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,347 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
May 5, 2009 Spencer House Apartment Complex
Beaverton, Oregon
BSO PHYS

Unknown

Residents at an apartment complex blamed apartment management Monday for leaving their personal information out in the open. The documents were found in an unlocked public container that was sitting off a side street in their apartment complex. The documents included Social Security numbers, addresses, phone numbers, immigration numbers and names.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 11, 2009 Multiple financial institutions
New York, New York
BSF CARD

Unknown

A band of brazen thieves ripped off hundreds of New Yorkers by rigging ATMs to steal account and password information from bank customers. The first - a skimmer - went over the slot where customers insert their ATM cards. The skimmer read, and stored, the personal information kept in the magnetic strip on the back of the bank card. The second device was a tiny camera hidden in the lighted signs over the ATM. The pinhole camera lens pointed directly onto the ATM keypad and filmed victims typing in their supposedly secret PIN codes. The thieves would then create their own phony ATM cards and use their victims' PINs to access accounts.

 
Information Source:
Media
records from this breach used in our total: 0

May 18, 2009 Anderson Kia Car Dealership
Boulder, Colorado
BSR PHYS

Unknown

Police have chained up 10 recycling bins outside Boulder's now-defunct Anderson Kia car dealership after learning that the bins were stuffed with personal information from the dealership's former customers. Green recycling bins were piled full with folders, each headed with an individual's name. All of the folders contained Social Security numbers, driver's license information, photos, phone numbers and financial information for Kia customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 19, 2009 CompuCredit
Atlanta, Georgia
BSF DISC

120 (0 SSNs were accessed)

A computer processing error created a single image file of 120 account statements for the month of April. Statement files are delivered to the cardholder through the website in Adobe PDF format. Because of a load error, the system failed to detect page breaks between the account statements, thus resulting in the system believing that all of the pages belonged to a single statement. As a result, the PDF image file contained 119 statements in addition to the cardholder's statement. (Note: Monthly account statements do not include customers' Social Security numbers or PINs.)

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 19, 2009 Rudder
Houston, Texas
BSF DISC

Unknown

Rudder, a financial management company, erred in sending users' confidential financial information to the wrong individuals. Through an online financial planning application, hundreds of individuals were able obtain the full details on others' finances - their salary, debts, bank balance, and where they shop. Bank account numbers were apparently not exposed.

 
Information Source:
Media
records from this breach used in our total: 0

May 21, 2009 Internal Revenue Service
Washington, District Of Columbia
GOV PHYS

Unknown

Additional locations: several IRS document disposal facilities in the U.S.), http://www.treas.gov/tigta/auditreports/2009reports/200930059fr.pdf

The U.S Treasury Inspector General for Tax Administration found in a fiscal year 2008 audit that in more than a dozen IRS document disposal facilities, old taxpayer documents were being tossed out in regular waste containers and dumpsters. In addition, the investigation found that IRS officials failed to consistently verify whether contract employees who have access to taxpayer documents had passed background checks. Further, investigators had difficulty finding anyone responsible for oversight of most of the facilities that the IRS contracted with to burn or shred sensitive taxpayer documents. The review was performed at IRS offices in Phoenix, Tempe, and Tucson, Arizona New Carrollton, Maryland Holtsville, Garden City, and Westbury, New York and Ogden, Utah, and included questionnaires to 14 Territory Managers across the country during the period September 2007 through May 2008.

 
Information Source:
Media
records from this breach used in our total: 0

June 7, 2009 T-Mobile USA
Bellevue, Washington
BSO HACK

Unknown

T-Mobile USA is investigating claims that a hacker has broken into its data bases and stolen customer and company information. Someone anonymously posted the claims on the security mailing list Full Disclosure. In that post, the hacker claims to have gotten access to everything -- their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009. They claim they have been in touch with the carrier's competitors trying to sell the data, but have been unsuccessful. They threatened to sell it to the highest bidder. T-Mobile later confirmed a hacker obtained a document.

 
Information Source:
Media
records from this breach used in our total: 0

June 15, 2009 Beam Global Spirits & Wine Inc.
Deerfield, Illinois
BSR INSD

Unknown

Unauthorization access to a human resources payroll database by a former employee exposes names, addresses and Social Security numbers of past and present employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 18, 2009 Suncoast Schools Federal Credit Union
Tampa, Florida
BSF HACK

56,000 Not added to the total because it's included in the huge number already attributed for Heartland.

Some members of Suncoast Schools Federal Credit Union have been notified that their debit card accounts were exposed to fraud. It is the latest casualty of last year's breach of Heartland Payment Systems, one of the country's largest credit card processors, where information from more than 100 million credit and debit card transactions was exposed. Not until the end of May did Suncoast discover that some of its customers who use Visa Check Cards could be in danger. The Tampa credit union is issuing new cards to all members whose accounts were compromised.

 
Information Source:
Media
records from this breach used in our total: 0

June 22, 2009 Baptist Medical Center
Montgomery, Alabama
MED PHYS

Unknown

Many folders that were found in a landfill dump site were labeled "Radiology Department, Baptist Medical Center." Hundreds of medical records were out in the open, all with sensitive information. Sensitive patient information that was thrown out included names, x-rays, ultrasounds, MRIs, and Social Security numbers.  Files from at least five other facilities were found at the same site; however Baptist Medical Center is believed to be the source of the breach.


UPDATE (8/5/08): A former employee of Baptist Hospital has been sentenced to two years and one day in federal prison for wire fraud and stealing the identities of patients, according to a Department of Justice press release. Adrienne Denise Stovall, 30, pled guilty in January to one count of wire fraud and one count of aggravated identity theft, which carries a mandatory sentence of two years. Stovall worked at Montgomery's Baptist Hospital from August 2006 to early 2007. Her position gave her access to the hospital's computer system. The system contained confidential information including patient names, dates of birth, and Social Security numbers. Stovall used the information to apply for credit lines and credit cards.
http://www.justice.gov/usao/alm/press/current_press/2010_05_05_stovall.pdf

 
Information Source:
Media
records from this breach used in our total: 0

June 22, 2009 Broadridge Financial Solutions, Inc.
Jersey City, New Jersey
BSF DISC

Unknown

Broadridge Financial Solutions, Inc. provides proxy services for clients, including the processing, distribution and tabulation of Annual Meeting Proxy materials for registered shareholders of publicly traded companies. The firm inadvertently disclosed Dynegy shareholder information including name, address, Social Security number and other account information to another client. The total number of share-owners affected was not reported.

 
Information Source:
Media
records from this breach used in our total: 0

July 1, 2009 Carrell Clinic
Dallas, Texas
MED HACK

Unknown

An Arlington security guard was arrested on federal charges for hacking into hospital's computer system. The defendant allegedly posted video of himself compromising a hospital's computer system on YouTube. The system and computers contained confidential patient information.

UPDATE (3/18/2011): Phiprivacy.net reports that the former security guard was sentenced to nine years in prison for installing malware.  Jesse William McGraw was employed by the security company United Protection Service while working as a security guard for Carrell Clinic. He was also the leader of a hacker gang.

 
Information Source:
Media
records from this breach used in our total: 0

July 1, 2009 Bike Nashbar
Asheville, North Carolina
BSR HACK

Unknown

custserv@nashbar.com, 1-800-NASHBAR

The company's computer servers were hacked and credit card information was compromised. Letters with more details will be mailed to affected customers.

 
Information Source:
Media
records from this breach used in our total: 0

July 9, 2009 Mountain Medical Center
Salt Lake, Utah
MED PHYS

Unknown

Names, credit card numbers, Social Security numbers were found in a dumpster. A man was throwing away some stuff in a dumpster and found it was chock full of medical records. There's everything in there from canceled checks to routing numbers, he said. Salt Lake Police packed away perhaps twenty boxes of papers, and said they would protect the documents, as they dug into the matter.

 
Information Source:
Media
records from this breach used in our total: 0

July 14, 2009 Leander School District
Leander, Texas
EDU UNKN

Unknown

School officials sent a notice home with special needs students to alert parents that someone gained access to private information. It appears that one individual gained unauthorized electronic access to confidential information.

 
Information Source:
Media
records from this breach used in our total: 0

July 16, 2009 Elance
Mountain View, California
BSO HACK

Unknown

http://www.elance.com/p/trust/account_security.html>http://www.elance.com/p/trust/account_security.html

A warning from Elance's customer service was emailed, saying that the site has been hacked or attacked in some way. The data accessed was contact information - specifically name, email address, telephone number, city location and Elance username. This incident did not involve any credit card, bank account, social security or tax ID numbers.

 
Information Source:
Media
records from this breach used in our total: 0

July 22, 2009 A Honolulu hospital
Honolulu, Hawaii
MED INSD

Unknown

In June 2009, a Hawaii woman was sentenced to a year in prison for illegally accessing another woman's medical records and posting on MySpace that she had HIV. The State of Hawaii brought charges under a state law that criminalizes unauthorized access to a computer as a class B felony. The defendant was employed by a hospital and had access to patient medical records.

 
Information Source:
Media
records from this breach used in our total: 0

July 31, 2009 Jackson Memorial Hospital
Miami, Florida
MED INSD

3,360 (No reports of SSNs or financial information)

A Miami man was charged with buying confidential patient records from a Jackson Memorial Hospital employee over the past two years, and selling them to a lawyer suspected of soliciting the patients to file personal-injury claims.

UPDATE (10/26/10): Ruben E. Rodriquez was sentenced to 11 years in prison for selling patient records to lawyers for injury claims.  Rodriquez stole 3,350 patient records in 2008 and 2009.  He may have also sold information in 2007.  The information included name, contact information and medical diagnoses.

 
Information Source:
Media
records from this breach used in our total: 0

August 11, 2009 Bank of America Corp.
Charlotte, North Carolina
BSF CARD

Unknown

Charlotte-based BofA (NYSE:BAC) and Citigroup (NYSE:C) each recently issued replacement cards to consumers, telling them that their account numbers may have been compromised. Account information from certain Bank of America debit cards may have been compromised at an undisclosed third-party location. Bank officials are not certain if this is a new breach or a previously disclosed one.

 
Information Source:
Media
records from this breach used in our total: 0

August 11, 2009 Citigroup Inc.
New York, New York
BSF CARD

Unknown

Citigroup (NYSE:C) recently issued replacement cards to consumers and told them that their account numbers may have been compromised. Citigroup told credit-card customers in Massachusetts that their account numbers may have been illegally obtained as a result of a merchant database compromise and could be at risk for unauthorized use. Bank officials are not certain if this is a new breach or a previously disclosed one.

 
Information Source:
Media
records from this breach used in our total: 0

August 14, 2009 American Express
New York, New York
BSF INSD

Unknown

Some American Express card members' accounts may have been compromised by an employee's recent theft of data. The former employee has been arrested and the company is investigating how the data was obtained. American Express declined to disclose any more details about the incident. The company has put additional fraud monitoring and protection controls on the accounts at issue.

 
Information Source:
Media
records from this breach used in our total: 0

August 21, 2009 University of Massachusetts
Amherst, Massachusetts
EDU HACK

Unknown

Nearly a year ago, hackers broke into a computer server that contained Social Security numbers and a very limited amount of credit card information for graduates of University of Massachusetts. Hackers gained access to one server on the university's computer system, which held information of students who attended UMass between 1982 and 2002, as well as a few who attended before 1982. A UMass spokesman declined to say how many people's records were exposed, except that it was a large number of undergraduate and graduate students who attended the university during the 20-year period.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 7, 2009 School for the Physical City High School
New York, New York
EDU PHYS

Unknown

Boxes of student records were piled in the street in front of the old home of the School for the Physical City. Some records contained the Social Security numbers, grades, signatures and even psychological reports of former students of the public intermediate high school. The boxes contained hundreds of records and were sitting next to a trash bin filled with old desks and other discarded school supplies. The School for the Physical City moved to a new location over the summer and apparently the records were thrown out with the trash during the relocation.

 

UPDATE (9/12/10): A parent and child are suing the New York City Department of Education.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 14, 2009 Jones General Store/Root of the Hill
Boulder, Colorado
BSR PHYS

Unknown

Boulder police are investigating two burglaries on University Hill that could have compromised some local shoppers' personal and credit card information. A manager for Jones General Store called police to report an overnight break-in and theft of credit card receipts. A short time later, an owner of Root of the Hill, a business in the same building, called officers to report a break-in, theft and extensive vandalism.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 17, 2009 Akron Children's Hospital
Akron, Ohio
MED HACK

Unknown

A 38-year-old Avon Lake, Ohio, man is set to plead guilty to federal charges after spyware he allegedly meant to install on the computer of a woman he'd had a relationship with ended up infecting computers at Akron Children's Hospital. He allegedly sent the spyware to the woman's Yahoo e-mail address, hoping that it would give him a way to monitor what she was doing on her PC. But instead, she opened the spyware on a computer in the hospital's pediatric cardiac surgery department, creating a regulatory nightmare for the hospital. Between March 19 and March 28 the spyware sent more than 1,000 screen captures via e-mail. They included details of medical procedures, diagnostic notes and other confidential information relating to 62 hospital patients. He was also able to obtain e-mail and financial records of four other hospital employees as well, the plea agreement states.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 25, 2009 Tennessee Department of Human Services
Nashville, Tennessee
GOV DISC

Unknown

Various doctors' offices in Tennessee were involved

Doctors' offices in Tennessee have been accidentally sending patient information, including Social Security numbers and medical histories, to an Indiana businessman's fax machine for the past three years. The sensitive medical information was supposed to be sent to the Tennessee Department of Human Services, but the owner of SunRise Solar Inc. in Indiana, says hundreds of confidential medical faxes having been coming to him.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 7, 2009 CLP Skilled Trade Solutions
Palm Springs, Florida
BSO PHYS

Unknown

Boxes full of documents that had the CLP Skilled Trade Solutions logo on them were found in a dumpster in the back of a Newport Café. Some of the information found included Social Security cards, tax papers, driver's licenses and home IDs. Many of the documents were from a company that CLP acquired a few years ago.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 15, 2009 PayChoice
Moorestown, New Jersey
BSF HACK

Unknown

Hackers broke into the company's servers and stole customer user names and passwords. The attackers then included that information in e-mails to PayChoice's customers warning them that they needed to download a Web browser plug-in in order to maintain uninterrupted access to onlineemployer.com. The plug-in was instead malicious software designed to steal the victim's user names and passwords.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 27, 2009 FirstMerit Bank
Streetsboro, Ohio
BSF PHYS

Unknown

 Additional locations; Westlake and Elyria, OH

Police in three Ohio cities are investigating the theft of three large storage bins from bank branches earlier this month. The storage bins were used to store paper waiting to be shredded. Three branches of the FirstMerit Bank in Streetsboro, Westlake and Elyria, OH each reported a bin missing beginning on October 7. One of the three bins contained personal documents of bank customers.

 
Information Source:
Media
records from this breach used in our total: 0

November 6, 2009 MassMutual
Springfield, Massachusetts
BSF HACK

Unknown

According to MassMutual, a "limited amount" of personal employee information maintained in a database by an outside vendor may have been subject to unauthorized access. The vendor engaged a forensics team to investigate, and at this time they believe that no misuse of the information or fraudulent activity involving the data has occurred. This database does not include client or field representative information; it also did not contain personal Social Security or bank account information, according to the company.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 10, 2009 Obsidian Financial Group
Woodbury, New York
BSF INSD

Unknown

A former employee broke into a Woodbury financial services company, photocopied customers' Social Security numbers and bank reference numbers and took the photocopied data with him when he left.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 17, 2009 Nebraska Workers' Compensation Court
Omaha, Nebraska
GOV HACK

Unknown

Someone broke into a server that temporarily held injury reports. Whenever a worker has a job-related injury, a report is filed with the Workers' Compensation Court and the information is temporarily stored on that server. Personal information, including birth dates and Social Security numbers, would have been on the server.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 19, 2009 TAD Gear
San Francisco, California
BSR HACK

Unknown

action@tadgear.com

TAD Gear recently learned that their database was illegally accessed from an external source, and it appears that some customer data was taken, which may include customer names, contact information and credit card data. The possibility of a security breach came to their attention when certain customers notified them that unauthorized charges had appeared on their credit cards. Upon learning of the potential breach of security, TAD Gear immediately initiated an investigation, and took corrective steps.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 20, 2009 University Medical Center
Las Vegas, Nevada
MED INSD

Unknown

Someone at UMC is selling a compilation of the hospital’s daily registration forms for accident patients. This is confidential information — including names, birth dates, Social Security numbers and injuries. Private information about accident victims treated at University Medical Center has apparently been leaking for months; allegedly so ambulance-chasing attorneys could mine for clients.


UPDATE (4/29/10): A man was indicted today by a federal grand jury in an alleged conspiracy to pay a University Medical Center employee for private information about traffic accident victims that was used to drum up clients. The man was indicted on one count of conspiracy to illegally disclose personal health information, in violation of the Health Insurance Portability and Accountability Act, better known as HIPAA. Between January and November 19, 2009 the man allegedly conspired with people, including a UMC employee, to use hospital "face sheets" to solicit personal injury cases for attorneys. The UMC employee faxed the registration sheets of trauma patients to the man on at least 55 occasions and was paid about $8,000, the indictment said. The U.S. Attorney's press release said the man has been summoned for a May 14 hearing. If convicted, he faces up to five years in prison and a $250,000 fine.

UPDATE (5/11/2011): A man responsible for the breach was sentenced to 33 months in prison and three years of supervised release.  He had been charged with conspiracy to illegally disclose personal health information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 21, 2009 Notre Dame University
Notre Dame, Indiana
EDU DISC

Unknown

Notre Dame is warning university employees to keep an eye on their bank accounts after a security breach. Personal information of some past and current employees - including name, Social Security number and birth date - was accidentally posted onto a public website. The error was corrected and the information removed from the website.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 24, 2009 ACORN
San Diego, California
BSO DISC

Unknown

Documents that contained personnel information were accidentally thrown away in a dumpster. San Diego staff members were doing an office clean-up in preparation for a major 10-station phone bank program being set up in their offices; it appears that included in the piles of garbage being thrown out there were some documents containing private information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 29, 2009 Salem Housing and Community Services
Salem, Oregon
GOV DISC

Unknown

Sloppy handling of confidential records by a state agency in Salem left people's names, Social Security numbers, ages and addresses exposed in an open recycling bin outdoors. In a separate security lapse by another state agency, confidential records with the names and Social Security numbers of former state parks and recreation employees landed in the same recycling bin.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 4, 2009 MedSolutions
Raleigh, North Carolina
MED DISC

Unknown

For a period of time that has not been clearly defined the name, address, email, and taxpayer ID number (which in some cases is the physician’s Social Security number) for an undetermined number of NC physicians could be viewed on the MedSolutions website. Access to this information apparently was not limited to physicians or physician staff. Based on the information available at the time of this posting, any person with an email address could enter physician names and view the information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 15, 2009 The Beijing Center for Chinese Studies
Chicago, Illinois
EDU PORT

Unknown


(877) TBS-5060
http://www.thebeijingcenter.org/securityqns

The theft of a laptop exposed applications for study abroad students. Names and Social Security numbers were exposed. An unknown number of NH residents were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 15, 2009 RockYou
Redwood City, California
BSR HACK

32 million (No SSNs or financial information reported)

The security firm Imperva issued a warning to RockYou that there was a serious SQL Injection flaw in their database. Such a flaw could grant hackers access to the service's entire list of user names and passwords in the database. Imperva said that after it notified RockYou about the flaw, it was apparently fixed over the weekend. But that's not before at least one hacker gained access to what they claim is all of the 32 million accounts; 32,603,388 to be exact. The database included a full list of unprotected plain text passwords and email addresses.

UPDATE (4/21/2011): The 32 million email addresses and passwords exposed include log in information from social networking sites like Facebook and MySpace.  

On April 18, 2011 a court ruled that the loss of information caused injury. The court determined that "the unauthorized disclosure of personal information via the Internet is itself relatively new, and therefore more likely to raise issues of law not yet settled in the courts."  The court also found that RockYou.com's privacy policy language, which stated that RockYou.com's servers were secure, did not automatically preclude the plaintiff's allegation that a contract had been breached because the plaintiff alleged that the servers were not secure.

UPDATE (3/27/2012): The Federal Trade Commission is alleging that RockYou violated the Children's Online Privacy Protection Act Rule (COPPA Rule) by collecting information from approximately 179,000 children.  A proposed FTC settlement order requires RockYou to pay a civil penalty of $250,000 to settle COPPA charges. In addition to the penalty, the company would be barred from future deceptive claims regarding company privacy and data security, required to implement and maintain a data security program, and barred from future violations of the COPPA rule.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 1, 2010 Netflix
Los Gatos, California
BSO UNKN

100 million not added to total

A class action suit was filed against Netflix, Inc., in United States District Court for the Northern District of California. Plaintiffs in the suit are claiming that Netflix has “perpetrated the largest voluntary privacy breach to date.” According to the Complaint, Netflix knowingly and voluntarily disclosed the sensitive and personal information of approximately 480,000 Netflix subscribers when Netflix provided participants in a contest initiated to improve Netflix’s movie recommendation systems with data sets containing over 100 million subscriber movie ratings and preferences. Netflix has claimed that the data sets provided to the contest participants were anonymized and that the subscribers’ movie ratings were accompanied only by “a numeric identifier unique to the subscriber” (as opposed to the subscriber’s name or other personal information). However, the complaint cites the results of several researchers who, in fact, were able to crack Netflix’s anonymization process and identify individual subscribers.

 
Information Source:
Media
records from this breach used in our total: 0

January 12, 2010 Valley Kaiser, Kaiser Permanente
Sacramento, California
MED PORT

15,500 (No SSNs or financial information reported)

Additional location: Fresno, CA

An electronic storage device stolen from an employee's car in Sacramento last month contained health information from 15,500 patients, including about 800 in the Fresno area. Information included patient names, medical-record numbers and, for some individuals, ages, dates of birth, gender, phone numbers and other information related to their care and treatment.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 14, 2010 Defense Finance and Accounting Service/ Defense Department’s Document Automation and Production Service
Arlington, Virginia
GOV DISC

18,000 Not added to total No Social Security numbers or financial information was on the statements

An error at the U.S. Department of Defense Document Automation and Production Service caused pay statements containing names and sensitive information about the finances of about 18,000 recipients of a special pay for disabled retirees to be sent to wrong addressees. The statements, a page of which contained information about annual increases in Concurrent Retirement and Disability Pay, mistakenly listed data including at least a portion of another recipient’s name, their bank or insurance company name, the amount of their allotment and the allotment type. There is “no indication” that any Social Security numbers, bank account numbers or phone numbers were listed on the erroneously mailed pages.

 
Information Source:
Media
records from this breach used in our total: 0

January 18, 2010 City of Oakridge
Oakridge, Oregon
GOV DISC

Unknown

A list of the names, addresses and Social Security numbers of employees of the City of Oakridge was sent out with monthly water bills. The town has about 1,400 households. The city has signed up all employees for a credit monitoring service. The city does not know how many people received the list of employee information in a newsletter included with their water bill.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 27, 2010 University of California, San Francisco (UCSF) School of Medicine
San Francisco, California
MED PORT

7,300 (No SSNs or financial information reported)

A laptop containing files with information on 4,400 patients was stolen from a UCSF School of Medicine employee. Information “potentially exposed” included name, medical record number, age and clinical information, but the stolen laptop did not contain any Social Security numbers or other financial data. The same laptop also contained data for approximately 2,900 patients at Beth Israel Deaconess Medical Center in Boston

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 27, 2010 Department of Commerce
Washington, District Of Columbia
GOV DISC

Unknown

A Department of Commerce employee inadvertently transmitted over the Internet a file containing the Personally Identifiable Information (PII) of Commerce employees to other Department employees. Although the Department employees were authorized to send and receive the PII, the transmission of the PII over the Internet in unencrypted form may have compromised their name and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 15, 2010 West Memphis Police Department
Memphis, Tennessee
GOV INSD

Unknown

FBI is investigating, after the security of the West Memphis Police Department's computer network was apparently compromised. The FBI had information that somebody had used a computer that shouldn't have used it. The suspect in the breach was a detective in the police department. Files containing the names and Social Security numbers of police department employees were stored on the computer network, making the employees vulnerable to identity theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 16, 2010 Eclipse Property Solutions
St. Petersburg, Florida
BSO INSD

Unknown

A St. Petersburg man has been charged with stealing customers' credit card numbers from a marketing company he worked for to buy nearly $30,000 in dinners, limos and other luxuries. The man and another employee listened from their cubicles as co-workers repeated customer credit card information aloud to confirm accounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 17, 2010 Cardiology Consultant Inc.
Pensacola, Florida
MED PORT

8,000 Not included in total because Social Security numbers and financial information not involved.

Cardiology Consultants Inc. today reported that a laptop used to process ultrasound images was stolen from one of its Pensacola offices. The computer did not contain patient financial information or Social Security numbers. The stolen computer did contain the first and last names, dates of birth, medical record numbers, exam dates and in some cases, the reason for the ultrasound.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 17, 2010 Dairy Queen
Hanceville, Alabama
BSO HACK

Unknown

Hanceville police are cautioning residents to be on guard against a sophisticated debit card wire scam that has leached hundreds of thousands of dollars from customers whose card numbers have been stolen remotely from pay terminals at one or more local businesses. The primary target in the theft so far has been the Dairy Queen restaurant. It's unsure whether this is ultimately involving other businesses. At the Dairy Queen location, somebody has apparently tapped into the Internet server and hacked into the debit card system. They are printing the customers’ debit card numbers and using them all over California and Georgia.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

Breach Total
868,045,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,347 DATA BREACHES made public since 2005
Showing 301-350 of 4347 results


X

Sign In!

Loading