Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,421 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
February 4, 2010 Ceridian Corporation
Bloomington, Minnesota
BSF HACK

27,000

A hacker attack at payroll processing firm Ceridian Corp. of Bloomington has potentially revealed the names, Social Security numbers, and, in some cases, the birth dates and bank accounts of 27,000 employees working at 1,900 companies nationwide. In a Jan. 29 letter to an affected worker obtained by the Star Tribune, Ceridian said a hacker attacked its Internet payroll system Dec. 22 and 23.

UPDATE (6/1/2011): The Federal Trade Commission reached a settlement agreement with Ceridian.  According to the FTC, Ceridian did not adequately protect its network from reasonably foreseeable attacks and failed to encrypt the sensitive personal information that was stored on its network.  The settlement requires the company to establish a comprehensive information security program and to undergo 20 years of independent security audits.  Ceridian provides payroll and HR services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

April 18, 2014 University Pittsburgh Medical Center
Pittsburgh, Pennsylvania
MED HACK

27000

The University Pittsburgh Medical Center (UPMC) informed employees of a data breach that compromised employee's personal data, including their Social Security number and  the potential for fraudulent tax returns being filed in their name.

The number of employees affected was approximately 800. The full extent of the information exposed has not been communicated, however, due to the tax fraud, information such as names, addresses and Social Security numbers were assumed to be involved.

UPMC was aware of the breach in February and thought that the breach included only 27 individuals, but soon became aware that the breach was much larger. An investigation is currently being conducted.

UPDATE (4/21/2014): The extent of the data breach at UPMC thought to be around 800 employees, is much more extensive than originally believed. The current numbers are around 27,000 employees affected. UPMC is offering Lifelock for 12 months for those affected. A letter went out to those individuals with the information. For additional questions, UPMC has provided a toll free hotline (1-855-306-8274) or email JohnHouston@upmc.edu. A class action lawsuit has been filed against UPMC.

UPDATE (5/14/2014): On Friday May 9, 2014 the law firm of Kraemer, Manes & Associates sued University Pittsburgh Medical Center (UPMC) and Ultimate Software Group of Weston, Fla., over the loss of employee data and subsequent identity thefts. They are seeking class-action status in U.S. District Court, and would represent current and former UPMC employees who have been affected by the breach.

 
Information Source:
Media
records from this breach used in our total: 27,000

July 13, 2012 American Express Travel Related Services Company, Inc. (AXP)
Los Angeles, California
BSF CARD

27,257

A man was arrested in his Los Angeles home for allegedly purchasing and using stolen payment card numbers.  The credit and debit card numbers from American Express, Visa, MasterCard, and Discover were in the man's possession between January 11, 2012 and February 26, 2012.  The payment card numbers came from hacking the computer systems of a restaurant and a restaurant supply business in the Seattle area.  Two people who were associated with the hacking incidents had already been arrested. The man who purchased the payment card numbers is charged with conspiracy to access protected computers to further fraud, to commit access device fraud, and to commit bank fraud; eight counts of bank fraud; six counts of access device fraud; five counts of aggravated identity theft; and two counts of accessing a protected computer without authorization.

UPDATE (07/20/2012): Customer names and payment card expiration dates were also compromised.

 
Information Source:
Databreaches.net
records from this breach used in our total: 27,257

June 23, 2006 U.S. Navy
Washington, District Of Columbia
GOV UNKN

28,000

Navy personnel were notified on June 22 that a civilian website contained files with personal information of Navy members and dependents including names, birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

November 7, 2007 Carolinas Medical Center, NorthEast
Concord, North Carolina
MED PORT

28,000

A paramedic left a computer on the back bumper of an ambulance and then drove away. The laptop contains names, addresses, phone numbers and Social Security numbers of approximately 28,000 people who have been cared for by the Cabarrus County EMS over the last four years.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

March 18, 2009 Walgreens Health Initiative
Deerfield, Illinois
MED DISC

28,000

(866) 292-9063

Names, dates of birth and Social Security numbers of roughly 28,000 state retirees were e-mailed to the Kentucky Retirement Systems without being properly encrypted for security purposes by its pharmacy benefit provider. The e-mail contained dates of birth, Social Security numbers and health insurance claim numbers but not personal health information. The file contained information only on members who were both Medicare-eligible and used the retiree pharmacy benefit through Walgreens in 2007.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

May 18, 2009 NJ Department of Labor and Workforce Development
Trenton, New Jersey
GOV DISC

28,000

Unemployed New Jersey residents may have had their name and Social Security number accidentally delivered to an employer for which you did not work. The error occurred when department staff last month sent first-quarter reports to businesses that included a list of former employees receiving unemployment benefits. Because some companies had laid off a significant number of employees, the reports were longer than usual, requiring staff members to stuff the envelopes by hand rather by machine. Some reports were placed in the wrong envelopes.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

May 30, 2012 American Pharmacist Association (APhA), Pharmacist.com
Washington, District Of Columbia
NGO HACK

28,000

Hackers associated with the group Anonymous posted donations, emails, personal account information, server information, and other information from APhA's online database.  The hackers also claim to have accessed the records of 16,000 patients by hacking the website, but did not post that information. Anonymous claims that the organization was targeted due to its connection to government officials.

UPDATE (6/09/2012): Some names and addresses were also posted.  The data posted included information on over 28,000 visitors, donors, and members.

UPDATE (07/18/2012): The website was defaced on May 28.  APhA immediately noticed and shut down the website and related computer servers.  However, names, addresses, and credit card information (excluding security codes) stored on computer servers may have been accessed between April 23 and May 28.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

April 1, 2008 Okemo Mountain Resort
Ludlow, Vermont
BSO HACK

28,168

(866) 756-5366

The Ludlow ski area announced that its computer network was breached by an intruder who gained access to credit card data including cardholder names, account numbers and expiration dates.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,168

August 22, 2006 Beaumont Hospital
Troy, Michigan
MED PORT

28,473

A vehicle of a home health care nurse was stolen from outside a senior center Aug. 5. Although it was recovered nearby, a laptop left in the rear of the car was not recovered. It contained names, addresses, SSNs, and insurance information of home health care patients.

UPDATE (8/23/06). The laptop was returned Aug. 23 by a woman who said she found it in her yard.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,473

June 5, 2007 vFinance Investments Inc.
Boca Raton, Florida
BSF HACK

29,000

A database that contained customer information was accessed through the www.vfinance.com website by an unauthorized person. The goal of the attack seems to have been to deface the website.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 29,000

December 28, 2012 Gibson General Hospital
Princeton, Indiana
MED PORT

29,000

The November 27 theft of a laptop may have resulted in the exposure of patient information.  Names, Social Security numbers, addresses, and clinical information may have been exposed.  Patients who have received services since 2007 may have been affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 29,000

October 10, 2013 City of Wichita - Electronic Procurement Website
Wichita, Kansas
GOV HACK

29,000

Hackers accessed the city of Wichita's electronic procurement website.  Current and former vendors who had worked with the city and employees who had been reimbursed for expenses  since 1997 were affected.  Social Security numbers, taxpayer ID numbers, and bank account information may have been exposed.

UPDATE (11/22/2013): This breach was a result of the Dun & Bradstreet Credibility Corp. breach.  Nearly 29,000 local vendors and employers were affected by the hacking incident that occurred during the weekend of October 5.

 
Information Source:
Media
records from this breach used in our total: 29,000

February 6, 2009 Kaiser Permanente
Oakland, California
MED INSD

29,500

(877) 281-3573

A law enforcement agency seized a computer file with Kaiser data from a person who was subsequently arrested. The suspect was not a Kaiser employee. Kaiser Permanente is notifying nearly 30,000 Northern California employees that the security breach may have led to the release of their personal information. The stolen information included names, addresses, dates of birth and Social Security numbers for Kaiser employees.

UPDATE (9/28/2011): A former benefits clerk from Service Employees International Union-affiliated United Healthcare Workers West (SEIU-UHW) was sentenced to 12 years and four months in prison for stealing Kaiser union employee information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 29,500

April 22, 2014 Iowa State University
Ames, Iowa
EDU HACK

29,780

Iowa State University has reported a data breach of one of their systems that exposed a large amount of data of individuals who were enrolled in the university over the past 17-year period.

Social Security numbers of approximately 30,000 people who enrolled in certain classes between 1995 and 2012 along with university ID numbers for nearly 19,000 additional people. Authorities believe that the person or persons motivation was apparently to generate enough computing power to create the virtual currency bitcoin.

The university is offering AllClear ID for 12 months free for those whose Social Security numbers were affected. AllClear representatives can be reached at 1-877-403-02811-877-403-0281.

Here is the link to the universities information regarding the breach http://www.news.iastate.edu/news/2014/04/22/serverbreach

For those who suspect fraud or question whether a request you receive is legitimate, please contact the ISU Foundation at 515-294-4607515-294-4607, the ISU Alumni Association at 515-294-6525515-294-6525, or Iowa State’s computer security team at serverbreach@iastate.edu.

 
Information Source:
Media
records from this breach used in our total: 29,780

January 24, 2008 Fallon Community Health Plan
Worcester, Massachusetts
MED PORT

29800

A vendor computer containing personal information on patients of Fallon Community Health Plan has been stolen. The data included names, dates of birth, some diagnostic information and medical ID numbers. Some of which may be based on Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 29,800

May 18, 2005 University of Iowa
Iowa City, Iowa
EDU HACK

30,000

A computer containing credit card numbers and campus ID numbers for University Book Store customers was breached by a hacker.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

June 16, 2006 Union Pacific
Omaha, Nebraska
BSO PORT

30,000

On April 29th, an employee's laptop was stolen that contained data for current and former Union Pacific employees, including names, birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

January 13, 2007 North Carolina Department of Revenue
Raleigh, North Carolina
GOV PORT

30,000 taxpayers

A laptop computer containing taxpayer data was stolen from the car of a NC Dept. of Revenue employee in mid-December. The files included names, SSNs or federal employer ID numbers , and tax debt owed to the state.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

August 15, 2007 Sky Lakes Medical Center, Verus Inc.
Klamath Falls, Oregon
MED DISC

30,000

The company that maintained the hospital's online bill payment system, transferred patient information from one server to another to perform maintenance but didn't take security measures, leaving information such as names, addresses and Social Security numbers exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

February 12, 2008 Long Island University
Brookville, New York
EDU PHYS

30,000

Students tax forms mailed to them last week in were in defective mailers. The mailers containing each student's annual 1098-T Tuition Statement were supposed to have adhesive on all four sides. But one side of each envelope was missing adhesive. The statement contains the student's name, address and Social Security number.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

March 20, 2008 Pennsylvania Department of State
Harrisburg, Pennsylvania
GOV DISC

30,000

The state was forced to pull the plug on a voter registration Web site after it was found to be exposing sensitive data about voters. Because of a Web programming error, the Web site was allowing anyone on the Internet to view data such as the voter's name, date of birth, driver's license number, and political party affiliation. On some forms, the last four digits of Social Security numbers could also be seen.

 
Information Source:
Media
records from this breach used in our total: 30,000

July 16, 2009 Moores Cancer Center
San Diego, California
MED HACK

30,000

A hacker breached the Center's computers and gained access to patients' personal information.  A letter was sent to 30,000 patients informing them that their personal information may have been in the compromised databases.  Types of information in breach included names, dates of birth, medical record number, diagnosis and treatment dates and some Social Security numbers.  The majority of patients' information did not include Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

December 23, 2009 Penn State University
University Park, Pennsylvania
EDU HACK

30,000

The University sent out letters notifying those potentially affected by malware infections, which are believed responsible for breaches. The areas and extent of the records involved in the malicious software attack included Eberly College of Science, 7,758 records; the College of Health and Human Development, 6,827 records; and one of Penn State's campuses outside of University Park, approximately 15,000 records.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

October 27, 2010 Houston Independent School District (HISD)
Houston, Texas
EDU HACK

232,000 (30,000 employees)

The HISD may have experienced a hacking incident over the weekend of October 24.  Employees and students were unable to access the Internet, online classes and email until late Tuesday afternoon.  Payroll information of workers and academic information of students may have been compromised along with other personal information.

UPDATE (12/2/10): HISD announced an overhaul of the computer system following the breach. Private employee, vendor and student data dating back 10 years could have been accessed by the hacker. Investigators have determined that the private data of one HISD student was viewed by the hacker.  The investigation is ongoing.

 
Information Source:
Databreaches.net
records from this breach used in our total: 30,000

September 22, 2005 Internal Revenue Service (IRS)
San Francisco, California
GOV PHYS

30,000

Taxpayers in Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Ohio, Oregon, Utah, Virginia, Washington and Wyoming may have been affected.

A truck carrying checks with tax information for the self-employed was involved in an accident on the San Mateo Bridge. Wind blew about 30,000 pieces of mail into the bay and beyond. The IRS agreed to waive penalties and interest for anyone whose payment was affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

October 29, 2006 New York University
New York, New York
EDU PORT

30,000

Backup CDs from the Continuing Medical Education program at NYU Medical Center were lost or stolen.  Names, Social Security numbers, addresses, telephone and fax numbers, student ID numbers, debit or credit card information and degree information for students participating in the program between 1999 and the discovery of the loss may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

March 19, 2012 Kaiser Foundation Health Plan
Oakland, California
MED DISC

30,000

Someone purchased a hard drive in September of 2011 and immediately notified law enforcement that it contained confidential information.  The external hard drive did not come from a Kaiser Permanente office.  It contained employee data that was as recent as 2009.  Current and former employees may have had their names, Social Security numbers, dates of birth, and addresses exposed. There is no evidence that the information from the hard drive was used for illegal purposes as of March of 2012.

UPDATE (3/22/2012): The external hard drive was purchased at a thrift store.  Phone numbers, pay stubs, COBRA Error, Trust Fund Paid Hours, or Fidelity Savings Plan Deduction reports may have also been on the hard drive.

UPDATE (4/16/2012): At least one source lists the total number of affected current and former employees as 30,000.

UPDATE (2/4/2014): Attorney General Kamala Harris has agreed to drop a data breach lawsuit against the Oakland based managed care provider, Kaiser, if they agreed to a $150,000 fine paid to the state and improved their information handling practices.

Originally the suite contended that the health care provider violated the three-month notification law. Kaiser learned of the violation in December 2011 but did not send letters to 20,539 affected Californians until mid-March 2012. The law requires data-holders disclose any breach "in the most expedient time possible and without unreasonable delay".

 

 
Information Source:
California Attorney General
records from this breach used in our total: 30,000

March 16, 2012 University of Tampa
Tampa, Florida
EDU DISC

30,000

A server management error caused files containing sensitive information to be made publicly accessible between July of 2011 and the breach's discovery on March 13, 2012.  A classroom exercise revealed that the information was compromised and the University of Tampa's IT office was immediately informed of the discovery.  The University of Tampa then notified Google and asked that the cached file be removed from the search engine.

One file included 6,818 records of students who attended in Fall of 2011.  Two other files contained the information of an additional 29,540 people and included University ID numbers, names, Social Security numbers, and photos.  Some people also had their dates of birth exposed.The IT office at the University of Tampa concluded that the files had only been accessed by the people who reported the breach.

UPDATE (3/22/2012): Additionally, 22,722 current and former faculty, staff, and students who were associated with the University between January 29, 2000 and July 11, 2011 may have had their information exposed. The IT office confirmed that these files had only been accessed by University insiders as well. The University will not cover the cost of credit monitoring services for those who were affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 30,000

February 6, 2014 The Home Depot
Atlanta, Georgia
BSR INSD

30000

Three Home Depot employees were arrested for allegedly stealing personal information of some 300 employees, and were initially detected last fall and those employees whose files were notified of the breach. One of the three employees was caught using her Home Depot email to send the stolen information.

Security investigators fear that this breach may have affected as manay as 20,000 individuals. Information stolen included Social Security numbers and birthdates. Allegedly the employees opened numerous fraudlent accounts with the stolen personal information.

UPDATE (5/30/2014): Originally it was reported that up to 20,000 individuals may have been affected by this security breach. The number has now been increased to 30,000 individuals may have been affected. The first report that came out reported three Home Depot employees were involved, but according to the disclosure document sent on behalf of The Home Depot Corporation, one individual was arrested and The Home Depot will seek prosecution of the individual to the fullest extent of the law.

 
Information Source:
Media
records from this breach used in our total: 30,000

March 23, 2007 Group Health Cooperative Health Care System
Seattle, Washington
MED PORT

31,000

http://www.ghc.org/news/news.jhtml?reposid=/common/news/news/20070323-missing_laptops.html

Two laptops containing names, addresses, Social Security numbers and Group Health ID numbers of local patients and employees have been reported missing.

 
Information Source:
Dataloss DB
records from this breach used in our total: 31,000

September 22, 2009 Sagebrush Medical Plaza/Kern Medical Center
Bakersfield, California
MED PHYS

31,000

Thousands of patients at a Kern County health clinic have been warned their personal information could have been stolen. A break-in happened at the Sagebrush Medical Plaza in July, and Kern Medical Center officials have notified 31,000 patients to take precautions against possible identity theft. One or more unknown individuals broke into a locked storage area that contained confidential patient information. All patient information has now been moved to a location inside the clinic building.

 
Information Source:
Dataloss DB
records from this breach used in our total: 31,000

March 4, 2011 University of South Carolina
Sumter, South Carolina
EDU HACK

31,000

A computer security problem may have exposed the information of faculty, staff, retirees and students on eight University system campuses. Social Security numbers and other private information could end up on the internet.

 
Information Source:
Databreaches.net
records from this breach used in our total: 31,000

July 31, 2005 California State Polytechnic University (Cal PolyPomona)
Pomona, California
EDU HACK

31,077

Hackers gained access to two computers containing names, Social Security numbers and transfer records.  Applicants, current students, current and former faculty, and staff were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 31,077

May 13, 2011 Anthem Blue Cross
Westlake Village, California
BSF DISC

31,125

Letters soliciting dental and vision coverage were mailed to current Anthem customers.  A priority code composed of the customer's Social Security number and two extra digits was printed on the outside of each envelope.  One customer noticed the error and contacted the media.  Anthem admits that an error occurred, but did not reveal the cause. Anthem is working to prevent this type of breach from happening again and was in the process of notifying customers of the error as of May 12. 

UPDATE (10/01/2012): Anthem experienced the marketing mailer error on April 27, 2011.  The State of California settled with Anthem in September of 2012. Anthem agreed to pay $150,000 and to make significant improvements to its data security procedures to prevent future errors of a similar type..

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 31,125

February 8, 2007 District Council 37 Health and Security Plan of New York City
New York, New York
GOV PORT

31,500

A CD containing prescription drug data was discovered missing from the organization's files.  People who had their prescription drugs filled through DC 37's prescription drug benefits plan may have had their names and Social Security numbers exposed.  Prescription information from between February 13 and February 22 of 2006 (the previous year) was also exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 31,500

October 13, 2011 The Social Security Administration
Washington, District Of Columbia
GOV DISC

31,931

It appears that the Social Security Administration accidentally releases the names, Social Security numbers, and birth dates of thousands of living U.S. citizens each year in a database called the "Death Master File".  Social Security officials revealed that the number of U.S. citizens mistakenly listed each year is about 14,000, while 90 million are accurately reported.  A Scripps Howard News Service review of three recent copies revealed 31,931 living U.S. citizens who'd had their Social Security numbers released to U.S. business groups.

 
Information Source:
Databreaches.net
records from this breach used in our total: 31,931

January 10, 2005 George Mason University
Fairfax, Virginia
EDU HACK

32,000

Names, photos, and Social Security numbers of 32,000 students and staff were compromised because of a hacker attack on the University's main ID server.

 
Information Source:
Dataloss DB
records from this breach used in our total: 32,000

April 12, 2006 Ross-Simons
Providence, Rhode Island
BSR HACK

32,000

A security breach exposed account and personal information of those who applied for Ross-Simons' private label credit card. Information exposed includes private label credit card numbers and other personal information of applicants.

 
Information Source:
Dataloss DB
records from this breach used in our total: 32,000

August 8, 2013 M2ComSys, Cogent Healthcare, Inc.
Brentwood, Tennessee
MED DISC

32,000

Cogent Healthcare offices across the country, Cogent Medical Care, Endion Medical Healthcare (Endion SeniorCare), Parkview Community Hospital Medical Center, Inpatient Specialists of Southwest Florida, and Comprehensive Hospital Physicians of Florida were affected.

M2ComSys (M2), a medical transcription company, stored physicians' notes for Cogent Healthcare.   It was discovered that the online system that stored the notes could be accessed.  Patient care notes with names, physician names, dates of birth, diagnosis descriptions. summary of treatment, medical history, medical record numbers, and other medical information were exposed.  The notes could have been accessed on May 5, 2013 and improper access to the site ended on June 24, 2013.  M2 no longer provides services for Cogent Healthcare.

UPDATE (9/17/2013): At least 32,000 patients were affected across all medical centers.  

 
Information Source:
California Attorney General
records from this breach used in our total: 32,000

July 30, 2010 FIrst Advantage Tax Consulting Services (TCS)
Indianapolis, Indiana
BSF PORT

32,842

A laptop that contained personal information was lost or stolen during an airport layover.  The Social Security numbers of people who were employed by companies that used TCS for tax help were on the laptop. The laptop did have a password and after it was lost its access to TCS's network was blocked.

 
Information Source:
Databreaches.net
records from this breach used in our total: 32,842

July 30, 2005 San Diego County Employees Retirement Association
San Diego, California
GOV HACK

33,000

Two computers that contained personal information for current and retired San Diego County employees were hacked.  The information included names, addresses, Social Security numbers, and dates of birth.  The San Diego Retirement Association mailed warnings to members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 33,000

August 7, 2007 Merrill Lynch
Hopewell, New Jersey
BSF UNKN

33,000

A computer device apparently was stolen containing sensitive personal information, including Social Security numbers, about some 33,000 employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 33,000

August 5, 2008 The Clear Program Fast-pass Registered Travel program for airline passengers, operated by Verified Identity Pass for the U.S. Transportation Security Admin.
New York, New York
BSO PORT

33,000

A laptop containing personal information for about 33,000 people was reported stolen in a possible security breach for the Clear Program. The laptop was stolen at San Francisco International Airport. The stolen information included names, addresses, dates of birth, and driver's license numbers or passport numbers.

 
Information Source:
Media
records from this breach used in our total: 33,000

October 15, 2009 Halifax Health
Daytona Beach, Florida
MED PORT

33,000

A laptop computer from a Halifax Health employee's vehicle in Orange County was stolen -- which might have contained password protected patient information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 33,000

August 22, 2014 Cedars-Sinai Medical Center, Los Angeles
Los Angeles, California
MED PORT

33,136

Cedars-Sinai Medical Center in Los Angeles California has reported a data breach of at least 500 patients at the facility when an employees laptop computer was stolen from their home during a burglary in June 2014. The laptop was password protected.

The records on the laptop included specific patient data such as lab testing, treatment and diagnosis, Social Security numbers and other personal information.

More Information: http://www.latimes.com/business/la-fi-cedars-breach-20140823-story.html

UPDATE (10/3/2014): The data breach that occurred when an employee laptop was stolen, contained many more files than what was originally reported by the hospital. When the breach was made public, Cedars-Sinai hospital reported that 500 patient files were on the stolen laptop. After an investigation, the laptop actually contaned personal information on  33,136 patients.

More Information: http://www.latimes.com/business/la-fi-cedars-data-breach-20141002-story....

 
Information Source:
Media
records from this breach used in our total: 33,136

August 22, 2005 U.S. Air Force
Washington, District Of Columbia
GOV HACK

33,300

A hacker used a legitimate user ID and password to access career information, birth dates, and Social Security numbers.  Those affected were notified several months after the breach was discovered.

 
Information Source:
Dataloss DB
records from this breach used in our total: 33,300

September 4, 2007 Pfizer
New York, New York
BSO INSD

34,000

(866) 274-3891

A security breach may have caused employees' names, Social Security numbers, addresses, dates of birth, phone numbers, bank account numbers, credit card information, signatures and other personal information to be publicly exposed. The breach occurred late last year when a Pfizer employee removed copies of confidential information from a Pfizer computer system without the company's knowledge or approval. Pfizer didn't become aware of the breach until July 10.

 
Information Source:
Dataloss DB
records from this breach used in our total: 34,000

December 21, 2006 Goal Financial, LLC
San Diego, California
BSF STAT

34,000

The location listed is the headquarters. It is not clear where the incident took place.

A portion of borrowers' names and Social Security numbers were on four hard drives that were accidentally sold before being wiped clean. Employees transferred more than 7,000 files with consumer information to third parties without authorization, and one employee sold the hard drives to the public surplus. The hard drives were retrieved after the mistake was realized on June 13. Affected individuals were notified in June. The student loan company agreed to settle FTC charges in December. The company violated the FTC's Privacy Rule by failing to take reasonable and appropriate measures to protect personal information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 34,000

July 7, 2011 Morgan Stanley Smith Barney, New York State Department of Taxation and Finance
Albany, New York
BSF PORT

34,000

Two CD-ROMs were lost after being mailed from Morgan Stanley to the New York State Department of Taxation and Finance.  It is not clear if the CDs were never shipped, fell out of the packaging during shipping, or were lost after being received by the New York State Department of Taxation and Finance. The affected Morgan Stanely clients had their names, addresses, account and tax identification numbers, and income earned on Morgan Stanley investments in 2010 exposed.  Some clients also had their Social Security numbers exposed.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 34,000

Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,421 DATA BREACHES made public since 2005
Showing 3951-4000 of 4421 results


X

Sign In!

Loading