Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
872,715,019 RECORDS BREACHED
(Please see explanation about this total.)
from 4,391 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
February 19, 2014 University of Maryland
College Park, Maryland
EDU HACK

309,079

The University of Maryland, located in College Town Maryland, had one of their records databases hacked Tuesday January 18, 2014 around 4:00 a.m by an outside source.

This particular database holds information dating back to 1998 and includes names, Social Security numbers, dates of birth and university identification numbers for 309,079 people affiliated with the school at their College Park and Shady Grove campuses.

The hackers did not alter anything in the actual database, but apprarently have made a "copy" of the information. The university commented at how sophisticated the attack was by the hacker or hackers and they must have had a "very significant understanding" of how the database was designed and maintained, including the level of encryption and protection of the database.

According to the university President, school officials are investigating the breach and taking steps to prevent any further system intrusions.

The college has put out the following statements:

"The University is offering one year of free credit monitoring to all affected persons. Additinoal information will be communicated within the next 24 hours on how to activate this service.

University email communications regarding this incident will not ask you to provide personal information. Please be cautious when sharing personal information.

All updates regarding this matter will be posted to this website.  If you have any questions or comments, please call our special hotline at 301-405-4440 or email us at datasecurity@umd.edu".

 

 
Information Source:
Media
records from this breach used in our total: 309,079

June 29, 2006 Nebraska Treasurer's Office
Lincoln, Nebraska
GOV HACK

309,000

A hacker broke into a child-support computer system and may have obtained names, Social Security numbers and other information such as tax identification numbers for 9,000 businesses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 309,000

January 9, 2007 Towers Perrin
New York, New York
BSF INSD

300,000

 

Around 18,000 past and present employees, presumably of Altria, and 6,300 employees of Philip Morris were affected.

 

Five laptops were stolen from Towers Perrin, allegedly by a former employee. The theft occurred Nov. 27, 2006. The computers contain names, SSNs, and other pension-related information, presumably of several companies, although news reports are not clear. Companies named include Altria (unknown number, possibly 18,000 employees) and Philip Morris (6,300 employees).

UPDATE (1/11/07): NY police arrested a junior-level administrative employee of the company in the theft of the laptops.

UPDATE (2/6/09): It now appears that 300,000 people were affected.  Additional companies include Citigroup, Time Warner, United Technologies, Prudential Financial, Random House, Stanley Inc., Bertelsmann Services Inc., Lloyd's Register Group, AGL Resources Inc., Salvage Association, The Nielsen Company, Major League Baseball, Unilever, Harlequin Holdings, Celanese Americas Corporation, The Interpublic Group, Dover Corporation, Continuum Health Partners, Maersk Inc./P&O Nedlloyd, Roman Catholic Diocese of Brooklyn, Cambrex Corporation, Strategic Industries, Shorewood, Swiss International Air Lines, LTD, Alpharma Inc.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300,000

May 19, 2007 Illinois Dept. of Financial and Professional Regulation
Chicago, Illinois
GOV HACK

300,000

For information about breach www.idfpr.com

A computer server in the office of the Illinois Dept. of Financial and Professional Regulation was breached earlier this year. SSNs, tax numbers, and addresses of banking and real estate licensees and applicants were exposed. The hacking incident was discovered May 3.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300,000

January 29, 2008 Horizon Blue Cross Blue Shield
Newark, New Jersey
MED PORT

300,000

More than 300,000 members names, Social Security numbers and other personal information were contained on a laptop computer that was stolen. The laptop was being taken home by an employee who regularly works with member data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300,000

November 15, 2006 Look Tours LLC
North Las Vegas, Nevada
BSR STAT

300,000

A number of computers were stolen during a September 28 office burglary. Some of the information on the computers included name, address, email address and credit card number and information. Customers and some current and former employees and consultants were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300,000

March 3, 2011 Cord Blood Registry
San Francisco, California
MED PORT

300,000

Backup tapes were stolen from an employee's car in San Francisco on December 13, 2010. Names and Social Security, driver's license and credit card numbers were on the tapes. The tapes were not encrypted. Customers began receiving notification on February 14 of 2011. A computer and other personal property were stolen during the burglary.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 300,000

June 12, 2011 Southern California Medical-Legal Consultants, Inc. (SCMLC)
Seal Beach, California
BSO DISC

300,000

Those with questions may call 562-493-0851 or email notify@scmlc.com.

A data security firm discovered that SCMLC data was available online.  The names and Social Security numbers of around 300,000 people who applied for California workers' compensation benefits may have been accessed by unauthorized parties.

 
Information Source:
Databreaches.net
records from this breach used in our total: 300,000

December 16, 2011 Restaurant Depot, Jetro Cash & Carry
College Point, New York
BSR HACK

300,000

The location listed is that of Restaurant Depot's corporate location.

People who shopped at Jetro or Restaurant Depot between September 21 and November 18 may have had their credit or debit card information taken by a hacker.  Customer names, card numbers, expiration dates, and verification codes were exposed.  The breach investigation began on November 9 when the parent company became aware of customers experiencing card fraud.

 
Information Source:
Databreaches.net
records from this breach used in our total: 300,000

January 28, 2013 Cbr Systems
San Bruno, California
MED PORT

300,000

The 2010 theft of a company laptop, a hard drive, and a number of unencrypted backup tapes resulted in the exposure of sensitive information.  Social security numbers, credit and debit card numbers, driver's license numbers, and dates of birth were contained on one or more of the devices.

Cbr Systems reached a settlement with the Federal Trade Commission in early 2013.  Cbr Systems must establish an information security program and be independently audited every other year for 20 years.  The full settlement can be found here: http://ftc.gov/opa/2013/01/cbr.shtm

 
Information Source:
Media
records from this breach used in our total: 300,000

March 6, 2014 North Dakota University
Bismarck, North Dakota
EDU HACK

290,780

North Dakota University System has notified individuals of a security breach of a computer server that stores personal information on students, staff and faculty.

On February 7, 2014 the server was hacked into and more than 209,000 current and former students and 780 faculty and staff had personal information stored on thus server that included names and Social Security numbers according to Larry Skogen, the Interim Chancellor.

The university has notified officials and has set up a website www.ndus.edu/data with information and is organizing a call center for questions from those who were affected.

Authorities have announced that "an entity operating outside the Unites States apparently used the server as a launching pad to attack other computers, possibly accessing outside accounts to send phishing emails"

 
Information Source:
Media
records from this breach used in our total: 290,780

April 6, 2012 Utah Department of Health
Salt Lake City, Utah
GOV HACK

780,000 (280,000 SSNs)

Utah Medicaid clients have had their information exposed by a hack of an improperly protected Utah Department of Health computer server.  The breach was discovered when an unusual amount of data was found to be streaming out of the server on April 2. Medicaid clients who had not had their Social Security numbers transitioned into the system had their Social Security numbers exposed.  A majority of the affected individuals had medical claims, dates of birth, addresses, physicians' names, and other forms of medical information exposed, but not Social Security numbers. Two out of three of those who were affected were children.  The cost of working with the credit-reporting company Experian to contain the breach is estimated to be $460,000.

UPDATE (04/10/2012): Though the number of affected individuals was originally reported as 181,604 with 25,096 Social Security numbers exposed, Utah Department of Health reported that nearly 280,000 people had their Social Security numbers exposed by the breach.  An additional 500,000 victims did not have their Social Security numbers exposed, but had some form of personal information such as date of birth, name, and address exposed. People who visited a health care provider in the past four months is likely to have been affected by the breach.

UPDATE (05/15/2012): The governor of Utah fired the Director of the Department of Technology Services and appointed a new employee, an ombudsman, to shepherd victims through the process of protecting their identities and credit.  Two other members of the technology services department are under review.  The vulnerability that caused the breach was partly, if not fully, due to failure to change a default password. Additionally, data will now be encrypted while it is on Utah servers as well as when it is in transit.

UPDATE (07/22/2012): Those who wish to learn more about the Utah Department of Health breach will be able to attend a series of statewide workshops running from July 26 until August 22.  Information on Utah's Data Breach Security Tour can be found here.

UPDATE (03/25/2013): The state of legislature of Utah added an second year of free credit monitoring to those who were affected by the breach.  Additionally, a Utah health department official revealed that only 59,500 people had taken advantage of the first year of free credit monitoring service.  Those who did not enroll in 2012 may call 801-538-6923 or email ombudsman@utah.gov to sign up for the 2013-2014 term.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 280,000

July 12, 2005 University of Southern California (USC)
Los Angeles, California
EDU DISC

270,000 possibly accessed, dozens exposed

A reporter contacted USC based on an individual's claim to be able to access personal information on college applicants online.  USC removed the site pending investigation and sent letters to affected individuals.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 270,000

April 6, 2007 Hortica (Florists’ Mutual Insurance Company), UPS
Edwardsville, Illinois
BSF PORT

268,000

http://www.hortica-insurance.com/hotTopics/26.PDF, (800) 851-7740, securedata@hortica-insurance.com

A locked shipping case of backup tapes containing personal information including names, Social Security numbers, drivers' license numbers, and bank account numbers went missing while in transit with UPS.

 
Information Source:
Dataloss DB
records from this breach used in our total: 268,000

December 5, 2007 Memorial Blood Centers
Duluth, Minnesota
MED PORT

268,000

Hot Line (888) 333-1491 Contacts: Memorial Blood Centers Laura Kaplan, (651) 332-7220 lkaplan@mbc.org or Jim McCartney, (952) 346-6688

A laptop computer holding donor information was stolen. About 268,000 donor records on this laptop computer contain a donor name in combination with the donor's Social Security number.

 
Information Source:
Dataloss DB
records from this breach used in our total: 268,000

October 23, 2006 Sisters of St. Francis Health Services via Advanced Receivables Strategy (ARS), a Perot Systems Company
Indianapolis, Indiana
MED PORT

266,200

(866) 714-7606

On July 28, 2006, a contractor working for Advanced Receivables Strategy, a medical billing records company, misplaced CDs containing the names and SSNs of 266,200 patients, employees, physicians, and board members of St. Francis hospitals in Indiana and Illinois. About 260,000 patients and about 6,200 employees, board members and physicians were affected for a total of 266,200.  Also affected were records of Greater Lafayette Health Services. The disks were inadvertently left in a laptop case that was returned to a store. The purchaser returned the disks. The records were not encrypted even though St. Francis and ARS policies require encryption.

 
Information Source:
Dataloss DB
records from this breach used in our total: 266,200

December 25, 2005 Ameriprise Financial Inc.
Minneapolis, Minnesota
BSF PORT

226,000

(877) 267-7408

A laptop was stolen from an employee's car on Christmas eve. It contained customers' names and Social Security numbers and in some cases, Ameriprise account information. Around 68,000 customers had their names and Social Security numbers exposed.  Around 158,000 customers had their names and internal account numbers exposed.

UPDATE (08/01/06): The laptop was recovered by local law enforcement in the community where it was stolen.

UPDATE (12/11/06): The company settled with the Massachusetts securities regulator in the office of the Secretary of State. Ameriprise agreed to hire an independent consultant to review its policies and procedures for employees' and contractors' use of laptops containing personal information. Ameriprise will pay the state regulator $25,000 for the cost of the investigation.

 
Information Source:
Dataloss DB
records from this breach used in our total: 262,000

January 8, 2008 Wisconsin Department of Health and Family Services
Madison, Wisconsin
GOV DISC

260,000

Social Security numbers were printed on about 260,000 informational brochures sent by a vendor hired by the state, Electronic Data Systems Inc. (EDS), to recipients of SeniorCare, BadgerCare and Medicaid. The company agreed to pay $250,000 to the state for the mistake, as well as paying for an identity theft monitoring service for the affected individuals, for a total of about $1 million.

 
Information Source:
Dataloss DB
records from this breach used in our total: 260,000

October 8, 2012 TD Bank
Cherry Hill, New Jersey
BSF PORT

260,000

Two data backup tapes were lost during shipping in late March 2012.  The tapes included customer names, Social Security numbers, addresses, account numbers, debit card numbers, and credit card numbers.

UPDATE (10/13/2012): A total of 260,000 customers from Maine to Florida were notified.  

 
Information Source:
California Attorney General
records from this breach used in our total: 260,000

December 2, 2008 Florida Agency for Workforce Innovation
Tallahassee, Florida
GOV DISC

259,193

Employment information and more than a quarter million Social Security numbers were posted online. The breach occurred when several thousand Excel and text files containing millions of employment records were posted in the course of developing a new website.

 
Information Source:
Dataloss DB
records from this breach used in our total: 259,193

May 19, 2009 National Archives and Records Administration
College Park, Maryland
GOV PORT

250,000

The National Archives lost a computer hard drive containing massive amounts of sensitive data from the Clinton administration, including Social Security numbers, addresses, and Secret Service and White House operating procedures. The Archives had been converting the Clinton administration information to a digital records system when the hard drive went missing. The hard drive was left on a shelf and unused for an uncertain period of time. When the employee tried to resume work, the hard drive was missing.

 
Information Source:
Dataloss DB
records from this breach used in our total: 250,000

November 6, 2009 National Archives and Records Administration
College Park, Maryland
GOV STAT

250,000

The National Archives and Records Administration violated its information security policies by returning failed hard drives from systems containing personally identifiable information of current government employees and military veterans back to vendors. By agency policy, NARA is supposed to destroy the hard drives rather than return them. On two separate occasions the agency sent defective disk drives back to vendors under a maintenance contract, rather than destroying and disposing of them in-house.

UPDATE (1/12/2010):There was a rather large amount of data on this hard drive -- as much as two terabytes of data. The NARA is having to, in effect, do a forensic analysis to try to identify individuals and their information. They had a rolling production of notices to individuals. The total had been 26,000, and then their forensic contractor came up with a new group that contained as many as 150,000 names.

UPDATE (1/27/2010) Media stories now put the number of records involved at 250,000.

 
Information Source:
Dataloss DB
records from this breach used in our total: 250,000

June 1, 2006 Ernst & Young
New York, New York
BSO PORT

243,000

Additional locations: Throughout the US and UK. Breach occurred in Texas.

A laptop containing names, addresses and credit or debit card information of Hotels.com customers was stolen from an employee's car in Texas.

 
Information Source:
Media
records from this breach used in our total: 243,000

March 30, 2007 Los Angeles County Child Support Services
Los Angeles, California
GOV PORT

243,000

Three laptops containing personal information including about 130,500 Social Security numbers — most without names, 12,000 individuals' names and addresses, and more than 101,000 child support case numbers were apparently stolen from the department's office.

 
Information Source:
Dataloss DB
records from this breach used in our total: 243,000

January 31, 2006 Boston Globe (The New York Times Company) and The Worcester Telegram & Gazette
Boston, Massachusetts
BSO DISC

240,000

Recycled paper used in wrapping newspaper bundles for distribution turned out to contain credit and debit card information along with routing information for personal checks of subscribers.

 

 
Information Source:
Dataloss DB
records from this breach used in our total: 240,000

October 26, 2006 Akron Children's Hospital
Akron, Ohio
MED HACK

235,903

Overseas hackers broke into two computers at Children's Hospital. One contains private patient data (including Social Security numbers) and the other holds billing and banking information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 235,903

November 30, 2012 Western Connecticut State University
Danbury, Connecticut
EDU DISC

235,000

A computer vulnerability allowed the information of students, student families, and other people affiliated with the University to be exposed. The records covered a 13 year period and included Social Security numbers.  High school students who had associations with the University may have had their SAT scores exposed as well.  The issue existed between April 2009 and September 2012.  

 
Information Source:
Media
records from this breach used in our total: 235,000

May 14, 2014 Paytime
Mechanicsburg, Pennsylvania
BSF HACK

233,000

Paytime issued notices to its customers about a data breach that it discovered on April 30.

According to recent reports, the breach has affected approximately 233,000 individuals in every state, although the majority were in Pennsylvania. The information could have included "employees' names, Social Security Numbers, direct deposit bank account information (if provided), dates of birth, hire dates, wage information, home and cell phone numbers, other payroll related information and home addresses".

The investigation so far has uncovered "intruders were skilled hackers working from foreign IP addresses."

 

 
Information Source:
Media
records from this breach used in our total: 233,000

January 12, 2011 Seacoast Radiology
Rochester, New Hampshire
MED HACK

231,400

http://www.seacoastprivacy.com/

On November 12, Seacoast discovered that a server had been breached. Patient names, Social Security numbers, addresses, phone numbers and other personal information may have been exposed by the breach. Credit card and other financial information were not exposed. The estimated number of individuals who received notification is 231,400.  Not all people who received a notification letter were affected.  Patients and people serving as insurance guarantors were affected. It is believed that the hackers were utilizing Seacoast's bandwidth to play a popular game called Call of Duty: Black Ops.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 231,400

May 23, 2006 Mortgage Lenders Network USA
Middletown, Connecticut
BSF INSD

231,000

A former employee was arrested for extortion for attempting to blackmail his former employer for $6.9 million. He threatened to expose company files containing sensitive customer information - including customers' names, addressess, Social Security numbers, loan numbers, and loan types - if the company didn't pay him. He stole the files over the 16 months he worked there.

 
Information Source:
Dataloss DB
records from this breach used in our total: 231,000

May 19, 2007 Texas Commission on Law Enforcement Standards and Education
Austin, Texas
GOV PORT

230,000

A laptop computer was stolen from the state agency that licenses police officers. It contained information on every licensed peace officer in Texas, including SSNs, driver's license numbers, and birth dates.

 
Information Source:
Dataloss DB
records from this breach used in our total: 230,000

October 30, 2007 Hartford Financial Services Group
Hartford, Connecticut
BSF PORT

230,000

Other locations: Ohio

Three backup tapes that contained personal information of 230,000 customers, including 9,200 Ohioans, mainly of the company's property lines, were misplaced.

 
Information Source:
Dataloss DB
records from this breach used in our total: 230,000

April 18, 2012 Emory Healthcare, Emory University Hospital
Atlanta, Georgia
MED PORT

315,000 (228,000 SSNs reported)

Patients with questions may call the Emory Healthcare Support Center hotline at 1-855-205-6950.

Emory Healthcare revealed that 10 backup discs that contained patient information are missing from a storage location at Emory University Hospital.  The discs were determined to have been removed sometime between February 7, 2012, and February 20, 2012.  The patient information was related to surgery and included names, Social Security numbers, diagnoses, dates of surgery, procedure codes or the name of the surgical procedures, surgeon names, anesthesiologist names, device implant information, and other protected health information.  Patients treated at Emory University Hospital, Emory University Hospital Midtown (formerly known as Emory Crawford Long Hospital) and Emory Clinic Ambulatory Surgery Center between September of 1990 and April of 2007 were affected.

UPDATE (6/09/2012): A suit seeking class action status was filed on June 4.  The suit seeks unspecified damages over the loss of 10 computer disks containing the personal and health information of between 250,000 and 315,000 patients treated between 1999 and 2007.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 228,000

January 30, 2008 Davidson Companies
Great Falls, Montana
BSF HACK

226,000

A computer hacker broke into a database and obtained the names and Social Security numbers of virtually all of the Great Falls financial services company's clients. The database also included information such as account numbers and balances.

UPDATE (4/12/10): D.A. Davidson was fined $375,000 for failing to adequately protect customer information.  The Financial Industry Regulatory Authority (FINRA) found that the database should have been encrypted and had a blank password in place during the 2007 December 25 and 26 breach.  On January 16, the hacker alerted D.A. Davidson to the incident and the fact that he had downloaded confidential customer information.  The hacker offered to reveal security weaknesses and delete the customer information he had obtained in exchange for $80,000.  The hacker was not caught.

UPDATE (11/10/10): A class action settlement was reached for those who were affected by the breach.  Anyone receiving a notification letter from Davidson dated January 29, 2008 is a member of the Davidson data breach lawsuit.  A $1 million settlement fund will be established to reimburse class members for damages related to having their names, Social Security numbers, addresses, emails, account numbers, tax identification numbers, financial consultant's identification numbers, account balances and dates of birth exposed.  Claim forms requesting reimbursement damages must be received by the Settlement Administrator no later than June 1, 2011.

 
Information Source:
Dataloss DB
records from this breach used in our total: 226,000

April 29, 2009 Oklahoma Housing Finance Agency
Oklahoma City, Oklahoma
GOV PORT

225,000

A laptop computer containing the personal information of about 225,000 Oklahomans was stolen from a city home last week. The names, Social Security numbers, tax identification numbers, birth dates and addresses of clients of the Section 8 Housing Voucher Program were on an employee's laptop that was stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 225,000

May 17, 2011 Massachusetts Executive Office of Labor and Workforce Development (EOLWD)
Harrisburg, Pennsylvania
GOV HACK

210,000

A hotline has been set up at 1-877-232-6200.

A computer virus called W32.QAKBOT infected various computer terminals and individual computers at the Department of Unemployment Assistance, the Department of Career Services, and multiple One Stop Career Centers. The virus first infected the computers and network on April 20.  Though the virus was detected within a short period of time and stopped, it was later discovered that it had not been completely eradicated.  Names, Social Security numbers, email addresses, residential or business addresses, Employer Identification Numbers (EIN) and employer bank information may have been exposed.  Twelve hundred employers who manually filed with the EOLWD may be affected. If a staff member keyed in sensitive claimant information at a work station infected with the virus then that claimant's information may have been exposed.

UPDATE (5/18/2011): Approximately 210,000 people were affected by the breach.

 
Information Source:
Databreaches.net
records from this breach used in our total: 210,000

March 30, 2006 U.S. Marine Corp
Monterey, California
GOV PORT

207,750

A portable drive containing the personal information of Marines was lost in a campus computer lab.  The lost drive was being used for research on Marine re-enlistment bonuses and contained names, Social Security numbers, marital status, and enlistment contract details.  Enlisted marines on active duty between January 2001 and December of 2005 were affected.  The University notified those whose information may have been compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 207,750

May 13, 2010 Army Reserve/Serco Inc.
Morrow, Georgia
GOV PORT

207,000

A laptop containing the names, address and Social Security numbers of more than 207,000 Army reservists has been stolen from a government contractor in Georgia. A CD-Rom containing the personal identifiable information was in one of three laptops stolen from the Morrow, Ga., offices of Serco Inc., a government contractor based in Reston, Va. The other laptops did not contain sensitive personal information. Serco had a contract with the U.S. Army's Family and Morale, Welfare and Recreation Division, so some of the pilfered information also could belong to reservists' family members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 207,000

December 28, 2005 Marriott International Inc.
Orlando, Florida
BSR PORT

206,000

It is unclear whether backup computer tapes with credit card account information and Social Security numbers were lost or stolen from headquarters during November. Employees and time-share owners and customers were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 206,000

July 29, 2008 Blue Cross and Blue Shield of Georgia
Atlanta, Georgia
MED DISC

202,000

(866) 800-8776

Benefit letters containing personal and health information were sent to the wrong addresses last week. The letters included the patient's name and ID number, the name of the medical provider delivering the service, and the amounts charged and owed. A small percentage of letters also contained the patient's Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 202,000

October 10, 2012 Northwest Florida State College
Niceville, Florida
EDU HACK

279,000 (At least 200,050 SSNs exposed)

An internal review revealed a hack of Northwest College servers.  One or more hackers accessed at least one folder in the server between May 21, 2012 and September 24, 2012.  Over 3,000 employees, 76,000 Northwest College student records, and 200,000 students eligible for Bright Future scholarships in 2005-06 and 2006-07 were affected.  Bright Future scholarship data included names, Social Security numbers, dates of birth, ethnicity, and genders.  Current and former employees that have used direct deposit anytime since 2002 may have had some information exposed. At least 50 employees had enough information in the folder to be at risk for identity theft.

 
Information Source:
Databreaches.net
records from this breach used in our total: 200,050

April 20, 2005 TD Ameritrade
Omaha, Nebraska
BSF PORT

200,000

A backup tape was lost, stolen, or accidentally destroyed while being shipped.  The tape contained account information from clients or former clients between the years of 2001 and 2003.  Ameritrade notified the affected clients and offered one free year of credit protection services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 200,000

February 9, 2006 OfficeMax
Naperville, Illinois
BSR HACK

200,000, although total number is unknown.

The location listed is Office Max's headquarters.  Sam's Club and other businesses may have also been affected.

Debit card accounts and pin numbers from bank and credit union accounts nationwide (including CitiBank, BofA, WaMu, Wells Fargo) were exposed. The crooks created counterfeit cards to make fraudulent purchases and withdrawals from card-holder accounts. 

UPDATE (3/14/06) New Jersey law enforcement arrested 14 people connected to the crime spree. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 200,000

October 23, 2007 West Virginia Public Employees Insurance Agency
Charleston, West Virginia
MED PORT

200,000

(800) 435-4351

West Virginia officials are alerting 200,000 past and current members of three health insurance programs that a computer tape containing full names, addresses, phone numbers, Social Security numbers and marital status was lost last week while being shipped via United Parcel Service.

 
Information Source:
Dataloss DB
records from this breach used in our total: 200,000

April 22, 2008 CollegeInvest
Denver, Colorado
NGO PORT

200,000

Customers had personal information stored on a computer hard drive that disappeared during a recent move. CollegeInvest moved to a new office space, using an international relocation firm that offered specialists in moving computer equipment. CollegeInvest discovered while unpacking at the new location that a hard drive was missing. CollegeInvest is a not-for-profit division of the Colorado Department of Higher Education.

 
Information Source:
Dataloss DB
records from this breach used in our total: 200,000

June 4, 2010 Digital River Inc.
Eden Prairie, Minnesota
BSF HACK

200,000

A massive data theft from the e-commerce company Digital River Inc. has led investigators to hackers in India and a 19-year-old in New York who allegedly tried to sell the information to a Colorado marketing firm for half a million dollars. The Eden Prairie company obtained a secret court order last month to block Eric Porat of Brooklyn from selling, destroying, altering or distributing purloined data on nearly 200,000 individuals. Digital River suspects that the information was stolen by hackers in New Delhi, India, possibly with help from a contractor working for Digital River.

 
Information Source:
Dataloss DB
records from this breach used in our total: 200,000

April 23, 2006 University of Texas McCombs School of Business
Austin, Texas
EDU HACK

197,000

Foreign hackers accessed records containing names, biographical information and, in some cases, Social Security numbers and dates of birth of current and prospective students, alumni, faculty members, corporate recruiters and staff members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 197,000

May 14, 2007 Community College of Southern Nevada
North Las Vegas, Nevada
EDU HACK

197,000

A virus attacked a computer server and could have allowed a hacker to access students' personal information including names, Social Security numbers and dates of birth, but the school is not certain whether anything was actually stolen from the school's computer system.

 
Information Source:
Dataloss DB
records from this breach used in our total: 197,000

March 23, 2006 Fidelity Investments
Boston, Massachusetts
BSF PORT

196,000

A laptop containing names, addresses, birth dates, Social Security numbers and other information of 196,000 Hewlett Packard, Compaq and DEC retirement account customers was stolen. Fidelity contacted the customers and paid for one year of credit monitoring services.  Fidelity also pledged to pay for unauthorized transactions in pensions or retirement accounts that occurred due to the theft.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 196,000

May 15, 2013 El Centro Regional Medical Center
El Centro, California
MED PHYS

189,489

El Centro Regional Medical Center is claiming that they were defrauded by an unnamed company.  The company was responsible for digitizing El Centro Regional's x-rays, but never returned the digitized version.  The process should have been completed by the end of July.  The original x-rays were most likely taken and destroyed to extract silver.

UPDATE (05/18/2013): The information on the records was as recent as February 2011.  El Centro Regional Medical Center learned of the issue on March 22, 2013.  Patients were notified on May 13.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 189,489

Breach Total
872,715,019 RECORDS BREACHED
(Please see explanation about this total.)
from 4,391 DATA BREACHES made public since 2005
Showing 101-150 of 4391 results


X

Sign In!

Loading